SEC Consult identified a critical vulnerability in KioSoftβs NFC-based stored-value cards that allows attackers to artificially inflate balances. The company delayed over a year in releasing a firmware patch after being alerted to the issue, highlighting significant security lapses in RFID technology. #KioSoft #MiFareClassic #NFCVulnerability
Keypoints
- KioSoftβs stored-value cards using MiFare Classic NFC technology are susceptible to hacking.
- Researchers demonstrated that hackers can read, write, and manipulate card balances without online validation.
- Exploiting this vulnerability enables the creation of virtually unlimited funds on affected cards.
- It took KioSoft over a year to release a firmware patch after initial disclosure by SEC Consult.
- The company has not publicly confirmed the impacted hardware versions or detailed patch information.