Key Takeaways
1. Certain FeliCa contactless IC cards issued before 2017 are at risk of unauthorized data access and alterations.
2. FeliCa cards are widely used in Japan for public transport and payments, and have also been adopted in several other countries.
3. The security flaw was discovered by third parties and reported to Sony based on Japan’s Information Security Early Warning Partnership Guidelines.
4. Cardholders with affected cards should transfer their account balances to newer cards, as the flaw allows cybercriminals to steal data despite encryption.
5. Electronic wallets on smartphones or smartwatches are not affected by this issue, but users should consider offline wallets for additional protection against hacking.
Sony has announced that certain FeliCa contactless IC cards that were sent out before 2017 could be at risk of unauthorized data access and alterations. FeliCa cards are quite popular in Japan, where they serve as trains, ID, and payment cards. This system has also been adopted in other nations such as the United States, Bangladesh, Hong Kong, Indonesia, and Thailand.
Usage in Public Transit
Visitors to Japan are likely to come across FeliCa in the form of public transport cards, like the Suica or Pasmo, which are utilized in Tokyo’s JR East and Pasmo train and bus systems. These NFC cards can be loaded with cash beforehand and used for travel. Additionally, they can be employed to buy snacks, meals, and other items at vending machines, restaurants, and retail stores that accept this payment method.
Security Concerns
While Sony hasn’t provided specifics about the security issue, it was third parties that found the flaw and alerted Sony as part of the “Information Security Early Warning Partnership Guidelines” set by the Information Technology Promotion Agency (IPA). This is a collaborative security framework in Japan aimed at reducing potential harm.
Recommendations for Cardholders
The flaw in these IC cards permits cybercriminals to access and alter data even with AES/DES encryption in place, which could lead to the theft of account balances. Those who own cards from before 2017 should move their account balances to a newer card quickly. However, electronic wallets stored on smartphones or smartwatches are not affected by this issue.
The finding of this vulnerability serves as a reminder that electronic devices are likely to be hacked eventually. Users with Bitcoins in digital wallets or accounts might want to think about getting an offline wallet, like the one available on Amazon, to protect their assets, since hackers have taken millions in cryptocurrencies from various online platforms.
Source:
Link
Leave a Reply