Better than the 315 gala! Touch your ass to steal information from your bank card
Yesterday, the CCTV 315 gala revealed a vulnerability on the POSS. Criminals can use the funds on the user card without the bank card or password.
Today, I will introduce a superb way to steal credit card and debit card information: Touch your ass and you will be able to steal information from your bank card.
Last month, Apple's mobile phone officially launched the "Apple payment" function. As long as the mobile phone is close to a card reader with the UnionPay "Flash payment" sign and the finger is placed on the HOME key to verify the fingerprint, the payment can be completed in just a few seconds without a password. This kind of non-contact card swiping has been welcomed by many people, and NFC's "Flash payment" is becoming increasingly popular.
However, this public interview 360 unicorn team security experts found that the special card reader can read the flash card data through thick wallet and clothes. The data may involve personal information such as name and ID card number. Currently, individuals can only block "Flash stealing" by means of card covers with blocking functions ".
A bank card with the "Flash payment" function, a 360 security expert self-made card reader, and supporting signal receivers and computers. The self-made receiver has only one bank card, but there are several millimeters of chips and antennas at one end.
Security experts put the card reader on a bank card with the "Flash payment" function. Almost at the same time, the card information appears on the computer screen. The content includes the name, ID card number, last 10 consumption times, consumption location, withdrawal record, transfer record, and so on. For example, the purchase records of tiantongyuan mall cost RMB 900, a well-known chain restaurant's meal consumption records, and ATM's cash.
Transportation, investment attraction, China Construction Bank, Beijing and other banks are all involved, as long as the credit card and debit card with the flash payment sign can be read.
Almost no one puts the card directly on the table for reading. Generally, bank cards are stored in your wallet or card bag, at least in your pocket. Can this prevent data from being read? To verify the "power" of the card reader, slowly move the card reader over the card and test its maximum read distance. The results show that the two fingers are thick, that is, within a distance of nearly 5 cm, and can be read. In the range of 5 to 6 cm, the signal occasionally appears. If the value is greater than 6 cm, it is difficult to receive signals without hindrance.
That is to say, no matter how many other cards or cash are in your wallet, no matter what material your wallet is placed in, touch your fart, As long as you wear less than 5 cm thick clothes, almost all data can be read.
Of course, the more obstacles there are, the harder it is to read the card, and the longer it takes to touch your ass. The more likely you will be to be caught. The security expert hid the card reader in his glove and read the credit card information from his trouser pocket when I had almost no contact.
In public, subway, elevator, and other crowded places, or if you are focusing on "low-headed party" playing mobile phones, such touch is not easy to notice. In addition, in the test, security experts hid the card reader in gloves or disguised in the case of a hand, which is very small and difficult to find.
Looking at the experiment results, it seems that in addition to hiding the bank card on the inside of the bag, it will be "difficult to prevent ". If the card is hidden, it will lose the convenience of "Flash payment.
Countermeasures are coming! Yang Qing, a wireless security expert, said that 360 of security experts have tested the IC chip debit card and credit card issued by more than 10 banks. The amount of information that can be read is different, these banks follow the China Financial integrated circuit (IC) card specification (V3.0) and implement "Flash payment" on a large scale. Banks still need to upgrade the specification to hide personal sensitive information as much as possible, to prevent criminals from stealing data.
The company found that almost all the wallets that can prevent Card swiping are over yuan, and almost all of them are hard materials. In addition, the style is relatively simple. Mr. Yang gave the general public a "trick", and the public wrapped a thin tin paper on the flash card can also isolate the signal.
According to industry and Commercial Bank of China experts, all bank cards with Flash payment functions belong to financial IC cards. Card chips support non-contact RFID functions and are international technical standards. At present, IC cards are the safest, and no counterfeit card fraud has been found around the world. The card reader can read the name consumption record and other information, mainly because during the transaction process, the terminal needs to pass the above information encrypted to the card issuing bank for transaction verification to complete the transaction.
The financial expert said that he was unable to protect himself from any problems discovered by security experts. He should not lend the funds and prevent leakage of card information such as passwords, card numbers, validity periods, and security codes.
According to the public knowledge, some foreign websites do not need a password to use credit card for shopping. As long as they have identity information, bank card numbers, and validity periods, they can be stolen.