Little Brother

[BigBear]

This was an amazing book! I was wondering about the arphid cloners, if you can get one can't you copy it to a blank card then use it.

So if it was a credit card then you could use it like it is your own?

[Tony]

If you have physical access to a credit card to clone, just write down the number and use it for online purchases. No cloning required

[Dan]

This is why in part, they are making the move to chip based credit and debit cards. With my bank (RBC) they are slowly replacing them as they expire with cards with both a strip and a chip.

The idea is there will be a transition period where there are both strips and chips as marchents make the change in there debit and credit card mashens (acuataly alot of the debit and credit card mashen allready support the chips, you will notice that they have a slot to slide a card in on the bottom). Once every one has moved over they are going to phase out the strip.

However if you hand a totaly blank white card with just a strip you are going to get some odd looks and questions from cashsers if you use it in real life. When i first got my bank account i had a tempary paper debit card with my name writen on it and a magenit strip, that got alot of odd looks but most places where ok with it becues it needed a pin.

[BigBear]

Tony @ Sat Apr 11, 2009 12:11 am wrote:

If you have physical access to a credit card to clone, just write down the number and use it for online purchases. No cloning required

but you don't need physical access with arphids right?

[Dan]

I (and i think tony) thought you where talking about credit card strip readers. It seems arphids are rfid.

Very few credit cards use rfid right now (tho there are some master card swipe pass ones) but the ones that do use encryption on them so they can't be cloned that easy. Also you would have to be prity close to read it.

The old style or unecrypted rfid tags can be cloned easly but they should not be used for security.


Edit: They also sell walets that block radio waves so if you had a credit card with an rfid tag in it and where paranoid you could buy such a wallet and block any reading of the card when not in use.

[BigBear]

But in the book weren't they travelling as other people essentially?

Eouldn't that mean they were charging their accounts for the BART?

[Dan]

I have the book but have not read it yet, i am talking about how things work in real life.

I assume in the book there is some kind of RFID tracking system for peoleop? If thats the case and they where travling as other peoleop then they would have had to clone there RFID tags some how (or steal them). If they don't have encryption this would be easy but it would mean there would be colficing records of where that person is (as there is the real and cloned RFID tag).

If some one was crazy enought to use unecrypted RFIDs for baking, credit cards or other types of accounts, then it would be an easy matter to clone it with out nessarly coming in to pysical contatct with the card. Then they could use the fake card to charge anything they like.

However in real life we have techngoly to ecrypte RFID cards to pervent cloning and it is common to use at least two factor secruty. Meaning you need the card and a pin or password of some kind. (Credit cards are slowly being moved over to having pins like debit cards).

[md]

Dan, the transponders for cars and things like subway passes tend to use very weak proprietary encryption. They have all been broken and are infact little better then plaintext. For banking and tags for paying for gas they do use newer encryption but it is still not really all that strong, nor is is a public standard (because security through obscurity is something that apparently people think works).

In many cases though the security fear isn't from being able to tell what the tag is sending, but simply being able to identify the tag. And since only the most expensive ones are actually capable of two way communication (and those ones have betteries) it's actually very easy to track RFIDs. Heck, set up a scanner near a doorway to a building and you could scan credit cards (the new ones supposedly have RFID chips in htem too - I haven't seen anything diffinitive), drivers licences (the new "secure" ones), passports, customer appreciation cards, etc. And since you can mostly tell how close they are you can tie all the information to one person quite easily. It *has* been done by security researchers; and for the most part people simply don't understand or care enough to do anything about it.

Also, all new cars in Canada are required to have tire pressure sensors (very neat actually). These sensors are actually very similar to RFIDs and can be very easily tracked. So if you have a new car, you can be tracked around a city surprisingly easily just by reading the IDs on your tires remotely.

[apomb]

fair enough, but is anyone THAT interested in what every person with monitored tire pressure is doing at any givrn moment?

or is it the fact that IF you were to do something worth being tracked over, never own a car that can potentially be tracked?

[md]

it's easy to blanket an area with receivers and track everyone. Storage is cheap, and the powers that be are stupid enough to think that they can datamine it to find something useful. In reality all it does is allow the privacy and rights of individuals to be abused.

Oh, and you cna easily clone an RFID without being near by - they are wireless after all

[BigBear]

Well for things that still need a PIN like a bank card I find them pointless, how long does it take to swipe a card?