ElectronicHackingSecurity

This $10 Device Can Guess and Steal Your Next Credit Card Number before You’ve Received It

Imagine you have lost your credit card and applied for a fresh credit card from your bank. What if some criminal is using your new credit card before you have even received it?
Yes, it’s possible at least with this $10 device.
Hardware hacker Samy Kamkar has built a $10 device that can predict and store hundreds of American Express credit card numbers, allowing anyone to use them for wireless payment transactions, even at non-wireless terminals.
The device, dubbed MagSpoof, guesses the next credit card numbers and new expiration dates based on a cancelled credit card’s number and when the replacement card was requested respectively.
The tiny gadget would be a dream of any card fraudster who can pilfer cash from the stolen credit cards even after they have been blocked or cancelled by their owner.

What’s MagSpoof?

 

MagSpoof is a device that can…
  • Spoof any magnetic stripe or credit card entirely wirelessly, even on standard magstripe/credit card readers
  • Disable chip and PIN (EMV) protection
  • Switch between different credit cards
  • Accurately predict the card number and expiration date

Here’s How MagSpoof Works

The wireless function of MagSpoof works by emitting a strong “electromagnetic field” that emulates a traditional magnetic stripe card as if it is physically being swiped.
magspoof

“What is incredible is that the magstripe reader requires no form of wireless receiver, RFID, or NFC – MagSpoof works wirelessly, even with standard magstripe readers,” Kamkar says in his blog. “You can put it up to any traditional point of sales system, and it will believe that a card is being swiped.”

After losing an American Express cards, Kamkar noticed that the replacement card’s number appeared to have a relationship with his previous three American Express cards.
Kamkar recorded all the numbers and worked out a global pattern that allowed him to accurately predict up to 20 American Express card and replacement card numbers shared with him by his friends for his research.

Video Demonstration

You can watch the video demonstration that shows the hack in work.

Kamkar has also provided the necessary code that you can download from Github by following the instructions to build your own MagSpoof device, but…
American Express has been notified of the issue and says the company is working on a fix.For in-depth explanation on MagSpoof, read the full blog post by Kamkar.

Share Your Thoughts
Tags

Pascal Eugene

Founder of ‘Geek The Net’. Cyber Security Analyst, Information Security Researcher, Developer and Part-Time Hacker.

Related Articles

Close