madvideos Posted July 24, 2019 Posted July 24, 2019 So today I logged in to my banking app, BOA, and a window opens and tells me they have a new feature that can detect if my card is on me. Sirens went off, how is my phone able to know that the smart chip is there and that it belongs to me. There is obviously traffic of some sort and to me it seems it goes both ways. Anyone got any insight to share on this? I suppose I could run wireshark as I walk away from my wallet, maybe a later project. I know wireshark can read data going to google as to where exactly where I have been all damn day.
INFOTRACE Posted August 16, 2019 Posted August 16, 2019 On 7/24/2019 at 4:10 AM, madvideos said: So today I logged in to my banking app, BOA, and a window opens and tells me they have a new feature that can detect if my card is on me. Sirens went off, how is my phone able to know that the smart chip is there and that it belongs to me. There is obviously traffic of some sort and to me it seems it goes both ways. Anyone got any insight to share on this? I suppose I could run wireshark as I walk away from my wallet, maybe a later project. I know wireshark can read data going to google as to where exactly where I have been all damn day. Hi buddy, Great set of questions........who watches the watchmen springs to mind.......Personally, and without going into too much detail, I think you should use an RFID secure wallet for your cards and possibly the card sleeves option as well (known colloquially as the belt and braces system). Yes your phone app is reading your card data and no doubt used by the provider to then target you with tempting offers. It is all part of the cyber marketing exploitation targeting potential customers process. Totally legal as you do not own the cards (the provider does) and the terms and conditions that you read (yeah right, we all do that) will have buried in there somewhere that they can do this. It is obviously something that you need (the card), so I would choose to either keep the card in a safe place (at home) or ditch the app, as you can always check your balances etc., at home on your own computer via SSL etc., but these are just my views. I hope this helps in some small way😎
barry99705 Posted August 16, 2019 Posted August 16, 2019 Nope, you have it all wrong. NFC on our phones isn't long range enough to read your cards unless you physically have the card in the same case as the phone. They stop reading about 3 or 4 inches max from the phone. Here's your answer.
Cap_Sig Posted August 20, 2019 Posted August 20, 2019 On 8/16/2019 at 7:48 AM, barry99705 said: Nope, you have it all wrong. NFC on our phones isn't long range enough to read your cards unless you physically have the card in the same case as the phone. They stop reading about 3 or 4 inches max from the phone. Here's your answer. Wonder how this will turn out when someone tries to use GPS spoofing against it?..
barry99705 Posted August 23, 2019 Posted August 23, 2019 On 8/20/2019 at 3:39 PM, trapman16 said: Wonder how this will turn out when someone tries to use GPS spoofing against it?.. They would have to have the app installed on their phone, with your account, not sure how gps spoofing would do anything. I suppose they could jam the gps on your phone, but all that would do is send an alert to you asking if you made a purchase.
Cap_Sig Posted August 23, 2019 Posted August 23, 2019 12 hours ago, barry99705 said: They would have to have the app installed on their phone, with your account, not sure how gps spoofing would do anything. I'm not saying is practical just the concept. Would it not be possible if someone had the CC to use the card at one location while someone spoofed the GPS data to the owners device so once a transaction took place the app would think all is good? (again not practical just a wild possibility I suppose)
INFOTRACE Posted August 24, 2019 Posted August 24, 2019 21 hours ago, Cap_Sig said: I'm not saying is practical just the concept. Would it not be possible if someone had the CC to use the card at one location while someone spoofed the GPS data to the owners device so once a transaction took place the app would think all is good? (again not practical just a wild possibility I suppose) Proof of the pudding shall be in the tasting, although in this case the testing, which I for one would be keen to test.......😎 On 8/23/2019 at 1:37 AM, barry99705 said: They would have to have the app installed on their phone, with your account, not sure how gps spoofing would do anything. I suppose they could jam the gps on your phone, but all that would do is send an alert to you asking if you made a purchase. I think there will be a way to get around this.......I shall probe the possibilities and report my findings.......meanwhile, enjoy this new app......🤓
Recommended Posts
Archived
This topic is now archived and is closed to further replies.