KioSoft’s Epic Delay: Vulnerability Patch Takes Over a Year, Free Card Top-Ups Abound!

SEC Consult discovered a flaw in KioSoft’s NFC cards that lets hackers conjure free balance top-ups, turning laundromat visits into magical money-making escapades. Despite the urgency, KioSoft took over a year to patch the vulnerability, leaving hackers more time to wash and dry their ill-gotten gains.

3P
Published: September 12, 2025 8:45 amAdded: September 18, 2025 at 3:10 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

***You know it’s a red flag when fixing a security flaw takes longer than your laundry cycle. KioSoft’s vulnerability saga is the ‘Lost Sock’ of cybersecurity: mysterious, frustrating, and probably lurking somewhere in the dryer of negligence.***

Key Points:

– KioSoft took over a year to address a significant vulnerability in its NFC-based payment cards.
– The vulnerability allows hackers to top-up card balances for free using known MiFare card security flaws.
– SEC Consult discovered the issue in 2023 and struggled with delayed responses from KioSoft.
– A firmware patch was eventually released in 2025, but SEC Consult couldn’t verify it.
– KioSoft claimed most of their products don’t use the vulnerable technology.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?