Due to our recent security updates and several fraud attemps in July ( month of fraud prevention ) we find it necessary that you should verify your account details that we have on file to ensure that your online service is not interrupted.
We request you to confirm and update your information today
Yours sincerely,
Westpac Banking Corporation
Note "attempts" is misspelt. Also the email was sent in August, rofl.
Hovering the mouse over the "Confirm your account" I see that the link goes to "XXXgirleuphoriaXXX" (part redacted). Somehow I don't think the Westpac Bank has outsourced its account confirmation to something to do with "girls" and "euphoria".
Rather cunningly, they advise you to beware of phishing attempts:
How do I know this is not a Spoof email? Spoof or 'phishing' emails tend to have generic greetings such as "Dear member". Emails from Westpac will always address you by your e-mail or first and last name
There's plenty of stupid people ready to fall for it that's why these apparently phony emails still make their rounds. They can't keep sending these emails on purely evil thoughts. They need to get paid, right?
What worries me is hacked credit card readers that can read the magnetic stip and the pin you input.
Even worse are the contactless cards that are being issued. At least at present I have to take my card out of my pocket and stick it in something. How do others feel about them?
There was a recent discussion sparked by a surveillance video of car thefts possibly against the new keyless systems (RFID type) I used tin foil and that still didn't block the transmission.
radman:
What worries me is hacked credit card readers that can read the magnetic stip and the pin you input.
Even worse are the contactless cards that are being issued. At least at present I have to take my card out of my pocket and stick it in something. How do others feel about them?
A local shop sells little metal containers you can put your cards into.
But those contactless gadgets have a short range, and for them to do much the shopkeeper would have to have rung up a sale just as you walked past it.
There was a recent discussion sparked by a surveillance video of car thefts possibly against the new keyless systems (RFID type) I used tin foil and that still didn't block the transmission.
liudr, you lost me a bit are you saying you used tinfoil and it did not block transmission ?
Not necessary. They can pick up your signal and transmit it to a different shop miles away and retransmit it to that shop so they thought you were there. They can do this with a car already.
I found a research paper on this topic. Authors were able to "steal" the cars by picking up the key signal, transmitting it to a receiver and resending it to the car. The car thinks the key is near and grants access.
There was a recent discussion sparked by a surveillance video of car thefts possibly against the new keyless systems (RFID type) I used tin foil and that still didn't block the transmission.
liudr, you lost me a bit are you saying you used tinfoil and it did not block transmission ?
Only stopped me from opening my trunk. I was able to get in my car with my key fob in my pocket wrapped in tin foil.
Only stopped me from opening my trunk. I was able to get in my car with my key fob in my pocket wrapped in tin foil.
So a Faraday Cage is only a Faraday Cage if the metal structure enclosing the area is also earthed?
Is that correct? What is the definition of a Faraday Cage? Does such a Cage not also block radio frequencies?
liudr:
Not necessary. They can pick up your signal and transmit it to a different shop miles away and retransmit it to that shop so they thought you were there.
Yes but the contactless card don't transmit. They are RFID-style cards, right? There is no signal to be caught and relayed.
A contactless smart card is a card in which the chip communicates with the card reader through an induction technology similar to that of an RFID (at data rates of 106 to 848 kbit/s). These cards require only close proximity to an antenna to complete a transaction. They are often used when transactions must be processed quickly or hands-free, such as on mass transit systems, where a smart card can be used without even removing it from a wallet.
And:
It defines two types of contactless cards ("A" and "B") and allows for communications at distances up to 10 cm (3.9 in)
More than 4 inches from a cash register and you are OK. Plus, it would need to be subverted somewhat to ring up a sale without you noticing. Heck, if the shop is that dishonest you probably have other problems.
It defines two types of contactless cards ("A" and "B") and allows for communications at distances up to 10 cm (3.9 in)
More than 4 inches from a cash register and you are OK. Plus, it would need to be subverted somewhat to ring up a sale without you noticing. Heck, if the shop is that dishonest you probably have other problems.
I would imagine this is just a factor of getting a bigger antenna, but feel free to correct me on this.
[/quote]
I'm afraid you are right. If you can emit the right frequency to energize the RFID (easy) from a "safe" distance, I think it will start emitting its ID. Then if you have a good antenna the size of, say a shopping cart (or just the metal shopping cart itself), you can pick up this weak signal, if it's not buried by noise. I'm not sure if there's enough noise at that frequency unless there's a bunch of other RFIDs around. Then once received, you radio it unmodified to a remote location and send it out via an antenna. The RFID reader at that location will think the card is right next to it. This way is not cloning so completely immune to encryption. You listen fast enough to what the RFID says and repeats verbatim to the reader miles away.
Here is what I found about RFID theft:
I am not sure how this theft can be defeated by upgrading technology.
liudr:
Here is what I found about RFID theft: Wireless identity theft - Wikipedia
I am not sure how this theft can be defeated by upgrading technology.
I have a bit of a background in cryptography, and I remember reading about a secure ID scheme (eID) that was used in Belgium that made use of digital signatures as well as microprocessors on the ID cards themselves that ran advanced cryptographic algorithms. It isn't exactly a perfect scheme, but it at least makes it significantly more complex for crooks to exploit.
Jantje:
If you can add gps info to the message the car knows you are not close.
Best regards
Jantje
That will only work in open parking lots. If you are in underground parking garage you can't get any GPS reception.
True; but you could get a far better security when both the car and the key use the "current gps location and if no current; last know gps location"
Secondly Indoors positioning systems are in the progress of becoming reality.
So no silver bullet but a major increase in security. However adding gps to a rfid key is not gonna be easy with current technology
Best regards
Jantje
