It took me a moment to figure out how this works: Victims are deceived into installing a malicious app disguised as a security tool onto their own mobile phone. They are then directed to tap their...
It took me a moment to figure out how this works:
Victims are deceived into installing a malicious app disguised as a security tool onto their own mobile phone.
They are then directed to tap their tap-to-pay card on their own mobile phone where they have just recently installed the app.
The card data is then transmitted to a nearby device that can then use the information to make fraudulent purchases.
I don't get how this happens both over the phone or text and also in person, but it must be working, I suppose.
To clarify there is no physical proximity required for the attacker; the card data is transmitted to a remote server over the internet, which allows impersonation of the card at point of sale...
The card data is then transmitted to a nearby device that can then use the information to make fraudulent purchases.
To clarify there is no physical proximity required for the attacker; the card data is transmitted to a remote server over the internet, which allows impersonation of the card at point of sale devices or contactless ATMs anywhere in the world.
So the "local" part is that the attacker's device is "local" to the ATM or payment portal, not that the attacker is "local" to the victim. Thank you for clarifying and mentioning the link. That...
So the "local" part is that the attacker's device is "local" to the ATM or payment portal, not that the attacker is "local" to the victim. Thank you for clarifying and mentioning the link. That makes a lot more sense.
Alright, so I like to consider myself 'aware' of things and all that, and trust me I'm even more paranoid now, but Really? I had to search 'smishing.' Is that a typo? No, short for 'sms...
Alright, so I like to consider myself 'aware' of things and all that, and trust me I'm even more paranoid now, but
smishing campaigns
Really? I had to search 'smishing.' Is that a typo? No, short for 'sms phishing'... Fuck, Infosec guys, have you said that aloud? Who approved smishing? Just call it phishing via sms or something.
But, also, spooky stuff. One of those days I'm glad I'm a bit of a Luddite when it comes to 'tap to pay.' My bank told me they could send me a new card and I just didn't care enough to get a new one, so my primary cards still don't have any NFC functions and I keep the NFC on my phone off for the most part unless I'm spoofing amiibo.
I've taken multiple TestOut courses (owned by CompTIA and designed to prep you for their exams), and they have included this term, among others. If you're interested I can share the laundry list...
I've taken multiple TestOut courses (owned by CompTIA and designed to prep you for their exams), and they have included this term, among others.
If you're interested I can share the laundry list from a recent module for their CySA cert.
The security firm Cleafy’s original post about the malware goes into greater detail: https://www.cleafy.com/cleafy-labs/supercardx-exposing-chinese-speaker-maas-for-nfc-relay-fraud-operation
Looks like there's quite a few interesting examples on the Wikipedia page. Apparently software built on HyperCard was also bought and sold by businesses, too.
Looks like there's quite a few interesting examples on the Wikipedia page.
the French automaker Renault even used HyperCard as the basis for their inventory system. – ITWorld
Apparently software built on HyperCard was also bought and sold by businesses, too.
Activision, which was until then mainly a game company, saw HyperCard as an entry point into the business market. Changing its name to Mediagenic, it published several major HyperCard-based applications, most notably Danny Goodman's Focal Point, a personal information manager, and Reports For HyperCard, a program by Nine To Five Software that allows users to treat HyperCard as a full database system with robust information viewing and printing features.
I guess I never dug far enough into it to see this side of HyperCard. Was it really that much more advanced than I realized or was that probably the most janky inventory system ever created? I...
the French automaker Renault even used HyperCard as the basis for their inventory system
I guess I never dug far enough into it to see this side of HyperCard. Was it really that much more advanced than I realized or was that probably the most janky inventory system ever created? I guess both could be true.
I need to stop thinking about this because its mildly insane.
I was literally using mine yesterday to play GBA games on my original 3DS. Which, for the longest time, was the only way to play your GBA games other than the few games available on the eShop. (I...
I was literally using mine yesterday to play GBA games on my original 3DS. Which, for the longest time, was the only way to play your GBA games other than the few games available on the eShop.
(I don't usually; the battery on mine is pretty weak and the extra CPU on the card eats even more of it, but it just so happened to be nearby while someone brought up a game I knew was on it.)
It took me a moment to figure out how this works:
I don't get how this happens both over the phone or text and also in person, but it must be working, I suppose.
To clarify there is no physical proximity required for the attacker; the card data is transmitted to a remote server over the internet, which allows impersonation of the card at point of sale devices or contactless ATMs anywhere in the world.
I found figure 3 in the original post to be helpful: https://www.cleafy.com/cleafy-labs/supercardx-exposing-chinese-speaker-maas-for-nfc-relay-fraud-operation
So the "local" part is that the attacker's device is "local" to the ATM or payment portal, not that the attacker is "local" to the victim. Thank you for clarifying and mentioning the link. That makes a lot more sense.
Alright, so I like to consider myself 'aware' of things and all that, and trust me I'm even more paranoid now, but
Really? I had to search 'smishing.' Is that a typo? No, short for 'sms phishing'... Fuck, Infosec guys, have you said that aloud? Who approved smishing? Just call it phishing via sms or something.
But, also, spooky stuff. One of those days I'm glad I'm a bit of a Luddite when it comes to 'tap to pay.' My bank told me they could send me a new card and I just didn't care enough to get a new one, so my primary cards still don't have any NFC functions and I keep the NFC on my phone off for the most part unless I'm spoofing amiibo.
There's a whole family of these terms these days. I've also seen vishing for phishing by voice calls for example
have you heard of quishing? Sounds like a sex act, actually is "QR phishing" - not even really sure how that is a distinct class
Perhaps it’s got its own term because it’s so common now? SMS is pretty much the only way I see phishing attempts delivered to me these days.
I promise you email phishing is also still very alive and well lol
I've taken multiple TestOut courses (owned by CompTIA and designed to prep you for their exams), and they have included this term, among others.
If you're interested I can share the laundry list from a recent module for their CySA cert.
The security firm Cleafy’s original post about the malware goes into greater detail: https://www.cleafy.com/cleafy-labs/supercardx-exposing-chinese-speaker-maas-for-nfc-relay-fraud-operation
Thanks for this
Anybody else remember SuperCard? I got weirdly excited for a minute there.
No but I remember HyperCard.
Did anyone do anything useful with these programs? I just remember kids making animations.
I think the most well-known example of HyperCard in the wild was the original version of the game Myst!
HyperCard was great! I'm not sure the point was to be "useful"; it made being creative pretty easy, though.
Looks like there's quite a few interesting examples on the Wikipedia page.
Apparently software built on HyperCard was also bought and sold by businesses, too.
I guess I never dug far enough into it to see this side of HyperCard. Was it really that much more advanced than I realized or was that probably the most janky inventory system ever created? I guess both could be true.
I need to stop thinking about this because its mildly insane.
My first thought was the SuperCard DSTWO, the best flash cart of all time.
I was literally using mine yesterday to play GBA games on my original 3DS. Which, for the longest time, was the only way to play your GBA games other than the few games available on the eShop.
(I don't usually; the battery on mine is pretty weak and the extra CPU on the card eats even more of it, but it just so happened to be nearby while someone brought up a game I knew was on it.)