Yesterday, I was talking to a producer for the CBS Evening News regarding credit and ATM/bank cards with embedded RFID chips being vulnerable to wireless skimming. CBS is currently working on a story about this, due to a CBS affiliate station’s story:
http://www.wreg.com/videobeta/?watch…a-1884ec348310
CBS News’ take on this is that the skimming is great TV, but it’s probably only a small portion of things that can be skimmed or otherwise attacked by the populace, and they are interested in expanding the story. Our discussion went on for a while, and we talked about similar vulnerabilities pertaining to RFID including passports, EZPay, etc.
In the middle of all this, the producer remarked that while this vulnerability was “brand new” to the public, my reactions were making it seem like this was old news to the infosec community. My response was that the touch-less credit card issue had been known and demonstrated going back at least 6 years, if not more. He said that the same type of reaction had occurred last April, when CBS had run the story about the copier imaging on hard drives. The public was aghast, but the infosec people they’d contacted all remarked “what took you so long?”
More after the jump…