Coin, no not BTC

It'll end up as one of those "loopy" ideas that we all look back at in a decade or so. We'll be wearing flexible OLED devices that will a smartphone / payment / office combined. Big advances in flexible tech (not just displays - equally important is power, so flexible batteries ) are happening in leaps and bounds. It won't be long before you will see the first consumer devices. Several tech companies have plans to launch products in the coming year or so.
 


So it emits a low level Bluetooth signal to determine if out of phone range; couple things with that...trivial to do this:
Setup MIM access point in coffee shop (SF or NYC probably the best)
Access point grabs phone authentication; if it has Bluetooth, grab that too.
User uses coin? You can clone the outbound ping from coin and the response from phone
Card the coin (this is the only part I assume is possible, the above steps are trivial)

A single person (or group) could card an entire city at once by dropping off all the access points and letting them run in a collections only mode for period of time. Then, push through tons of transactions for hard goods and currency exchanges. From there it is basic moneylaundering.
 
How do you stop some other cheeky kunt from swiping other peoples normal cards onto his Coin?
 
Cygnus said:
So it emits a low level Bluetooth signal to determine if out of phone range; couple things with that...trivial to do this:
Setup MIM access point in coffee shop (SF or NYC probably the best)
Access point grabs phone authentication; if it has Bluetooth, grab that too.
User uses coin? You can clone the outbound ping from coin and the response from phone
Card the coin (this is the only part I assume is possible, the above steps are trivial)

A single person (or group) could card an entire city at once by dropping off all the access points and letting them run in a collections only mode for period of time. Then, push through tons of transactions for hard goods and currency exchanges. From there it is basic moneylaundering.
Click to expand...

wee-bey-gif.gif
 
The more I think about this product the more it worries me. I hadn't originally given much thought on the rewards/loyalty cards, but that data is a goldmine in the wrong hands. Carding is usually halted by financial institutions before it is caught by a user. However, if the carder knows you use certain gas stations, stores, and even which products you buy (last piece requires gaining access to the data sold by stores to advertisers) they can slip more activity in...buy $500 gas cards through ecom of the station you frequent? Totally normal. An extra 12-24 hours of activity is an eternity.

I may be a blackhat SEO by stupid definitions of whether tos is always followed (insert image: we all blackhat now), but I'm not a fan of illegal hacking. I've spent the last couple of years yelling at google on how dumb and lax they are on handling the subject, so new products like this that seem to treat security as an afterthought really get my goat.
 
You must log in or register to reply here.
Top Bottom