To Customer Support To Customer Support

Stealing Credit Cards from FUZE via Bluetooth

  • 4 April 2018
  • 6 replies
  • 535 views
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
I had never heard of a FUZE card until I read this article, and from my way of thinking, programming all of your cards into just one, is bad news from the word go for what I think are obvious reasons.
 
Wednesday, April 4, 2018 By Mike Ryan  
 
This article covers FUZE Card, a Bluetooth-enabled reprogrammable credit card. The size and shape of a regular credit card, FUZE promises to be "your whole wallet in one card."

After receiving a FUZE Card from @MBHbox (his blog), I decided to take a careful look at it. In the process, I X-rayed the card, fully reverse engineered its Bluetooth protocol, and found a security vulnerability that allows credit card numbers to be stolen via Bluetooth (CVE-2018-9119).

ICE9 reported this vulnerability to BrilliantTS, the maker of FUZE, but they did not respond to repeated follow-ups and did not take action on the basis of our report. As of this writing, CVE-2018-9119 continues to be exploitable on production FUZE Cards in the wild.
 

 
Full Article.

 

6 replies

B
Rank
Yes, I agree Jasper. It'd be like having one key to open every lock you encounter throughout your day. Lose that key, and Oh boy!
They make door locks that open automatically when they sense that your phone is near. It'd be bad enough to lose your phone but how about losing your phone and then returning home to find your house has been cleaned out, too. :S

It seems that the things they try to hype as time-saving and/or convenient could really end up creating more problems than they solve.
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
@ wrote:
Yes, I agree Jasper. It'd be like having one key to open every lock you encounter throughout your day. Lose that key, and Oh boy!
They make door locks that open automatically when they sense that your phone is near. It'd be bad enough to lose your phone but how about losing your phone and then returning home to find your house has been cleaned out, too. :S

It seems that the things they try to hype as time-saving and/or convenient could really end up creating more problems than they solve.
I feel as if the world is racing towards a disaster and nobody can see it coming.
B
Rank
@ wrote:

I feel as if the world is racing towards a disaster and nobody can see it coming.
I know how you feel, Jasper. I feel the same way. I'm just not sure if that's the reality of life or if it's just the pessimism that seems to increase as I age. I hear myself sounding like my father and it scares the hell out of me! :S
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
@ wrote:
@ wrote:

I feel as if the world is racing towards a disaster and nobody can see it coming.
I know how you feel, Jasper. I feel the same way. I'm just not sure if that's the reality of life or if it's just the pessimism that seems to increase as I age. I hear myself sounding like my father and it scares the hell out of me! :S
IoT the bane of modern humanity.
B
Rank
@ wrote:
@ wrote:
@ wrote:

I feel as if the world is racing towards a disaster and nobody can see it coming.
I know how you feel, Jasper. I feel the same way. I'm just not sure if that's the reality of life or if it's just the pessimism that seems to increase as I age. I hear myself sounding like my father and it scares the hell out of me! :S
IoT the bane of modern humanity.
Well, if the makers of IoT devices don't start taking security seriously, IoT may soon stand for 'Internet of Terror' LOL 😃
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54

Fuze card is wide open to data theft over Bluetooth. A fix is on the way.

 
Dan Goodin - 4/10/2018
 
Fuze representatives said they're aware of the vulnerability and plan to fix it in an update scheduled for April 19. They also thanked the two researchers who, independent of one another, discovered the vulnerability and privately reported it. So far, however, Fuze officials have yet to fully inform users of the extent of the risk so they can prevent private data stored on the cards from being stolen or tampered with until the critical flaw is repaired.
 
Full Article.

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.