A couple from Petaling Jaya have been arrested for hacking a dozen Touch ‘n Go cards and using them to make purchases. The duo had been operating for about two months before they were tracked down by police.
The couple had hacked the TnG cards using an Android app they found online. Each card was reloaded with a sum of RM1,500 each, and then used to pay for just about anything that would accept it. Authorities have not revealed what the two had bought with the modified cards, but The Star is reporting that TnG itself has suffered a loss of RM20,000.
Petaling Jaya OCPD Asst Comm Mohd Zani Che Din said that the police had seized a laptop, smartphone, SmartTAG, an iPad, and 12 Touch ’n Go cards. The police are also investigating the forum from which the couple had obtained the app under the Computer Crimes Act.
TnG cards utilise simple RFID chip technology, which is not exactly all that secure. We are unaware of the kind of security features on the TnG cards, but most RFID chips lack modern encryption features and it isn’t surprising that they were hacked using smartphones with NFC communications. While this may look like a one off occurrence, it might be time for TnG to look into improving security on its cards.
[Source: The Star]