Thirsty Rock

At the end of July 2011 MTN Mobile Money announced the launch of payD, an on-line payment service. Using encrypted channels, payD allows bank customers to effect electronic payments with PIN-protected cards. A rogue IMSI catcher , masquerading as a GSM base station, can entice mobile phones in the vicinity to camp to its stronger signal and exposing the phone to packet sniffing. Sensitive information could be harvested from the communication session. It is worth noting that plain old SMS messages are not encrypted.

In response to a global epidemic of card skimming and cloning scams, the banking industry replaced magnetic strip cards with Pin and Chip cards. These payment cards host embedded microprocessors which are difficult to clone except by the most determined of criminals. The Payment Card Industry Data Security Standard strongly recommends switching to these PIN-based cards because of Fort Knox-type security. At the last Black Hat conference in Las Vegas, Karsten Nohl and hardware hacker Christopher Tarnovsky unlocked a heavily fortified chip card similar to those that support the EMV (Europay Mastercard and VISA) standard. Circuitry on the chip was microscopically analysed in conjunction with optical recognition software. A proprietary algorithm on the chip was uncovered allowing hackers to break or clone the card. Degate , a publicly available tool developed to analyse small silicon structures, makes it possible for amateur hackers to dissect smart card chips. It is time for the b