Posts Tagged ‘personal data’

In early November 2011, BBC News services reported that malware attacks on UK Android Apps, and smartphone fraud in general had risen by a staggering 800% since this time last year!!!!  Today we learn from The Telegraph newspaper that,

“…the majority of Britons are scared of ‘wave and pay’, [and with] only a small minority of people keen to use their mobiles like wallets. [Many] fear that ‘wave and pay’ apps will lead to greater security breaches”. 

Emma Barnett, Digital Media Editor for the Telegraph elaborated stating,

“…[the] Intersperience study, which polled 1,000 people as part of a larger project entitled ‘Digital Selves’, found that phone hacking fears are dominating consumers’ security concerns when thinking about adopting new mobile wallet payment systems.”

A spokesperson for Paypal recently intimated that mass adoption of contactless payments for products using mobile phones, or smart credit cards is at least three years away.  This is perhaps not surprising given that very few UK retailers offer this type of payment option to their customers.

Meanwhile, UK company RFID Protect has announced its intentions to offer a solution for smartphone users wary of this technology.  It comes in the shape of a simple App that will be launched mid 2012, and made available to download from www.rfidprotect.co.uk

So before too long, iPhone and Android users will have the option to disable their NFC (Near Field Communication) feature and in the words of a RFID Protect spokesperson, “MAKE YOURSELF INVISIBLE’ to would be phone hackers, e-pickpockets and e-payment skimmers.  Apparently, there’s a timer function too – so users get to determine the amount of time their phone can be read by third parties.

Read the full Telegraph article at:

http://www.telegraph.co.uk/technology/news/8825183/Majority-of-Britons-are-scared-of-wave-and-pay.html

First published on the: 14 October 2011

Advertisements
US Department of Defense orders RFID shields

US Department of Defense orders RFID shields

It can now be reasonably argued that November 2010 will mark a significant turning point in the debate surrounding RFID or ‘contactless’ credit, debit, passport and door-access security.  For on Wednesday 29 November, 2010  Secure ID News reported the following news,

“…2.5 million radio frequency shielding sleeves (were delivered) to the Department of Defense to protect the contactless Common Access Card (CAC) from data interception. The FIPS 201-approved, shielding sleeves are distributed via RAPIDS ID offices worldwide with the issuance of new CACs.”

Furthermore, the online journal then went on to state,

“…an option to purchase an additional 1,675,000 sleeves was exercised by the Defense Department for final delivery in January 2011. This order will bring the total number of our sleeves 4.2 million. In September, an order for 200,000 rigid, RF shielding, non-metallic badge holders (was also placed).”

Of course, whilst unauthorised data interception from RFID enabled device is not commonplace – this development would strongly suggest that the potential threat of ‘skimming’ is real and growing by the day.

Original source: http://www.secureidnews.com/2010/11/29/defense-department-order-rf-shields-from-national-laminating

'Chip and Pin' banking is flawed - pure gold!On Tuesday 28 December, 2010 the Independent Newspaper ran an eye-opening story concerning certain inherent weaknesses with UK ‘chip and pin’ banking.  Their news item by Richard Garner, Education Editor proved so sensational that shock waves are still being felt across the industry even today!

Far from offering customers added security, it now transpires that ‘chip and pin’ may have been launched despite serious flaws with this system of making electronic payments.  Whilst this development does not concern RFID / ‘contactless’ technology as such, nonetheless  some readers may choose to draw parallels with the banking sectors’ insistence (at the time) that their new technology was 100% foolproof.

Here’s what happened – as far as we’re aware…

In short, the UK Cards Association (representing all major credit, debit and charge card issuers in Britain) discovered that a Cambridge University PhD student named Omar Choudary had published a remarkable thesis online.  His student text identified vulnerabilities with the UK ‘chip-and-pin’ system, weaknesses that can be easily exploited by fraudsters.

Needless to say, the UK Cards Association approached Cambridge University asking it to remove hyper-links to Choudary’s thesis and take action to remove this work from the public domain.  However, the University delivered a swift rebuttal; accusing the banksters representative body of “bullying” and “censorship”.

The UK Cards Association Chair, Melanie Johnson insisted that Choudary’s  PhD thesis , “…over steps the boundaries of what constitutes reasonable disclosure by giving too much detail on how the chip-and-pin system could be breached.”

Although a University spokesperson responded saying, “…you seem to think that we might censor a student’s thesis – which is lawful and already in the public domain – simply because a powerful interest group finds it inconvenient”.

The University denies that the student thesis encourages fraud by,  “…giving details of a blueprint for a device which is alleged to exploit a loophole in the security of chip-and-pin technology.”

The rebuttal concluded with the following statement,  “…you complain that the work may undermine public confidence in the payments system.  What will support confidence in the payments system is evidence that the banks are frank and honest in admitting weaknesses when they are exposed and diligent in affecting the necessary remedies.”

So to conclude, it could be reasonably argued that the banking community will spin this story to their advantage; perhaps even suggesting that in switching from ‘chip and pin’ to  ‘contactless’ payments systems this particular security problem will be overcome.   Overcome that is until news reaches UK shores of how RFID skimming is now a major issue for American credit card users.

Learn how to prevent credit card, e-passport and access pass ”skimming’ at:

http:www.rfidprotect.co.uk

Richard Garners’ full expose can be found at:

http://www.independent.co.uk/news/education/education-news/

And the full response from Cambridge University can be read here:

http://www.cl.cam.ac.uk/~rja14/Papers/

On Tuesday 28 December, 2010 the Independent Newspaper ran an eye-opening story concerning certain inherent weaknesses with ‘chip and pin’ banking.

This news item by Richard Garner, Education Editor proved so sensational that shock waves are still being felt across the industry even today. Far from offering customers added security, it now transpires that ‘chip and pin’ may have been launched despite serious flaws with this system of making electronic payments. Whilst this development does not concern RFID / ‘contactless’ technology some readers may chose to draw parallels with the banking sectors insistence that their new technology is 100% foolproof – until there’s a problem, and then the default reaction is to try and silence any dissenting voices.

Here’s what happened – as far as we’re aware.

In short, the UK Cards Association(representing all major credit, debit and charge card issuers in Britain) discovered that Cambridge University PHD student Omar Choudary had published a remarkable thesis online. His student text identifies vulnerabilities with the ‘chip-and-pin’ system that can be easily exploited by fraudsters.

Needless to say, the UK Cards Association approached Cambridge university asking it to remove hyper-links to Choudary’s thesis. However, the University delivered a swift rebuttal; accusing the ‘banksters’ representative of bullying and censorship.

The UK Cards Association Chair, Melanie Johnson insisted that Choudary’s PHD thesis , “..oversteps the boundaries of what constitutes reasonable disclosure by giving too much detail on how the chip-and-pin system could be breached.”

Although a University spokesperson responded saying, “…you seem to think that we might censor a student’s thesis – which is lawful and already in the public domain – simply because a powerful interest group finds it inconvenient,”

The University denies that the student thesis encourages fraud by, “…giving details of a blueprint for a device which is alleged to exploit a loophole in the security of chip-and-pin technology.”

The rebuttal concluded with the following statement, “You complain that the work may undermine public confidence in the payments system. What will support confidence in the payments system is evidence that the banks are frank and honest in admitting weaknesses when they are exposed, and diligent in affecting the necessary remedies.”

Richard Garner’s full expose can be found at:

http://www.independent.co.uk/news/education/education-news/banks-attempt-to-suppress-maths-students-expos233-of-chip-and-pin-2170396.html

Today the BBC broke news of a staggering development in the world of smart phone / contactless technology.  In short, unscrupulous hackers and the criminal fraternity have managed to exploit a weakness in the means by which Apple’s i-Phone, Blackberry, and Android handsets connect with wi-fi or ‘open networks’.  The end result is that these particular devices may broadcast personal data, often in the course of normal social media interactions using i.e. Facebook and Twitter, which can be viewed by a third parties.  Scary stuff indeed!  This is what a BBC spokesperson had to say on the issue:

“The main lesson must be how insecure you can be if you sit in a public place and go online using an open network. I’d heard about Firesheep, a tool demonstrated recently as a warning of the dangers of open networks and unencrypted cookies. But sitting and watching as your entire life – or rather your social-networking life – is laid bare is very sobering.”

Rory Cellan-Jones, BBC Correspondent

Read the full article at:

http://www.bbc.co.uk/blogs/thereporters/rorycellanjones/2010/11/iphone_cracking_wifi.html

First published at BBC Online: 08:40 UK time, Tuesday, 23 November 2010

UPDATE:  (November 07, 2011) BBC News reports that malware attacks on UK andriod APPs, and smartphone fraud in general is up a staggering 800% since this time last year!!!!  The shape of things to come – who knows, perhaps?