FedEx Kinkos ExpressPay Vulnerability

A new vulnerability was found in the ExpressPay system in use at FedEx Kinkos to pay for things like copies, etc. Basically the vulnerability allows you to get things for free, or even get cash from the system. The problem stems from the fact that the value of the SmartCard in use by the system is stored on the card itself, protected by a 3-digit code. If you can get this 3-digit code, then you can reprogram the card with whatever value you want. Worse yet, the 3-digit code is supposedly the same on all cards, making this what is called a BORE attack, or Break Once Repeat Everywhere. Once the 3-digit code is known (which it presumably already is by now) it can be used on any device. While the initial attack to get the code is complex and requires expensive equipment (a logic analyzer), with sufficient motivation and the potential for BORE someone was bound to do it eventually. This is what product manufacturers need to realize.