Skip to content

Commit

Permalink
site update
Browse files Browse the repository at this point in the history
Flareonz44 committed Mar 7, 2024
1 parent 420c538 commit d1d5813
Showing 3 changed files with 44 additions and 0 deletions.
44 changes: 44 additions & 0 deletions _posts/blog/2024-3-7-credit-card-cloners.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
---
layout: post
title: "Credit Card Cloners [with NFC]"
author: Flareonz44
tags: [cybersec, electronics]
metadesc: "Another way your credit card could be cloned by criminals"
---
![Cards](/images/2024-3-7-credit-card-cloners/banner.webp)

***All content shown in this post is exclusively for educational purposes. I'm not responsible for the use you make of the information shown here.***

Today I went to the local vegetable market to buy some tomatoes and onions for a salad. Everything was going as usual until the guy (who I'm pretty sure is the owner of the store) told me the POS system was not working. I was about to say something, but he beat me to it, saying that he would use his phone to process the payment. I said 'ok' because I was curious about what he would do next.
He grabbed my card and held it close to his phone (at this point, I figure out he was using NFC). He input the amount and proceeded. Just for security reasons, he showed me the successful payment screen and then I left with my tomatoes.

## The Attack

Don't panic! Nothing bad has happened (at least as of now), but as an ethical hacker, I always have to consider all possible scenarios, and I just imagined that this man could have installed an app for NFC data dumping or something similar. If that's the case, I'm in trouble (along with all his other customers).
It's a perfect crime because if the dumping app is silent enough, it could run as a quiet background service, and no one will notice it. There's no point in quickly checking for open apps or notification logs, especially when you're just paying for your vegetables. You're also unlikely to take the time to scan the entire phone's storage for the dump file.
He could then sell that card information, and things could easily get out of control.

## Prevention


In IT, when we talk about dealing with vulnerabilities, we tend to divide solutions into two groups:

- patches
- workarounds

The first ones are basically software updates that make the system no longer vulnerable to that attack, and the second one is a quick solution to the problem, an alternative to being vulnerable until the patch is implemented.
In our case, there's no patch, no solution to this, because it's practically impossible to detect it. Therefore, I'll give you two workarounds:

- Never give your credit card information and AVOID using this payment solution.

- If the POS system is not working, ask if you could transfer money or pay via QR code.

## Conclusion

As of today, there's no other way to prevent this particular case, so it's better to keep the workaround in mind. Despite NFC being a fascinating technology, we must be aware of these kinds of attacks, as they directly affect us, so

Moral?

![trust no one!](/images/2024-3-7-credit-card-cloners/moral.webp)

Cheers!
Binary file added images/2024-3-7-credit-card-cloners/banner.webp
Binary file not shown.
Binary file added images/2024-3-7-credit-card-cloners/moral.webp
Binary file not shown.

0 comments on commit d1d5813

Please sign in to comment.