Matta cares about your corporate and personal security and is giving you the Credit Card Condom so you can shield and protect your cards from being copied and used for fraudulent transactions.

Simply insert the card you want to protect into the protective sleeve, and the internal aluminium foil shield will provide a mini-Faraday cage that prevents the contactless technology from being abused by the bad guys...

The bad guy does not necessarily have to be close: with a powerful antenna, the attacker can be at quite some distance (up to hundreds of metres)

The amount is not necessarily limited to £30; this is a limit imposed in the UK, in GBP. But, by instructing the card to process a transaction in another currency, this limit can often be completely bypassed (some cards have fixed the flaw, others are still vulnerable) [10]

There is a free, open source, and easy to install and use Android application [1] (although there are almost definitely more applications, this one is open source and has been checked by Matta to ensure it doesn't behave maliciously), that you can use to grab card details (often enough to use the card to make online purchases with some less scrupulous merchants), and view the history of transactions

Due to weaknesses in POS/ATM random number generators, it is possible to predict the sequence number required to perform the next transaction on the card, allowing an attacker with suitable equipment to use your card to pay for a hefty bill [2]

The Background and Science behind this

Contactless credit card payments using the Near Field Communication (NFC) standard are rapidly becoming a very popular way to pay for goods. It’s not surprising, as it offers a very quick and convenient way of paying for items without having to use cash, or type in your credit card PIN. However, as is most often the case, extreme convenience means there has been some compromise in terms of security. Now, an attacker doesn’t even have to come close to your wallet and can snoop on your card details, make transactions while in range and potentially use your card after that!

The official NFC standard operates at the same frequency of RFID (13.56Mhz) which specifies a maximum operating distance of 1.5m (at 1W TX power) but researchers have achieved much greater distances (up to hundreds of metres) by using more powerful antennas. You therefore may or may not be surprised to hear that one of the ‘security’ mechanisms is the assumption that the device is in close proximity of the reader! This assumption can be abused to carry out relay attacks between the reader and the token, using a rogue device in between (all you need is a mobile phone, an ideal device since it can operate both active and passive mode, as well as interface with other, longer range wireless technologies, such as bluetooth and Wi-Fi).

By snooping on the card details using, for example, an NFC-enabled smartphone and a freely available application, it is possible to re-use the card details to perform larger online transactions on less scrupulous merchants, who sacrifice security for convenience and user experience. It was also found that stolen cards can also be used to perform contactless transactions for days after the card had been cancelled due to the offline nature of many of the lower amount transactions.

Taking money directly from the card using the contactless technology is also possible and the attacker is not necessarily limited to the £30 limit set by the card providers in the UK. Most cards were found to be vulnerable when using dynamic currency conversion where limits would no longer be an issue and transactions up to a theoretical value of 999,999.00 could be performed in the attacker’s currency of choice. Some card providers have since addressed this particular issue but there is no doubt that some may still be vulnerable, as well as the potential for more flaws of the same nature to be lurking undiscovered or unpublished.

Finally, NFC payments piggyback on the same technology that powers Chip & PIN (EMV) but open up a new world of exploitation by abusing the wireless nature of the NFC protocol, as the tamper-detection/proofing that was part of the model is no longer relevant. In the security research community, it has long been known that one of the key security mechanisms of EMV relies on the POS/ATM providing a random number to the card. Most of the time however, these are easily brute-forced offline due to the reduced key-space in which they operated. Over the air, an attacker can connect to your card, guess the next valid sequence number to use, and charge a hefty bill onto your card, all from a certain distance.

Get in Touch!

Please feel free to contact us for more information or to discuss your information security needs and challenges...

E-mail:
Phone: +44 (0) 20 3051 3420