Tuesday, February 28, 2006

Report: FedEx Kinko's ExpressPay Can Be Exploited For Cash



Peter Laborge writes on SecurityFocus:

A vulnerability in the FedEx Kinko's ExpressPay system allows an attacker to receive free services or even cash from the stores, according to a post on Full-Disclosure yesterday.

The ExpressPay system uses a Siemens/Infineon SLE4442 smartcard to store the pre-purchased value, and a three-byte security code prevents rewriting of the card's data. The method described for obtaining the security code involves using a logic analyzer at a point where the card is written to, and it is reported that this code is the same across all cards in circulation.

More here.

posted by Fergie @ 2/28/2006 02:49:00 PM

0 Comments:

Post a Comment

<< Home