PIN numbers warning!
Discussion
I remember doing this in the PS2 game Tom Clancy's Splinter Cell. That was a brilliant game.
Back on topic. I'm pretty sure the actual chances of this happening to you are pretty slim. A similar issue was raised with the Touch ID on the iPhone 5S where someone (with very expensive equipment) could lift the fingerprint and replicate it as the phone couldn't determine if the skin was 'alive' or not. Did that hack actually happen in the real world? No.
Back on topic. I'm pretty sure the actual chances of this happening to you are pretty slim. A similar issue was raised with the Touch ID on the iPhone 5S where someone (with very expensive equipment) could lift the fingerprint and replicate it as the phone couldn't determine if the skin was 'alive' or not. Did that hack actually happen in the real world? No.
Also worth mentioning the 'covert thief' would then have to resort to robbery/petty theft to physically obtain the person's card. Most thieves who hack cash machines etc... only do so because there is no confrontation element. The card strip + PIN combo is all they need to replicate the card. If you only have the pin it's pretty useless without the actual card data it is tied to.
Edited by Swanny87 on Tuesday 21st October 14:01
Swanny87 said:
Also worth mentioning the 'covert thief' would then have to resort to robbery to physically obtain the person's card. Most thieves who hack cash machines etc... only do so because there is no confrontation element. The card strip + PIN combo is all they need to replicate the card. If you only have the pin it's pretty useless without the actual card data it is tied to.
They are less likely to rob someones bank card in a busy shopping centre as well. And by the time they've worked out the combo from the heat signature the person with the card could be long gone. They would also have to know which bank card the PIN was tied to but I guess they could use trial and error on that front. However, on that front the person who's just had their card stolen has already cancelled it with the bank whilst the thief: works pin out, works out which card (possibly), goes to use card.Swanny87 said:
They are less likely to rob someones bank card in a busy shopping centre as well. And by the time they've worked out the combo from the heat signature the person with the card could be long gone. They would also have to know which bank card the PIN was tied to but I guess they could use trial and error on that front. However, on that front the person who's just had their card stolen has already cancelled it with the bank whilst the thief: works pin out, works out which card (possibly), goes to use card.
Are you really that naive? If I were a crook (which I'm not!) I'd have an accomplice waiting near the tills just waiting for that moment the shopper is packing their new dress/shirt/etc into the bag, and putting away their wallet/purse all the time pre-occupied thinking about how they'll look in it tonight to notice a bump into someone and the purse/wallet gone.We don't all live in rural England in utopia lol (not saying you do I've not looked)
Edited by audi321 on Tuesday 21st October 14:07
audi321 said:
Are you really that naive? If I were a crook (which I'm not!) I'd have a partner waiting near the tills just waiting for that moment the shopper is packing their new dress/shirt/etc into the bag, and putting away their wallet/purse all the time pre-occupied thinking about how they'll look in it tonight to notice a bump into someone and the purse/wallet gone.
We don't all live in rural England in utopia lol (not saying you do!)
Cheers... No, I'm not naive, and I actually live in London . The jist of what I was saying is that this technique will not be preffered to card skimming as there is an extra element of risk. Why would a thief make life harder for themselves? I really do not see this kind of attack being a problem.We don't all live in rural England in utopia lol (not saying you do!)
Yes a thief might be st hot at pick pocketing but there is still a risk of being caught. I also bet that someone going from shop to shop would notice their wallet has gone and will have phoned the bank before the thief has time to do anything anyway. To be fair to you, the person finishing their shop and going to the car might be unlucky.
Edited by Swanny87 on Tuesday 21st October 14:18
Easiest to just rest your fingers on another set of numbers after typing, plus you should always cover your PIN typing with your other hand. That habit also prevents ATM skimmers and shoulder surfers from getting your PIN.
There's absolutely no harm in being aware of the possible attack vectors, especially if the defence against them is trivial to implement. We would like to live in an ideal world, but given that we do not, it's appropriate to behave in a different way.
There are other attack vectors on your cards that are much harder to defend against - one example is the RFID capability of the new cards, and the only effective defence is to not have it on the card. I work in computer and network security at an engineering level, and I can say that the RFID component of bank cards is not secure, and none of my cards have it present. One of my academic friends is putting together a proof of concept to bypass the "security" that the card companies says is present, and it's been really interesting to see someone's card get debited when they are miles away...
There's absolutely no harm in being aware of the possible attack vectors, especially if the defence against them is trivial to implement. We would like to live in an ideal world, but given that we do not, it's appropriate to behave in a different way.
There are other attack vectors on your cards that are much harder to defend against - one example is the RFID capability of the new cards, and the only effective defence is to not have it on the card. I work in computer and network security at an engineering level, and I can say that the RFID component of bank cards is not secure, and none of my cards have it present. One of my academic friends is putting together a proof of concept to bypass the "security" that the card companies says is present, and it's been really interesting to see someone's card get debited when they are miles away...
I imagine that phone manufacturers and accessory manufacturers would regulate the distribution of this type of hardware if this became a problem. I mean it's apple for fks sake you can't even use a normal USB cable that you bought from ebay for 2 quid.
Also thermal imaging equipment is an area where I imagine it would be pretty damn hard to come up with a 'home brew' solution. Unlike the card skimmers that are being installed in cash machines that are soldered together with bits from 'Bob's Electricals' down the road...
Also thermal imaging equipment is an area where I imagine it would be pretty damn hard to come up with a 'home brew' solution. Unlike the card skimmers that are being installed in cash machines that are soldered together with bits from 'Bob's Electricals' down the road...
Edited by Swanny87 on Tuesday 21st October 14:19
audi321 said:
I think the most important point here is that with every other scam/theft/fraud/etc the Bank will give you the money back normally. With this, it's your PIN that's been used and trying to get the money back from the Banks will prove virtually impossible!
The pin being used is largely irrelevant, your card being stolen is the more important facet when dealing with the bank.audi321 said:
I think the most important point here is that with every other scam/theft/fraud/etc the Bank will give you the money back normally. With this, it's your PIN that's been used and trying to get the money back from the Banks will prove virtually impossible!
Your PIN is used on a replicated card if it's been skimmed yet you can get your money back...The bank system doesn't know if it's the original card or not.
Swanny87 said:
Also thermal imaging equipment is an area where I imagine it would be pretty damn hard to come up with a 'home brew' solution unlike the card skimmers that are being installed in cash machines that are soldered together with bits from 'Bob's Electricals' down the road...
They're readily available from the Apple store here and you're good to go, and of course there's an 'app for that'audi321 said:
They're readily available from the Apple store here and you're good to go
Yeah but how much longer once Apple realise that they could be used for this kind of attack. I know I might come across a bit naive but it's the same kind of guff that the Daily Express etc... pump out and has us all wearing tin foil hats over things that are unlikely to happen for fks sake (not directed at you OP just expressing my general annoyance at fear mongering used by the press)...No thief with a brain would spend an upfront $350 on an iPhone accessory (plus possibly an iPhone itself) to use on a fraud scheme that has so much risk associated with it they may never see their upfront capital back.
Edited by Swanny87 on Tuesday 21st October 14:35
Edited by Swanny87 on Tuesday 21st October 14:38
Gassing Station | The Lounge | Top of Page | What's New | My Stuff