Imagine losing your credit card and applying for a new one from the bank. But how do you feel if some cybercriminals are already using your new credit card before you receive this new one? Yes, it's completely achievable, at least with this $10 device magspoof.
Credit card number prediction and theft weapon magspoof
Hardware hacker Samy Kamkar has built a $10 device that can predict and store hundreds of American Express credit card numbers and allow anyone to use it for wireless payment transactions, even on non-wireless terminals.
This device, named Magspoof, can guess the next credit card number and the new expiration date based on the number of the card that was written off and the time it was requested to handle the new card. This process does not require a three-or four-digit CVV number, and the CVV number is usually printed on the back of the credit card.
This gadget will be a dream weapon for credit card fraudsters who can steal cash from stolen credit cards, even if the credit cards have been written off by their real owners.
What is Magspoof?
Magspoof is a device that, for American Express credit cards, has the following features:
1 , by wireless spoofing any magnetic stripe or credit card, even if it is a standard magnetic card or credit cards reader; 2 , disable Chip and PIN (EMV) protection; 3 , switching different credit cards; 4. Accurately predict credit card numbers and expiry dates.
How does the magspoof work?
Magspoof's wireless capabilities are achieved by launching a powerful "electromagnetic field" that simulates a traditional magnetic stripe card that appears to be brushed by physical contact. Kamkar, in its blog, says:
"Incredibly, magnetic stripe readers don't need any kind of wireless receiver, RFID or NFC, because the magspoof is working wirelessly, even with a standard barcode reader. You can put it on any traditional POS system, then it will think that a card is being brushed. ”
After losing an American Express credit card, Kamkar noticed that the number of new cards replaced seemed to have a certain relationship with the previous three American Express credit cards. Kamkar recorded all the numbers and developed a global pattern, which enabled him to accurately predict the numbers of 20 American Express and replacement cards, which were provided by their friends for his research.
Video Demo
You can watch the video below to understand the entire attack process.
Kamkar also provides the necessary code, which can be downloaded from Github , to build your own magspoof device according to the instructions here, but this code has changed because Kamkar removed the function code that disables EMV. The American Express number prediction algorithm has not yet been published. To explore magspoof in depth, read the full text of the blog published by Kamkar.
Magspoof: A cheap device that can predict and steal your next credit card number