The one mentioned in the article is no longer in the Play Store. However, this one is still available for download: <a href="https://play.google.com/store/apps/details?id=com.idstronghold.CCReaderMkt" rel="nofollow">https://play.google.com/store/apps/details?id=com.idstrongho...</a><p>I gave it a quick try with some credit cards I have and it immediately displayed information.
Here's the github link to the App for anyone who wants more details: <a href="https://github.com/thomasskora/android-nfc-paycardreader#readme" rel="nofollow">https://github.com/thomasskora/android-nfc-paycardreader#rea...</a>
Here is a clone which is still up at github: <a href="https://github.com/rayyan/android-nfc-paycardreader" rel="nofollow">https://github.com/rayyan/android-nfc-paycardreader</a> and this is the most "interesting" bit of source : <a href="https://github.com/rayyan/android-nfc-paycardreader/blob/master/src/net/skora/eccardinfos/ECCardInfosActivity.java" rel="nofollow">https://github.com/rayyan/android-nfc-paycardreader/blob/mas...</a> - it can identify card types and that's about it...
So what's the exploit here? Is it a bug in the cards or the protocol or what? Or is the card info considered "public" by the protocol (i.e. I could imagine an authentication scheme where the card could provide its number but the bank would only honor charges via the secure contactless scheme which came with a RSA cookie or whatenot).
Sorry.. Am calling BS on this... To read any protected memory regions on an NFC card a fairly complicated handshake has to occur with various exchanges of keys - you can't just read details with your average NFC reader in an Android phone using an app that doesn't even require root...
Along these lines - are there any good 'hacker' tools out there for the various phone platforms? I know there are port scanners and some other things out there but is this a well-developed space?