Contactless Card Hacking

In the UAE, contactless technology is everywhere. They let us into our homes and hotel rooms, take public transport, purchase drinks, go skiing, and even provide swift access through immigration. The risk of cards being cloned or modified could be serious, particularly as there could be no physical trace of an attack. This presentation will walk through some of the security features of the different types of contactless technology: - An overview of contactless card technologies - Discussion of security features (and weaknesses) - Case studies of real-world hacks - Live demonstration of contactless card hacking - Best practice approach to using contactless technology.

Business Impacts of this Session

  • The presentation will give an insight into the practical attacks against different technologies, including details on the equipment, knowledge requirements, and methods of attack.
  • For those involved in providing these cards, they are often trusted as 'secure'. The presentation will make you question how contactless cards are used within your own organisation, and whether they should be trusted.
  • New developments in the UAE often mean new technology, but if this isn't well understood (or worse, blindly assumed to be secure), it can introduce serious risks to the environment. Moreover, fixing these mistakes after equipment has been installed can be very costly.

Mr Ben Downton, Principal Consultant, MWR InfoSecurity, UAE

Based in Dubai, Ben Downton heads up MWR InfoSecurity in the Middle East. With over 7 years' experience in the industry he is focused on developing awareness of Cyber Security in the region - helping to ensure that businesses protect themselves from sophisticated and targeted attackers. Key to this is understanding (and demonstrating) how a particular business could be compromised through understanding its operations, rather than simply its IT systems.