How Smart are Smartcards? A Hacker Perspective on Those Plastic Cards

We all carry smartcards in our wallets.  We use them to purchase things (credit cards), gain access to buildings (employee ids), identify who we are (passwords).  What is this black magic that gives these pieces of plastic so much power?  Why do some cards have little metal pads on them and the others just require you to “tap?”  Is any of these actually secure?  How was my credit card number stolen?  Maybe these are questions that you’ve asked yourself regularly, or are facing them for the first time right now.  Either way, aren’t you curious?

In this talk, I will provide a broad overview of the field of smartcards (and RFID) and attempt to highlight why these technologies exist, what they were intended for, and what their security architectures are like.  Then, we will put our security hats — black if you prefer — and attack these various technologies.  I will walk you through various attacks and demonstrations to bring you up to speed with smartcard security measures.  Swipe, insert, or chip+PIN?  After this presentation, you will be able to speak intelligently about the security of these mysterious cards, and will likely never want to “swipe” or “tap” your card again.

Join the discussion here