Android NFC App Reveals Contactless Credit Card Details; Should You Be Worried?

Advertisement

We all know that NFC can be used to make mobile payments, a feature that may become the technology’s “killer app”. We’ve even seen NFC on phones used to receive such payments, as with PayPal’s NFC-supporting app. Smartphones aren’t the only things being used for these kind of wireless payments, though, and many recent credit and debit cards support similar RF-based systems. Could we maybe get smartphones and these cards talking directly to each other? One security researcher has managed to do just that, and his results are sure to give pause to anyone carrying around such a wireless payment card in their pockets.

Thomas Skora’s app, available now in the Google Play store, is capable of reading embedded data off certain wireless-enabled payment cards. That can include critical information like credit card numbers and expiration dates. Skora makes clear that this is a technical demonstration, and not intended for committing any sort of card fraud, but that doesn’t make its capabilities any less frightening.

Granted, a PIN is needed to complete many transactions, and this attack won’t reveal such data, but the thought that the rest of it appears to be so readily accessible is still troubling.

If you’ve got an NFC-capable Android phone, and at least a passing knowledge of German (in which the app is released), you might be interested in trying the app out with your own cards just so you have a realistic idea of exactly how exposed your own information is.

The full source code to the app is available on github, just in case you’re worried that it’s doing anything nefarious with your data. The app’s still a bit buggy and is very much a work-in-progress, but it’s a sobering reminder of the consequences of wireless technology, all the same. How much longer until crooks are casually walking down the street, apparently innocently texting away on their phones, while actually scanning for your card details?

Source: Google Play
Via: Slashdot

Advertisement

What's your reaction?
Love It
0%
Like It
0%
Want It
0%
Had It
0%
Hated It
0%
About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bitsRead more about Stephen Schenck!