4/29/2024 0 Comments Fuze card alternatives![]() ![]() Wouldn’t be too hard to teach the public, if anyone wanted to. The basics are just a few simple principles. We’re going to need information security awareness ever more in the future. ![]() People are encouraged to buy and use all this high-tech stuff, but often aren’t even aware information security is even a thing. Hopefully this story might make the public a bit more skeptical about technology. Why does it need commands to spit the card details back out? Why would any crazy bastard make a wireless credit card? What problem is it supposed to solve? If it did solve a problem, it’d have to be a hell of a benefit to compensate for the risks just in principle, never mind the ones found here. This, though, seems based around “Nah, who’d ever try hacking a credit card?”. This was built into the design, designed so that EVEN IF the security fails, there’s a limit to the damage. There’s a limit to how much you can store on the card at once, so even if someone steals that, assuming a leak, they don’t get the heart of the card, your account details. I believe the NFC cards transmit actual money, or at least encrypted tokens that are interchangable with money. And the idea that any credit card should ever transmit it’s details is insane. At least, the right amount of simplicity, but ideally, as much as possible.īluetooth is already wobbly and badly-implemented in practice. Simplicity is an important part of security. Posted in Security Hacks, Wearable Hacks Tagged ble, bluetooth, reverse engineer, security Post navigationĮven IF this didn’t have great big gaps, we really don’t want people trusting Bluetooth credit cards, or Bluetooth money-anything. At this point, it might be wise to just stay away from anything with that little blue logo on it if you intend to trust it with your identity and/or deadly weapon. ![]() Incidentally, this is very similar to the Bluetooth gun “safe” that was cracked not so long ago. We especially liked his assertion that reverse engineering a device essentially boils down to: “staring, thinking, a little experimentation, but mostly staring and thinking.” We’re having an internal debate here at Hackaday HQ about making that the site’s tagline. It makes the (very dangerous) assumption that the person holding it is entitled to do so.Įven if you know better than to ever buy a device like this, the post has written up is really a must-read for anyone who’s ever looked at a device and tried to figure out what was going on in its little silicon brain. The inherent failure in the FUZE design is that you don’t need to provide any sort of authentication to pair it to a new Bluetooth device. The attacker can also send commands to dump credit card info over Bluetooth, meaning they could download your information even when the card is “safely” back in your pocket. Once paired, the attacker can simply send a BLE command to FUZE which disables the lock screen. Pairing FUZE to the Linux device to continue to the next step of the attack only takes a few seconds, as demonstrated in the video after the break. It isn’t as if it would be hard to get a hold of one of these FUZE cards for a minute or two without the owner becoming suspicious. But as pointed out by in the blog post, handing your card over to a merchant is standard operating procedure in many cases. ![]() To be clear, the attacker must still pair with FUZE, so physical access is required. From using an x-ray machine to do non-destructive reconnaissance on the device’s internals to methodically discovering all the commands it responds to over Bluetooth, it’s safe to say the FUZE Card is cracked wide open at this point. of ICE9 Consulting has recently published an article detailing the work done to examine and ultimately defeat the security on the FUZE Card. Oh, what’s that? You knew already? Well in that case you won’t find the following information terribly shocking, but it’s still a fascinating look at how security researchers systematically break down a device in an effort to find the chinks in its armor. You might be surprised to find out that it’s actually not a good idea to put all of your credit card information on a little Bluetooth enabled device in your pocket. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |