The end of a slinky seems, just like the coyote of the roadrunner cartoon, only to fall when it finally ‘knows’ it is no longer held.
I keep seeing these “RFID blockers”.
RFID blockers improve your security only a bit as contactless skimming is a high-risk/low-reward attack for the attacker: Contactless credit cards and electronic IDs reading distance is max ±25cm so about ±10 inches in lab conditions with 500+Watt amplifiers (this is the kind of power that causes sparks to fly!).
If you can get reading distance up to half that reliably in real world situations,
you we can make a lot of money selling your skills in the reader market.
For this attack to work, someone needs to be basically rubbing up to you to talk to your card.
In the case of electronic IDs (eIDs) like passports, driver’s licenses, ID cards, that follow international ICAO norms (i.e. any European one, Americans only since a few years), that still doesn’t get the attacker anything: to talk to the chip requires some information from the front side of the card: the 3-4 lines of computer-readable text at the bottom of your passport. (In case you want to know, this is called the Machine Readable Zone (MRZ)).
Basically: you need to optically read the eID before you can electronically read it, i.e. you are already handing it over to them (ID checks at airports, rentals, hotels).
In the case of contactless credit cards, the story is a bit more complex, as it depends on what your issuing bank has configured the card for (they have a dozen or so parameters they can choose).
In general, transactions up to $25-ish to an overal total of $150-ish don’t require a PIN (for the tap-and-go payment of coffees).
As the electronic transactions with these credit cards are one-time and only-with-that-shop, a pair of attackers would need to pull of the following to pay with your card, in what I call a “contactless extension cord” attack or is often called “virtual pickpocketing”:
- Attacker A dry-humps you to get his card reader within those ±5 inches of your card, and
- Attacker B, at that exact same time, is physically at a shop with a card emulator, and about to pay to max that limit that we are talking about (i.e. max 5x$25-ish product).
This exposes both Attacker A and B to being physically caught, for $25-150 of stuff that still needs to be fenced at a much lower return value.
There are lower-risk and higher-reward kind of attacks you can do as a criminal :-).
That said, if you want to get protection, consider adding a layer of aluminum foil in your existing wallet (reduces the read distance to 1-2 inches) or combine with the practicality of a compact wallet like Secrid.
With kind regards,
Let it be known, that I am of the firm opinion that the only real celebration of the
mind expanding properties of psychedelic mushrooms saint that rewards the good and punishes the bad, is the Dutch Sinterklaas, not this imposter Santa Clause.
As one of my math professors convincingly argued in a time I was still quite impressionable:
- 17+ Million clear headed Dutchies can not be wrong. All those cola-advertising-indoctrinated ones can.
- Sinterklaas is on December 5th, Santa Clause is December 25th. Clearly the first is the first.
- If that is not convincing, Sinterklaas existed before the American culture that promotes Santa Clause existed. Again, the first is clearly the first, is clearly the correct one
- The elder Sinterklaas spends his off-time in a warm climate (Spain). The elder Santa Clause goes and hides on the North pole icecap. If you could fly anywhere anytime at several times faster than the speed of sound (to deliver all the packages), without breaking the sound barrier, and you were an older gentleman, where would you go?
I do like this company’s consciously over the top branding. I’ve heard from a reliable source that they are on purpose stereotyping themselves. Love it, some nice conscious spiral dynamics blue “we vets!” to have orange financial result, for once not pampering to the childish version of green that is going around now.
Sunny day + break + Chronos 1.4 high speed camera + sprinkler = pretty informative recording.
With thanks to Big Clive for the inspiration.
Something that has me proud as I have some background and connections in the domain, and happy because I just love Japan:
It is now possible to use any iPhone 7 or higher for most of the public transport in Japan (this is called “Suica”, a FeliCa technology solution). If you are travelling in Tokyo, this is great!
Transfer to iPhone
If you already have a Suica card, you can transfer the balance (including deposit!) to your iPhone 7 or higher. Apple has a walkthrough that is easy to follow (only attention point is that you have to change the region to Japan under General -> Language & Region -> Region).
Simply put, set your region to Japan and add a Suica card to your wallet.
Use is easy
Use is easy: just hold your iPhone on the turnstile readers. With the excellent reader technology and powered iPhone, reading distance and speed is really good. Your phone will vibrate and you are done.
The No more ransom! site at https://www.nomoreransom.org/ provides a repository of ransomware decryption software. This is a great resource maintained by Europol, the Dutch Police, Kaspersky and McAfee.