Contactless cards can be hacked with off-the shelf technology

30 October 2013
By Tereza Pultarova
Mobile version
Share |
ul hacking attack on a contactless transaction

All that you need to perform a successful hacking attack on a contactless transaction [Credit: University of Surrey]

Hackers can intercept data transmitted between contactless cards and payment terminals using easily available and portable electronic devices, a study of Surrey University researchers has found.

Focusing on the currently prevailing Near Field Communication (NFC) standards, used in most modern payment cards, the researchers have found that especially in crowded supermarkets, contactless data transmission is vulnerable to be intercepted by determined individuals. All that is required is a simple antenna, an off-the-shelf receiver and a laptop equipped with a digital acquisition card.

“In this study, we have proved what researchers have been talking about for some time – that contactless design in itself is by no means a security feature,” said Johann Briffa, the lead researcher of a study published in the latest issue of the Institution of Engineering and Technology’s Journal of Engineering.

“Despite the fact that the NFC standard officially requires about five centimetres, we have managed to receive the same information as the terminal at the distance of 50 to 60 centimetres.”

Although the reliability of the interception decreases with the distance, in the 50 - 60cm range, almost 100 per cent of the eavesdropping attempts performed by the researchers were successful. Even more disconcerting, however, is the fact that the equipment the team used was far from advanced.

“We haven’t used anything that is extremely sophisticated or extremely expensive,” said Briffa. “For example the receiver that we have basically fits into a rather small box.”

The receiver, comfortably hidden in a backpack, could be connected to a simple loop of wire, a small metallic cylinder or even to a cage of a shopping trolley that functions as an antenna intercepting the data without raising any suspicion.

It has been the first time such simple equipment has been used in a study focusing on vulnerabilities of NFC and the team hopes the results will stir the debate about the vulnerability of the popular standard and encourage application designers to delve into the security aspects of the technology.

“With banks routinely issuing contactless payment cards to customers, there is a need to raise awareness of the potential security threats,” said Eleanor Gendle, IET Managing Editor at The Journal of Engineering. “It will be interesting to see further research in this area and ascertain the implications for users of contactless technology with regards to theft, fraud and liability.”

Currently, some 23 million contactless cards are in use in the UK alone. The NFC standard is also frequently used by smartphones for short range radio communication.

As this method of stealing private data attacks in the moment when the device needs to be in use, there is little an individual user can do to protect himself.

“When the card is not at use, for example if it’s an NFC enabled mobile phone, one thing that can be done is to switch the NFC off until it’s actually needed,” Briffa said. “In the case of cards, there exist wallets that act as faraday cages and shield the device against the transmission, however, none of these would help in our setting,” he concluded.

 

Watch our video interview with Johann Briffa here: 

Latest Issue

E&T cover image 1605

"We visit Barcelona, one of the smartest cities in the world, to find out what makes it so special. What does it look like and what is the future?"

E&T jobs

  • High Voltage Engineer

    Premium job

    Essex X-Ray & Medical Equipment
    • Great Dunmow, Essex

    This High Voltage Engineer will provide design leadership for high voltage cable assemblies up to one megavolt.

    • Recruiter: Essex X-Ray & Medical Equipment

    Apply for this job

  • Sales Electronics Engineer

    Premium job

    Precision Microdrives
    • London (Greater)
    • £25,000 - £30,000 starting salary, inclusive of on-target commissions.

    Precision Microdrives (PMD) is a fast growing technology company that designs, produces and trades miniature electro-mechanical mechanisms

    • Recruiter: Precision Microdrives

    Apply for this job

  • Senior Development Engineer, Electronics

    Premium job

    Helmet Integrated Systems / Gentex Corporation
    • Letchworth Garden City, Hertfordshire
    • Competitive

    We are innovative, robust and fast growing business, whose main focus is to deliver continues improvement to existing products and offer new soluti...

    • Recruiter: Helmet Integrated Systems / Gentex Corporation

    Apply for this job

  • Analogue Electronics Engineer

    Premium job

    Swedish Institute of Space Physics (IRF)
    • Uppsala (Stad) (SE)

    The Swedish Institute of Space Institute (IRF) in Uppsala search for an analogue electronics engineer.

    • Recruiter: Swedish Institute of Space Physics (IRF)

    Apply for this job

  • Principal Robotic Systems Engineer

    Premium job

    National Oceanographic Centre
    • Southampton, Hampshire
    • £45,271 to £49,207 per annum

    Responsible for technical oversight and project management of internally and externally funded innovation centre projects.

    • Recruiter: National Oceanographic Centre

    Apply for this job

  • Smart Grid Research Engineer

    Premium job

    University of Strathclyde
    • Cumbernauld, Glasgow
    • Grade: 6/7* £26,537 - £37,768*

    Work as part of a growing dynamic team on a wide range of technical projects with particular emphasis on experimental validation and testing

    • Recruiter: University of Strathclyde

    Apply for this job

  • Electrical Engineer - Water

    Premium job

    Mott MacDonald
    • Peterborough, Cambridgeshire

    Mott MacDonald's highly successful Water and Environment Unit is recruiting an electrical engineer....

    • Recruiter: Mott MacDonald

    Apply for this job

  • Electrical Design Engineer

    Premium job

    Mott MacDonald
    • Cambridge, Cambridgeshire

    Mott MacDonald's highly successful water business continues to win and deliver a fantastic amount of work....

    • Recruiter: Mott MacDonald

    Apply for this job

  • Electrical Asset Specialist

    Affinity Water
    • Hatfield, Hertfordshire

    Responsible for updating and writing electrical engineering standards, approved codes of practice and safe systems of work

    • Recruiter: Affinity Water

    Apply for this job

  • Launcher Verication & Validation Lead

    MBDA
    • Bristol
    • Competitive Salary & Benefits

    What’s the opportunity? Opportunity to join a very dynamic, responsive and multinational Launcher team, focussed on rapid development, proving and manufacture to meet challenging programme...

    • Recruiter: MBDA

    Apply for this job

More jobs ▶

Subscribe

Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T