Contactless bank cards
Roland Perry
lists at internetpolicyagency.com
Wed Nov 17 12:06:49 GMT 2010
In article
<729CF33C-8148-4E32-B4D0-555830394C00 at sourcetagged.ian.co.uk>, Ian Mason
<ukcrypto at sourcetagged.ian.co.uk> writes
>> Surely you'd have to set up some sort of "man in the middle"
>>between the card and one of the Paywave terminals[1]. Wouldn't that
>>be a bit tricky in real time?
>
>No, search for "MIG in the middle".
On one hand, are you being ironic?
"One case history that unfortunately turns out to be unfounded
is the story of the `Mig-in-the-middle' attack, pp 19-20... in
September 2001, I learned from a former employee of the South
African Communications Security Agency that the story is
apocryphal."
On the other... I'm seeking to understand what sort of technology you
could surrupticiously invoke near someone's wallet, and also near a
paywave terminal (and of course in between) which would provide a
suitably faked conversation that the card could be debited.
--
Roland Perry
More information about the ukcrypto
mailing list