CAPEC-397: Cloning Magnetic Strip Cards

Overview

CAPEC-397 (Cloning Magnetic Strip Cards) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

How this attack relates to others in the CAPEC hierarchy.

Parent

CAPEC-395: Bypassing Electronic Locks and Access Controls

Frequently asked questions

Common questions about CAPEC-397.

What is CAPEC-397?

An attacker duplicates the data on a Magnetic strip card (i.e. 'swipe card' or 'magstripe') to gain unauthorized access to a physical location or a person's private information. Magstripe cards encode data on a band of iron-based magnetic particles arrayed in a stripe along a rectangular card. Most magstripe card data formats conform to ISO standards 7810, 7811, 7813, 8583, and 4909. The primary advantage of magstripe technology is ease of encoding and portability, but this also renders magnetic strip cards susceptible to unauthorized duplication. If magstripe cards are used for access control, all an attacker need do is obtain a valid card long enough to make a copy of the card and then return the card to its location (i.e. a co-worker's desk). Magstripe reader/writers are widely available as well as software for analyzing data encoded on the cards. By swiping a valid card, it becomes trivial to make any number of duplicates that function as the original.

References

MITRE CAPEC definition (CAPEC-397) (opens in a new tab)

Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.

Overview

Related attack patterns

Parent

Frequently asked questions

What is CAPEC-397?

References

Defend against CAPEC-397