Go Down

Topic: This is the month of fraud prevention, lol (Read 5994 times) previous topic - next topic

liudr



Quote

It defines two types of contactless cards ("A" and "B") and allows for communications at distances up to 10 cm (3.9 in)


More than 4 inches from a cash register and you are OK. Plus, it would need to be subverted somewhat to ring up a sale without you noticing. Heck, if the shop is that dishonest you probably have other problems.


I would imagine this is just a factor of getting a bigger antenna, but feel free to correct me on this.


I'm afraid you are right. If you can emit the right frequency to energize the RFID (easy) from a "safe" distance, I think it will start emitting its ID. Then if you have a good antenna the size of, say a shopping cart (or just the metal shopping cart itself), you can pick up this weak signal, if it's not buried by noise. I'm not sure if there's enough noise at that frequency unless there's a bunch of other RFIDs around. Then once received, you radio it unmodified to a remote location and send it out via an antenna. The RFID reader at that location will think the card is right next to it. This way is not cloning so completely immune to encryption. You listen fast enough to what the RFID says and repeats verbatim to the reader miles away.

Here is what I found about RFID theft:

http://en.wikipedia.org/wiki/Wireless_identity_theft

I am not sure how this theft can be defeated by upgrading technology.

thepenguin

#16
Aug 03, 2013, 04:25 am Last Edit: Aug 03, 2013, 05:36 am by thepenguin Reason: 1

Here is what I found about RFID theft:
http://en.wikipedia.org/wiki/Wireless_identity_theft
I am not sure how this theft can be defeated by upgrading technology.

I have a bit of a background in cryptography, and I remember reading about a secure ID scheme (eID) that was used in Belgium that made use of digital signatures as well as microprocessors on the ID cards themselves that ran advanced cryptographic algorithms.  It isn't exactly a perfect scheme, but it at least makes it significantly more complex for crooks to exploit.
The Three Laws of Thermodynamics:
1. You can never get ahead, you can only break even.
2. You will only break even at absolute zero.
3. You

Jantje

If you can add gps info to the message the car knows you are not close.
Best regards
Jantje
Do not PM me a question unless you are prepared to pay for consultancy.
Nederlandse sectie - http://arduino.cc/forum/index.php/board,77.0.html -

liudr


If you can add gps info to the message the car knows you are not close.
Best regards
Jantje


That will only work in open parking lots. If you are in underground parking garage you can't get any GPS reception.

Jantje



If you can add gps info to the message the car knows you are not close.
Best regards
Jantje


That will only work in open parking lots. If you are in underground parking garage you can't get any GPS reception.

True; but you could get a far better security when both the car and the key use the "current gps location and if no current; last know gps location"
Secondly Indoors positioning systems are in the progress of becoming reality.
So no silver bullet but a major increase in security. However adding gps to a rfid key is not gonna be easy with current technology ;-)
Best regards
Jantje
Do not PM me a question unless you are prepared to pay for consultancy.
Nederlandse sectie - http://arduino.cc/forum/index.php/board,77.0.html -

Nick Gammon

Now I have one from the Santander Bank which I have never heard of, let alone have an account with.

Quote

Santander Bank is sending you this e-mail to inform you that our
service to you could be suspended.
Please post technical questions on the forum, not by personal message. Thanks!

More info:
http://www.gammon.com.au/electronics

Jantje


Now I have one from the Santander Bank which I have never heard of, let alone have an account with.

Quote

Santander Bank is sending you this e-mail to inform you that our
service to you could be suspended.


You must be listed somewhere as a rich guy  ]:D
Best regards
Jantje
Do not PM me a question unless you are prepared to pay for consultancy.
Nederlandse sectie - http://arduino.cc/forum/index.php/board,77.0.html -

radman

Contact-less  passports seem to be the first foray into this area. Why anybody thought this was a good idea beats me. Anyway it is correct that the range was "supposed" to be limited. In other words the passport had to be in close proximity to the reader. However if my memory is correct a number of university papers were then published which extended this range to tens of meters and proposed "man-in-the-middle" attacks that could get somebody through a border check using the passport of somebody else in the queue. In other words without the need to break encryption.

The banks now seem to be going down the route of contact-less cards. Did you ask for this? Does it provide you with any advantages?

Simultaneously they are also pushing to have security breaches pushed back onto the card holder. They also do not provide an indication on statements that transactions have occurred wirelessly nor do they allow card holders to block their cards being used wirelessly. Given that banks lose billions annually to fraudulent use of the relatively secure chip and pin system I can fully understand why they would rather push very strongly (and put a lot of money behind) getting us poor prols to pay.

Nick Gammon

Got another message, sounds bad:

Quote

Dear Yahoo User,

This notice is to inform you that we are embarking on an end of the month emergency server transplant and we insist that all user re-verify there username and password to avoid account termination.

For security reasons We advice you should download the attached form to re-verify.


"Server transplant? Sounds pretty painful. I hope it recovers.
Please post technical questions on the forum, not by personal message. Thanks!

More info:
http://www.gammon.com.au/electronics

Coding Badly

I find it funnier to get phishing e-mails for banks I don't even have accounts with 8)


Got one of those today.  Apparently I'm overdue.

Nick Gammon

In the one above I see at least three spelling mistakes: "transplant", "there", "advice".

Of course, they pass a spell-check, but are wrong in the context.

Plus, I'm not a Yahoo User.
Please post technical questions on the forum, not by personal message. Thanks!

More info:
http://www.gammon.com.au/electronics

Nick Gammon

Got another one today:

Quote

And if  you want to unsubscribe email notification about new vocations let me know and I will delete your email from a Mailing list.


Notice he says he will delete my email from a waiting list, not this particular one.

Apparently this particular job offer is something to do with trails:

Quote

During trail-period you will be informed about main vacancy you will pick and your salary will be $1500 USD per every 2 week of trail-term.


Please post technical questions on the forum, not by personal message. Thanks!

More info:
http://www.gammon.com.au/electronics

Jantje


Notice he says he will delete my email from a waiting list, not this particular one.

I wonder. If you stay on the waiting list ..... you will never get spam? But this can't be true as you already got spam.
So what is this waiting list for?  ]:D
Best regards
Jantje
Do not PM me a question unless you are prepared to pay for consultancy.
Nederlandse sectie - http://arduino.cc/forum/index.php/board,77.0.html -

Nick Gammon

I misquoted. It is a mailing list, not a waiting list. But yes, we all know that if you reply you have just confirmed that the email address is valid, something they may not have known before.
Please post technical questions on the forum, not by personal message. Thanks!

More info:
http://www.gammon.com.au/electronics

Nick Gammon

This one doesn't have a good start:

Quote

Goog news for you and your health!
Please post technical questions on the forum, not by personal message. Thanks!

More info:
http://www.gammon.com.au/electronics

Go Up