KeriBlog

Cars, Security & a Peek into my Life

Leave NFC turned OFF

NFC – Near Field Communication – passing files between two devices, without touching, using radio frequencies.

That Samsung TV ad, where the friends exchange a music file by passing their phones near one-another, but not touching… that’s NFC.  Or, how you scan your Visa “tap to pay”…, the Visa machine reads an RFID chip (radio frequency identification)…  that’s NFC.

Leave NFC turned OFF to prevent an attack.

Attack example 1: I “bump into you” on the street, you have NFC on, now I have established a connection with your phone, from there it’s dealer’s choice (see also “subway attack“)

Attack example 2 – an NFC reader is hidden beneath a chair cushion. 

The attack:

– target sits on chair
– the credit card in his back pocket is scanned
– attacker now has credit card number & expiry date, and first and last name  (that’s what is edited out below)

The defence:

Leave NFC off, and use a RFID shielding sleeve / wallet for your credit cards.

 

Good to Meet You, SecTor

I’m Keri.

I run this blog, and am a full-time auto journalist with my Sun Media; news, reviews, and a weekly column called, ‘Keri On Driving’, 300 words on whatever I wish.


I’ve combined the worlds a few times, columns that may interest you include:

– Let’s go War Driving – here
– Securing your Car in the City – here
– Computers in Cars – here
– Your Car can be Hacked, but Not Really – here
– Stick Families are a Terrible Idea – here
– and maybe this post – Went Armoured Car Shopping

If we’ve met before, I’ve probably said the same thing that I’ll say again now:

I am way beneath you in skills; a script kiddie at best.

This is likely why you’ve never come across the Security category of my blog; it’s better suited to like, your relatives.

– How to change your Router Password – here
– Don’t Name your Phone your Name – here
– Most Common iPhone Passwords – here
– My blog being spidered looks like this – here
– You’re responsible for Hotspot users – here
– Your screen can be seen 20 feet Away – here

There’s a hole in the internet for end-user security stuff, so that’s the goal here.

Smarten Up, Internet – for the housewives of Iowa

Please don’t hack me. It wouldn’t be much of a challenge even, plus, same team guys.

Look forward to seeing some old faces and meeting new ones, and am always up for car talk (was in Kentucky last week with the new Buick Regal, and… it’s cool,  I know?!; Audi and VW are my benchmarks, because minimal; I own a ’99 Jetta that’s a lunch box, last week got to drive with Ken Block in his Fiesta; and if you’d like to talk about hacking a car, I would too).

Twitter@KeriBlog
FB – ugh, almost never
Email – Keri AT KB dot com

Not that Silk Road, that's Why it's Funny

Because “Silk Road” is a black marketplace – buy items I wouldn’t want to be in Google for, using bitcoin (BTC) currency, and located on the Deep Web.

So ya, they’re not handing out these sticky-note ad specs.

I got this at a conference, and when I explained to the guy why I started laughing when he handed it to me, he was not as amused.

Be careful if you go searching. The above link leads to Wikipedia, and that’s as far as I’ll go; I’d never let this computer touch that place.

Click that ‘deep web‘ link though, that’s neat.

 

This Robot is Brute-Forcing an iPhone

The robot will try all possible 4-digit passwords on an iPhone.

Seen at Black Hat 2013.

Best Use I Can See

It’s not elegant, but it would work. Grab a phone off the street, return to a secure location, put it under the robot, wait.

You’d need a location though, and time. And it’d be a targeted attack; you’d be after the information on the phone, not the phone itself. Otherwise, just wipe it.

Defences

– turn OFF simple passcode. Then you can have a longer passcode, with alphanumeric characters
– turn ON “after 10 failed password attempts this iPhone will wipe itself”
don’t use any of these – Most Common iPhone Passwords
– hang onto your phone tight, but not like this this

Sorry, that’s all I know; saw it en route to the car hacking talk.

So if this robot belongs to you, email me and I’ll link you up, and any explanation you’d like to add.

 

 

Security at the Honda Indy

Two days before the race, Honda invited me on a backstage tour of the event. Like last year, it was awesome.

But unlike last year, this year’s tour included a stop at the security HQ come ON.  I asked so many questions, the tour guide walked away.

View of the Indy from the command centre.

This is what keeps the race going,
because no security, no race.

Imagine securing 25,000 people, many of whom are drinking.  And do it all in a way that’s un-obtrusive, so as to not create panic and alarm.

 

For more auto-oriented stuff from the race, here’s the tag – Honda Indy.

I purposefully waited to blog these photos, lest I accidentally reveal something of value.

Race teams – choose better WiFi network names; security through obscurity.