Hacker shows how easy it is to steal credit card info

A TOOWOOMBA computer whiz has shown how easy it is for hackers to steal your credit card information, using just a mobile phone.

Using near field communication, the same technology behind contactless tap and pay systems, the teenager can access your credit card information and transaction history.

He showed The Chronicle how a simple app can use archive files called APKs, which are readily available on the internet to hack bank accounts.

"You simply scan the card and it gives all the information," he boasted.

And he was true to his word, a scan did indeed reveal credit card information.

A transaction history stolen by a phone app. Photo Contributed
A transaction history stolen by a phone app. Photo Contributed Contributed

The mobile phone only needs to be within metres of the card.

There are a variety of techniques available to hackers, with the simplest version only needing the hacker to hold the card close to the phone.

The phone app accesses so-called hash codes - a series of numbers which can be transcoded to give usable information.

The information revealed includes the credit card number and expiration date along with transaction records.

The man was able to prove to The Chronicle that a Commonwealth Bank card could be hacked.

The method is commonly used overseas where people steal information, buy from the credit card and generate copies of credit cards for use.

In other countries ATMs are routinely modified to allow for criminals to "skim" the cards.

But this new technique raises the prospect that skimming machines could be replaced by a simple mobile phone.

The man involved in the demonstration requested to remain anonymous.

A screenshot revealing stolen card information. Photo Contributed
A screenshot revealing stolen card information. Photo Contributed Contributed

Relay attack

One common NFC hacking technique is called the relay attack.

The attack forwards a request to the victim and relays back its answer in real time.

According to Infosec Institute, this attack technique focuses on the extension of the range between the NFC token, such as a card and the reader.

To implement it two NFC enabled devices are necessary.

Trojan software

Beware of Greeks bearing gifts is the old aphorism but in this case, beware of dodgy apps.

Hackers can use Trojan relay software on Android phones to initiate payments.

To protect yourself from these attacks, users are advised to beware of apps that haven't been approved by reputable sources.