Leave NFC turned OFF

NFC – Near Field Communication – passing files between two devices, without touching, using radio frequencies.

That Samsung TV ad, where the friends exchange a music file by passing their phones near one-another, but not touching… that’s NFC.  Or, how you scan your Visa “tap to pay”…, the Visa machine reads an RFID chip (radio frequency identification)…  that’s NFC.

Leave NFC turned OFF to prevent an attack.

Attack example 1: I “bump into you” on the street, you have NFC on, now I have established a connection with your phone, from there it’s dealer’s choice (see also “subway attack“)

Attack example 2 – an NFC reader is hidden beneath a chair cushion. 

The attack:

– target sits on chair
– the credit card in his back pocket is scanned
– attacker now has credit card number & expiry date, and first and last name  (that’s what is edited out below)

The defence:

Leave NFC off, and use a RFID shielding sleeve / wallet for your credit cards.

 

What is an Enhanced Driver’s Licence?

It costs about $40, and an Enhanced Driver’s License (EDL) can be used instead of a passport when crossing the border by car.

However! It’s embedded with an RFID tag, meaning, protect it by using an RFID-shielding wallet, like this. Take this seriously, Saskatchewan abandoned EDLs because of the potential security breach.

Read it online at Autonet.

Favourite line:

There is one major difference between the two license that you cannot see – and that’s the addition of an embedded RFID tag. 

***

Back to ‘Keri on Driving’ – Index

 

 

I Want Blackberry to Win This One – the Z10

One of Canada’s favourite companies just completed their launch of their new phone and OS –  introducing the Blackberry Z10. I followed the launch along from start to now, thanks to TELUS who invited me.

The launch party in Toronto.

Whomever was in charge of the party crushed the guest list; that was a quality crowd.

Got to see many old social media faces and friends, from the good ‘ole days 2009-11-ish.

See how the keyboard is predicting what I’m typing? Once you get the hang of it, ahhh the efficiency.

(see my cell phone history here)

It plays Flash! & HTML5

Parental controls, nice.

Security note – the default of NFC is “on”. Turn it off immediately #security

NFCNear Field Communication. Pass files between phones without touching. (this blog post touches on it, here and start at the Charlie Miller part)

Then, it was off to TELUS HQ for a Z10 learning session.

I was pretty pumped for this event because, because at that time I was into researching how to move ‘contacts & calendar’ files among iPhone / BB / Android… BUT, move it withOUT using the cloud.

A – Nope.  Have to use the cloud.

However, TELUS has half the problem solved… it’s a cabled solution, available in each of their retail stores; port contacts from phone to phone, but not calendar.

(here’s the video)

Good luck, Blackberry! 
Your new phone is beautiful, you got this,
& Canada’s still behind you cheering you on xo 

 

This is SecTor 2012 – Canada’s Premiere Security Conference

SecTor: Illuminating the Black Art of Security.

Above is the vendor area, and below is the lunch keynote, the talk I was most looking forward to.

Meet Charlie Miller, one of the world’s best hackers, and, leading expert in a personal favourite topic, NFC.

NFCNear Field Communication. You likely haven’t heard much about NFC yet, but you will.

Think of those ads on TV, where you put your phone next to your buddy’s, and photo gets beamed over wirelessly. That’s NFC. Charlie has figured out how to use NFC to hack your phone; here he is in action (green shirt).

He brushes close to the victim’s phone, and tada – Charlie can now access and download all the photos, contacts, files, make it call and text… and nothing AT ALL appears on the victim’s phone that would alert him this is happening.

Andorid users: you are, as always, the most susceptible to this attack. Best defense – check ‘yes I want to approve each NFC connection before it happens’.

He also said this, which is so true:

 This is what hacking looks like.

And this.

Not all all like that famous Swordfish movie scene, eh.

Above is a contest called, ‘Capture the Flag’; there’s one at most conferences.

I saw a basketball playing robots.

And a lockpick village.

I’ll show you what using those tools looks like on video sometime. Like hacking, it is not at all like in the movies.

Went upstairs for a sunlight break.

SecTor is happening again today, click here for detials.

If you’re intersted in getting into information security, this is your opportunity. It’s a friendly, and resource-rich environment, in an fast-growing industry that has an almost 100% employment rate.

Thanks for a great time, SecTor, and congratulations on your 6th and largest year  to date!