A not so smart card
- Type
- Audio
- Tags
- smart card
- Authors
- Bernd R. Fix
- Event
- Chaos Communication Congress 23th (23C3) 2006
- Indexed on
- Mar 27, 2013
- URL
- http://dewy.fem.tu-ilmenau.de/CCC/23C3/audio/23C3-1449-en-not_so_smart_card.mp3
- File name
- 23C3-1449-en-not_so_smart_card.mp3
- File size
- 42.3 MB
- MD5
- b1c35f14c9786c14504f2659c76cd8e2
- SHA1
- 678dcb1696f3fcaf07f5965a290049dfa61f5142
This lecture will introduce you to the the Postcard, a widely used debit card issued by FostFinance in Switzerland. As other debit cards like the "EC" card it is used for shopping payments at POS terminals or to draw money from ATMs in Switzerland and many other countries. It's widely used by its 2'000'000 users, producing a total transaction volume of around 8'000'000'000 Swiss Francs a year. All security features of the card are described and their ineffectivness is demonstrated. It is shown how even outsiders can get access to the secret key of the card issuer, allowing them to create new, valid debit cards on their own or to clone existing card without any physical access to the original. If the phrase "Your key is way too short" could embarass IT security officers as much as if we are referring to their private (male) body part - security would be much better off in some cases - at least in this one...
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
