Paycardreader: The App That Collects Your Bank Data
Paycardreader is an Android app that can read the NFC chip of some credit cards and debit cards, such as the German GeldKarte. It can collect information such as the card number, the owner name, the expiration date and the last transactions. This app is not available on Google Play anymore, but it can still be found on GitHub.
Paycardreader is an example of how insecure the NFC technology can be for payment systems. NFC stands for Near Field Communication, and it allows devices to exchange data wirelessly over a short distance. It is used for sharing files, pairing devices and making contactless payments with smartphones or cards. However, it also exposes the users to the risk of having their data stolen by malicious actors who can use a simple smartphone with an NFC reader app to intercept the signals emitted by the NFC chip.
There are some ways to prevent this kind of attack, such as wrapping your card with aluminum foil, using a protective case or a metal wallet, disabling the NFC chip or removing it yourself. However, these solutions may not be very convenient or effective for everyone. Therefore, it is advisable to be careful when using NFC cards and to check your bank statements regularly for any suspicious activity.
NFC Security: How to Protect Your Data
NFC technology has many advantages, such as convenience, speed and ease of use. However, it also comes with some security risks that users should be aware of. NFC signals can be intercepted, modified or relayed by hackers who want to steal your data or make fraudulent transactions. Here are some of the main security threats that NFC users may face and how to prevent them.
Eavesdropping is when a hacker captures the NFC signal between two devices and reads the data that is being transmitted. This could expose sensitive information such as your credit card number, your personal details or your passwords. Eavesdropping is possible because NFC signals are not encrypted by default.
However, eavesdropping is not very easy to perform, because the hacker would need to be very close to you (within a few inches) and have a powerful antenna and a sophisticated software. Also, most NFC applications use encryption or tokenization to protect the data that is being exchanged. Encryption means that the data is scrambled so that only the authorized devices can read it. Tokenization means that the data is replaced by a random code that is valid only for one transaction and cannot be reused.
To prevent eavesdropping, you should always use NFC applications that have encryption or tokenization features. You should also avoid using NFC in crowded or public places where someone could get close enough to your device without you noticing.
Data modification is when a hacker alters the NFC signal between two devices and changes the data that is being transmitted. This could result in incorrect or fraudulent transactions, such as paying more than you intended or sending money to the wrong account. Data modification is possible because NFC signals are not authenticated by default.
However, data modification is not very common, because most NFC applications use digital signatures or checksums to verify the integrity of the data that is being exchanged. Digital signatures are codes that are attached to the data and can only be generated by the authorized devices. Checksums are numbers that are calculated from the data and can be used to detect any changes in the data.
To prevent data modification, you should always use NFC applications that have digital signatures or checksums features. You should also check the amount and the recipient of any transaction before confirming it on your device.
Relay attack is when a hacker uses two devices to relay the NFC signal between two devices that are far apart. This could allow the hacker to make unauthorized transactions with your device without you knowing. Relay attack is possible because NFC signals do not have a time limit by default.
However, relay attack is not very likely, because it requires a lot of coordination and timing between the hacker’s devices and your device. Also, most NFC applications use distance bounding or time stamping to prevent relay attacks. Distance bounding means that the devices measure the time it takes for the signal to travel and reject it if it exceeds a certain limit. Time stamping means that the devices add a time stamp to the signal and reject it if it is too old.
To prevent relay attack, you should always use NFC applications that have distance bounding or time stamping features. You should also keep your device close to you and lock it when not in use.