|
|
|
|
|
|
by tastroder
2520 days ago
|
|
|
> That's the first time I hear about RFID/NFC MITM, neat. That's been a thing for quite a few years now in the context of pentesting, e.g. for badge cloning / proxying for access control systems, see for example [1] for an overview presentation. There's quite a few BlackHat talks on that space that give a good overview at this point. This attack is intruiging since it circumvents more complex measures by manipulating the communication and obviously has practical and direct impact on a monetary asset. I've read elsewhere ([2], German) that Visa declines to fix this with the explanation that it would require attackers to steal the card in the first place and is technologically too complex to be seen in the real world, which is kind of weird. The hardware required is pretty accessible at this point but I guess their risk assessment determined that the actually occurring fraud with this method is currently not worth fixing anything. [1] https://www.bishopfox.com/files/slides/2016/InfoSec_World_20... [2] https://www.heise.de/security/meldung/Bezahlen-ohne-PIN-und-... |
|
|