The Smart Card Alliance says reports of contactless smart cards being hacked are not accurate. An Associated Press story claims that a University of Virginia graduate student and two fellow hackers say they have cracked the encryption used in credit cards, subway passes and security badges.
Te trio claimed they hacked the code using readily available equipment that cost less than $1,000. The story suggests the hack enables a criminal to clone credit cards, get free subway rides, gain access to buildings or steal cars.
But the Smart Card Alliance, an industry trade group, says that the chips hacked were not the same ones used in contactless payment cards or electronic passports, but ones that are typically used in transit system, and that the results are overblown.
The research, presented at a hacker’s conference in Germany, involved one dimension of security in one specific product, the Alliance states. “Like many types of computer chips, a broad range of RF-enabled and contactless smart card chips are available, and individual system operators choose the right overall balance of features, including security, when they design a fare collection system,” according to the release.
The original AP story can be found here.
Additional information on contactless financial payment card security can be found here.