Contactless Infusion X5: a device that can remotely copy data of 15 bank cards per second
The device works at a distance of up to 8 centimeters from the target map, cloning is ongoing
The dark web went on sale a device made by The CC Buddies group, which is capable of cloning data of 15 bank cards per second. At the same time, the device itself has a very small size, and works at distances of up to 8 centimeters from the target map. Of course, this is not so much. But imagine how many cards you can clone if you walk through a visited supermarket, a subway car, a queue at a ticket office, or knock at other similar places (a club, a concert of a famous group, etc.).
')
If earlier attackers used rather large-sized devices that could be considered for the same purpose, then the dimensions of this device allow you to put it in your pocket. And if someone sees the gadget in the hands of an attacker, they are unlikely to understand what it is. This system is called X5, and it is designed to copy the data of the chip embedded in modern RFID bank cards.
All collected data is stored inside the device, the device comes with built-in memory. Extracting information is very simple - you need to connect the system to a PC, using a USB cable, and using special software to download data to a computer. The software is supplied by the same team of CC Buddies with the device.
As for the information that the gadget collects, it includes the card number and its validity period. If the chip also stores other information, including the holder's name, home address, mini-statements, it will also be retrieved by the device and saved. And the data is not stored in the clear, and encrypted. Owners of the device without any problems decrypt the data using the software attached to X5. After that, you can easily create a clone of the copied bank card, and use it for various purposes.
The device comes with several blanks to create duplicate plastic cards, and the cost of the system reaches $ 800. This is at the current rate of only 1.2 bitcoin. X5 is sent by mail. together with a USB data cable and 20 empty plastic blanks. Available and detailed technical information.
“Contactless Infusion X5 is the first contactless card reader that is sold by hackers on the black market. This product was designed and created by The CC Buddies team. Contactless Infusion X5 can detect and read any bank card at a distance of up to 8 centimeters. The data transfer rate is 1024kbps, and this means a read speed of 15 cards per second, ”according to the resource where the device is sold.
The case contains a 5-volt battery, rechargeable via USB 3.0 cable (included). It takes about 3 hours to fully charge the battery, after which the system will work for about 10 hours. Reads X5 and other RFID cards operating at 13.56 MHz. So far, the software supplied by hackers cannot decipher data collected from other cards, but the team is already working on it. So that a universal device may soon be introduced.
Specifications:
- Power supply: USB 3.0
- Speed: 480 Mbps (full speed)
- voltage: 5V DC
- Current: 200 mA (maximum); 50 mA (sleep mode); 100 mA (normal mode)
Works with maps:
- SO 14443 Part 4 Type A and B cards, FeliCa, and four more types of wireless cards (ISO / IEC 18092 tags)
Protocol: FeliCa protocol, T = CL protocol
- Working frequency: 13.56 MHz
-Working distance: up to 80 mm
-Memory: 8 GB
- Read / write speed: 1024kbps
physical characteristics
-Sizes: 98.0 mm x 65.0 mm x 12.8 mm
- Weight: 70 g
-Material: Polycarbonate
-Black colour
- Antenna size: 60 mm x 50 mm
- Cable length: 50 cm (USB 3.0)
Additionally:
-Red and green LEDs
-Vibrator
OS compatibility:
-Microsoft WHQL 2000, XP, Vista, 7, 8, 10, Server 2003, Server 2008, Server 2008 R2, Server 2012
What is in the box:
1 x Contactless Infusion X5
20 x empty plastic blanks (with chip)
1 x USB 3.0
1 x The CC Buddies Software
1 x pack
As you can see, the hunt for bank cards (and “smart” cards) goes to a truly industrial level. Such systems can collect card data in almost unlimited quantities.
Earlier this year, a photo of a man in the subway dispersed in many media outlets, holding a portable “scanner” (actually a mobile payment terminal) that reads bank cards. The scanner in the photo worked, and netizens decided that this man was a fraudster who remotely debited amounts up to 1000 rubles from his neighbors in the carriage.
And indeed, it can be done. “According to the rules of payment systems, contactless payment of up to a thousand rubles can be made without entering a PIN code. If we argue hypothetically, then to the question “can a person in the subway with such a terminal at rush hour, leaning it against clothes and bags, write off money from passengers' accounts” the answer will be positive. With a certain dexterity - can. But the devil, as usual, is in the details, ” explained Alexander Borodkin, head of the plastic cards department at VTB24.
But the problem (for intruders) with such a terminal is that the funds from your card account at the bank will be debited and transferred to the bank - the acquirer that owns this terminal. Plus, when withdrawing money from the card of a bank customer, he will receive an SMS notification.
But the X5 has no restrictions - here the money is not transferred anywhere, but the card data itself is read. So a scammer can easily bypass dozens of subway cars or go to very crowded places. And no one will suspect anything.
The dark web went on sale a device made by The CC Buddies group, which is capable of cloning data of 15 bank cards per second. At the same time, the device itself has a very small size, and works at distances of up to 8 centimeters from the target map. Of course, this is not so much. But imagine how many cards you can clone if you walk through a visited supermarket, a subway car, a queue at a ticket office, or knock at other similar places (a club, a concert of a famous group, etc.).
')
If earlier attackers used rather large-sized devices that could be considered for the same purpose, then the dimensions of this device allow you to put it in your pocket. And if someone sees the gadget in the hands of an attacker, they are unlikely to understand what it is. This system is called X5, and it is designed to copy the data of the chip embedded in modern RFID bank cards.
All collected data is stored inside the device, the device comes with built-in memory. Extracting information is very simple - you need to connect the system to a PC, using a USB cable, and using special software to download data to a computer. The software is supplied by the same team of CC Buddies with the device.
As for the information that the gadget collects, it includes the card number and its validity period. If the chip also stores other information, including the holder's name, home address, mini-statements, it will also be retrieved by the device and saved. And the data is not stored in the clear, and encrypted. Owners of the device without any problems decrypt the data using the software attached to X5. After that, you can easily create a clone of the copied bank card, and use it for various purposes.
The device comes with several blanks to create duplicate plastic cards, and the cost of the system reaches $ 800. This is at the current rate of only 1.2 bitcoin. X5 is sent by mail. together with a USB data cable and 20 empty plastic blanks. Available and detailed technical information.
“Contactless Infusion X5 is the first contactless card reader that is sold by hackers on the black market. This product was designed and created by The CC Buddies team. Contactless Infusion X5 can detect and read any bank card at a distance of up to 8 centimeters. The data transfer rate is 1024kbps, and this means a read speed of 15 cards per second, ”according to the resource where the device is sold.
The case contains a 5-volt battery, rechargeable via USB 3.0 cable (included). It takes about 3 hours to fully charge the battery, after which the system will work for about 10 hours. Reads X5 and other RFID cards operating at 13.56 MHz. So far, the software supplied by hackers cannot decipher data collected from other cards, but the team is already working on it. So that a universal device may soon be introduced.
Specifications:
- Power supply: USB 3.0
- Speed: 480 Mbps (full speed)
- voltage: 5V DC
- Current: 200 mA (maximum); 50 mA (sleep mode); 100 mA (normal mode)
Works with maps:
- SO 14443 Part 4 Type A and B cards, FeliCa, and four more types of wireless cards (ISO / IEC 18092 tags)
Protocol: FeliCa protocol, T = CL protocol
- Working frequency: 13.56 MHz
-Working distance: up to 80 mm
-Memory: 8 GB
- Read / write speed: 1024kbps
physical characteristics
-Sizes: 98.0 mm x 65.0 mm x 12.8 mm
- Weight: 70 g
-Material: Polycarbonate
-Black colour
- Antenna size: 60 mm x 50 mm
- Cable length: 50 cm (USB 3.0)
Additionally:
-Red and green LEDs
-Vibrator
OS compatibility:
-Microsoft WHQL 2000, XP, Vista, 7, 8, 10, Server 2003, Server 2008, Server 2008 R2, Server 2012
What is in the box:
1 x Contactless Infusion X5
20 x empty plastic blanks (with chip)
1 x USB 3.0
1 x The CC Buddies Software
1 x pack
As you can see, the hunt for bank cards (and “smart” cards) goes to a truly industrial level. Such systems can collect card data in almost unlimited quantities.
Earlier this year, a photo of a man in the subway dispersed in many media outlets, holding a portable “scanner” (actually a mobile payment terminal) that reads bank cards. The scanner in the photo worked, and netizens decided that this man was a fraudster who remotely debited amounts up to 1000 rubles from his neighbors in the carriage.
And indeed, it can be done. “According to the rules of payment systems, contactless payment of up to a thousand rubles can be made without entering a PIN code. If we argue hypothetically, then to the question “can a person in the subway with such a terminal at rush hour, leaning it against clothes and bags, write off money from passengers' accounts” the answer will be positive. With a certain dexterity - can. But the devil, as usual, is in the details, ” explained Alexander Borodkin, head of the plastic cards department at VTB24.
But the problem (for intruders) with such a terminal is that the funds from your card account at the bank will be debited and transferred to the bank - the acquirer that owns this terminal. Plus, when withdrawing money from the card of a bank customer, he will receive an SMS notification.
But the X5 has no restrictions - here the money is not transferred anywhere, but the card data itself is read. So a scammer can easily bypass dozens of subway cars or go to very crowded places. And no one will suspect anything.
Source: https://habr.com/ru/post/372371/
All Articles