@dangillmor Serious answer: You call your credit card company and say "please disable tap-to-pay on my credit card". This is a thing they can and will do on request
What’s the threat model for tap-to-pay? Is it all about wirelessness / distance / ability to charge with mere proximity instead of direct physical possession? Or is there something in e.g. the protocol that’s weak?
@inthehands@dangillmor As I have explained, my threat model is "my friend Kristin". The reason I mention Kristin is she has a hobby of building long-range RFID antennas.
Although I suspect an attack would be logistically difficult to pull off because you'd need to attempt payment under the name of some vendor, the PIN space (10,000 keys) is small, and in the USA tap to pay doesn't even use a key.
@mcc@dangillmor
Gotcha. Thanks! And yeah, Kristin sounds fun.
Sounds similar to proximity keys for cars: theoretically a threat, but clearly too tricky to be practical for common cases in real life…until somebody productizes the exploit and sells it in a box, and then all of a sudden mass media is running “don’t leave your keys by the back door” articles.
@inthehands@mcc@dangillmor Plenty of cars stolen without keys round my way (UK) using relay theft, video footage shows certain cars can be nicked in seconds with pretty simple kit. Seemed to take off about four years ago, police started suggesting people store keys in faraday pouch/cage.
@4censord@inthehands@dangillmor if you are thinking about the problem from an attacker perspective rather than a target perspective you can simply limit yourself to robbing ppl with 4 digit pins
@elmyra@mcc@inthehands@dangillmor Unless there are two RF-skimming Kristins: I've only met her a couple times, but I can confirm. (The first time I met Kristin, she was demoing a doorway loop to read cards when people walked through it.)
@mcc@dangillmor they'll do this in the USA? I'm skeptical because American banks won't even let you disable your debit card so it's an ATM-only card like was possible years ago
That means the alternative for the credit card is chip or swipe, and they really really don't want you to swipe (higher fees) but you have to swipe if the chip reader is bugged and you can't tap (happens all the time...)
@mcc I saw a tap-to-pay at the gas station pump the other day and the marketing info on it seemed to give the impression that it was more secure, and while I haven't read up on the protocol, it certainly seems even easier to make skimmer-like approaches.
(Although most of my actual credit card fraud experiences seem to have been likely breaches of retailers/payment processors)
I can conceive of a level 0, "no one can crack it". I can even believe that potentially, Signal (and possibly nothing else?) falls in this category. But it doesn't matter, because what we already see, specifically with the U.S. government, is that "Signal is currently uncrackable" only means "the difficulty of cracking it is so high that instead of bothering, the threat actor cracks something else which has the ability to read the Signal messages, such as the human at the other end"
@mcc Does signal have a secure keyboard? I remember hearing that as long as it's using the system keyboard, you really shouldn't actually trust it if you're concerned.
@htugboat On Android, Signal instructs the system keyboard to run in secure mode. I have verified this works with Swiftkey, with other keyboards I wouldn't know.
@mcc Question if you have the inclination to answer (and no worries if you don’t): how do you determine, for any given computer system, which level on the scale it sits in?
@mcc Thank you! And yeah I’m technical enough to know I need to be concerned about novel (to me) computer systems, but not to the point that I could figure out for myself how secure they might be. It’s mildly anxiety-inducing at times.
@pmonks At one time my advice would have been "follow these three specific reliable people on Twitter and take what they say seriously". Unfortunately, as you know,
Add comment