Tag: security

DodgyATM.

kg4cyxLeave a comment

image

One of these days I would love to get my hands on the husk of one of these stupid machines, install a wobbly fascia over the card slot mimicking a badly installed skimmer, hollow it out, put an ill fitting monitor behind the window and a single board computer inside. Upon a user inserting a card and entering a pin number, both of which will promptly be discarded by the software, a small but powerful blower will launch a shower of glitter over the user and a receipt will print yelling at the user for swiping their card on such a dodgy piece of crap and explaining the risks.

Maybe then others will realize just how dumb these mini ATM’s truly are.

They’re insecure, can even be outright completely replaced by a compromised device, and are likely a pretty good source of card skimming fraud.

And even if it isn’t compromised, the fee is $WTFPILLAGE.

image
Look at this stupid unmatched pin pad. Could you even remotely consider taking this seriously? I can't. WTF.

Kill the WiFi tracking!

kg4cyxLeave a comment

One of these days I shall have to post my observations on retail store Wi-Fi customer tracking systems… For now though, here is what you can do about them if you have a rooted Android device.

Pry-Fi is a fun little toy for this purpose. It does a couple of things; one, it can turn background scanning on and off.

Your device always scans for networks when Wi-Fi is on but not connected by dropping a Wi-Fi probe request on each channel. This probe request contains your device’s unique hardware MAC address. This MAC address is what the tracking systems use to identify you – their business end is a number of wireless access points that allow monitoring and relay the probe requests on to a mystery server. Here’s what they look like in the wigle.net wardriving app:

image

Note that 78 of them replied to my probe requests!!

Pry-Fi can usually (hardware dependent) change the MAC address to fool these things into thinking they’ve never seen you before.

image
Wal-Spam!

Best yet, it has a war mode, so when you know you’d otherwise be tracked, it can flood them with randomized probes!

image

It’s just kind of awesome. It won’t be able to do anything on a device without root, of course, but if it has access and the WiFi driver lets it change MAC, it can work its magic.