Hacking Credit Cards with RFID chip

Verified

Added on 2023/04/11

AI Summary

This article discusses the vulnerability of credit cards with RFID chips and how hackers exploit it to gain sensitive information. It explains the process of the hack and the information that can be gained by the hacker. The article also explores the reasons why hackers target e-commerce websites and provides suggestions for mitigating this hack.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: INFORMATION SYSTEM AUDITING
Information System Auditing
Name of the student:
Name of the university:
Author note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1INFORMATION SYSTEM AUDITING
Hacking Credit Cards with RFID chip
a. What is the vulnerability being exploited?
In today’s era of digital world, online shopping and fund transfers are
commonly done and while doing this the credit card or the debit cards play a function
able role there. All types of fund transfers related to internet banking or credit cards
are done on the e-commerce websites using the method known as SSL or secure
socket layer. It is believed that this layer provides a secure connection and prevents
the credentials from being hacked but it is this SSLs only which hackers’ exploits by
easily breaking them (Krishnakumar). Thus the whole process of hacking takes place
with the well-known exploit called as the SSL MITM.
b. What information or data can be gained by a hacker exploiting this
vulnerability?
The reasons for which hackers often targets the e-commerce websites are
many. While exploiting the vulnerability of the Secure Socket Layer protocol present
in every website, the hackers tries to disrupt the services of the website and as a result
tries to steal important information about user’s credit card or banking system which
are later used by them to steal money (Cao, Yinzhi, Xiang Pan, and Yan Chen). With
the advent of online transaction methods, it has become much easier for the hackers to
steal money by merely just breaking the SSL layer. Another main reason for hackers
to exploit the websites security vulnerability is to get hold of important information
about some valuable persons. Hackers get hold of the credit card details knowing the
social security number and thus creating an open line for crediting and draining
accounts of the user.

2INFORMATION SYSTEM AUDITING
c. How is the hack performed?
A hacker performing this attack first hacks the Wi-Fi network to which the
user is connected. A series of utilities gets sent to redirect the information and data of
other users through the machine. Along with this utility more number of sniffing data
which are acting as the SSL certificate server. The hacker then acts as the man in the
middle and using the technique called Arpspoof the IP address off the user is easily
determined. This enables him to connect to the Wi-Fi network. In the next step the
hacker performs the DNS spoofing in order to replace the original SSL certificate
with his fake and thus controls the whole web session. A simple Cat Command is
operated in order to view the hacked data by decrypting the SSL information.
d. What about this particular hack interested you specifically?
This particular hack seems to be much interesting than the others as we use
credit cards in our daily life to process our daily transactions online. It is necessary to
know the vulnerabilities associated with it as major of our credential information are
stored there hacking of which will lead to major disruption. There are many ways by
which a hacker can get hold of the credit card information but exploiting the SSL is a
unique and most probably the easiest one. SSL which are provided in every website
are believed to be one of the secured route in order to proceed with online transaction
but this misconception about it is something new and thus the whole hacking process
seems to be interesting to me.
e. How do you think this particular hack could be mitigated?

3INFORMATION SYSTEM AUDITING
In order to mitigate this hack steps should be taken from both the user end as
well as from the business end where the attack is taking place. For the user end
following some mitigating techniques will prevent this hack which are as follows:
i. It is better to click the no option after viewing the SSL certificate (Felt et al.).
ii. They should take enough time to read and understand the security message as
displayed on the screen.
For the corporates end some measures that can mitigate the hack are as mentioned:
i. Providing detailed knowledge to the end users about the hack and how it takes
place.
ii. Asking end users to use advanced features like the Juniper’s Secure Application
Manager in order to protect the SSL from being exploited (Leu et al.).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4INFORMATION SYSTEM AUDITING
References:
Cao, Yinzhi, Xiang Pan, and Yan Chen. "SafePay: Protecting against credit card forgery with
existing magnetic card readers." 2015 IEEE Conference on Communications and Network
Security (CNS). IEEE, 2015.
Felt, Adrienne Porter, et al. "Improving SSL warnings: Comprehension and
adherence." Proceedings of the 33rd Annual ACM Conference on Human Factors in
Computing Systems. ACM, 2015.
Krishnakumar, S. "Vulnerabilities in credit card security." Editorial Board 3.8 (2014): 86.
Leu, Fang-Yie, Yi-Li Huang, and Sheng-Mao Wang. "A Secure M-Commerce System based
on credit card transaction." Electronic Commerce Research and Applications 14.5 (2015):
351-360.

1 out of 5

+13062052269

info@desklib.com

Hacking Credit Cards with RFID chip

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Vulnerabilities in the Digital System

Wireless Network Vulnerabilities and Security Measures - Desklib

Cyber Security Information Technology Report 2022

CPIS 606 Internet Security Auditing Report

Ebay Cyber Attack and Security Threat Analysis

Extended Validation SSL