Monday, November 18, 2013

Snooping on Credit Cards with Shopping Carts

Researchers at the University of Surrey, UK have successfully used readily available and inexpensive electronic components, combined with a shopping cart antenna, to eavesdrop on NFC and HF RFID contactless communication.

The shopping cart did not perform as well as a small inductive loop antenna (that could be concealed with the electronics in a backpack) but neither are likely to arouse suspicion. 

The researchers say that the eavesdropping distance can be as much as 100cm but is dependant on the strength of the magnetic field generated by the victims device. 

Companies like VISA, Mastercard and Google who have already developed platforms for contactless payments can now add eavesdropping to the existing security threats of skimming and relay attacks. Original paper here (PDF).