This article discusses the vulnerability of credit cards with RFID chips and how hackers exploit it to gain sensitive information. It explains the process of the hack and the information that can be gained by the hacker. The article also explores the reasons why hackers target e-commerce websites and provides suggestions for mitigating this hack.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: INFORMATION SYSTEM AUDITING Information System Auditing Name of the student: Name of the university: Author note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1INFORMATION SYSTEM AUDITING Hacking Credit Cards with RFID chip a.What is the vulnerability being exploited? In today’s era of digital world, online shopping and fund transfers are commonly done and while doing this the credit card or the debit cards play a function able role there. All types of fund transfers related to internet banking or credit cards are done on the e-commerce websites using the method known as SSL or secure socket layer. It is believed that this layer provides a secure connection and prevents the credentials from being hacked but it is this SSLs only which hackers’ exploits by easily breaking them (Krishnakumar). Thus the whole process of hacking takes place with the well-known exploit called as the SSL MITM. b.Whatinformationordatacanbegainedbyahackerexploitingthis vulnerability? The reasons for which hackers often targets the e-commerce websites are many. While exploiting the vulnerability of the Secure Socket Layer protocol present in every website, the hackers tries to disrupt the services of the website and as a result tries to steal important information about user’s credit card or banking system which are later used by them to steal money (Cao, Yinzhi, Xiang Pan, and Yan Chen). With the advent of online transaction methods, it has become much easier for the hackers to steal money by merely just breaking the SSL layer. Another main reason for hackers to exploit the websites security vulnerability is to get hold of important information about some valuable persons. Hackers get hold of the credit card details knowing the social security number and thus creating an open line for crediting and draining accounts of the user.
2INFORMATION SYSTEM AUDITING c.How is the hack performed? A hacker performing this attack first hacks the Wi-Fi network to which the user is connected. A series of utilities gets sent to redirect the information and data of other users through the machine. Along with this utility more number of sniffing data which are acting as the SSL certificate server. The hacker then acts as the man in the middle and using the technique called Arpspoof the IP address off the user is easily determined.This enables him to connect to the Wi-Fi network. In the next step the hacker performs the DNS spoofing in order to replace the original SSL certificate with his fake and thus controls the whole web session. A simple Cat Command is operated in order to view the hacked data by decrypting the SSL information. d.What about this particular hack interested you specifically? This particular hack seems to be much interesting than the others as we use credit cards in our daily life to process our daily transactions online. It is necessary to know the vulnerabilities associated with it as major of our credential information are stored there hacking of which will lead to major disruption. There are many ways by which a hacker can get hold of the credit card information but exploiting the SSL is a unique and most probably the easiest one. SSL which are provided in every website are believed to be one of the secured route in order to proceed with online transaction but this misconception about it is something new and thus the whole hacking process seems to be interesting to me. e.How do you think this particular hack could be mitigated?
3INFORMATION SYSTEM AUDITING In order to mitigate this hack steps should be taken from both the user end as well as from the business end where the attack is taking place. For the user end following some mitigating techniques will prevent this hack which are as follows: i. It is better to click the no option after viewing the SSL certificate (Felt et al.). ii. They should take enough time to read and understand the security message as displayed on the screen. For the corporates end some measures that can mitigate the hack are as mentioned: i. Providing detailed knowledge to the end users about the hack and how it takes place. ii. Asking end users to use advanced features like the Juniper’s Secure Application Manager in order to protect the SSL from being exploited (Leu et al.).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4INFORMATION SYSTEM AUDITING References: Cao, Yinzhi, Xiang Pan, and Yan Chen. "SafePay: Protecting against credit card forgery with existing magnetic card readers."2015 IEEE Conference on Communications and Network Security (CNS). IEEE, 2015. Felt, Adrienne Porter, et al. "Improving SSL warnings: Comprehension and adherence."Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems. ACM, 2015. Krishnakumar, S. "Vulnerabilities in credit card security."Editorial Board3.8 (2014): 86. Leu, Fang-Yie, Yi-Li Huang, and Sheng-Mao Wang. "A Secure M-Commerce System based on credit card transaction."Electronic Commerce Research and Applications14.5 (2015): 351-360.