23C3 - 1.5

23rd Chaos Communication Congress
Who can you trust?

Speakers
Bernd R. Fix
Schedule
Day 1
Room Saal 2
Start time 17:15
Duration 01:00
Info
ID 1449
Event type Lecture
Track Hacking
Language English
Feedback

A not so smart card

How bad security decisions can ruin a debit card design

This lecture will introduce you to the the Postcard, a widely used debit card issued by FostFinance in Switzerland. As other debit cards like the "EC" card it is used for shopping payments at POS terminals or to draw money from ATMs in Switzerland and many other countries. It's widely used by its 2'000'000 users, producing a total transaction volume of around 8'000'000'000 Swiss Francs a year.

All security features of the card are described and their ineffectivness is demonstrated. It is shown how even outsiders can get access to the secret key of the card issuer, allowing them to create new, valid debit cards on their own or to clone existing card without any physical access to the original.

If the phrase "Your key is way too short" could embarass IT security officers as much as if we are referring to their private (male) body part - security would be much better off in some cases - at least in this one...