Brian Krebs has explained how an overlay skimmer equipped with Bluetooth technology allows thieves to snarf swiped card data and PINs wirelessly using nothing more than a mobile phone. Lamar Bailey, Sr. Director, Security R&D at Tripwire commented below.
Lamar Bailey, Sr. Director, Security R&D at Tripwire:
The idea of a Bluetooth skimmer is neat but it has Pros and Cons.
“Cons:
Effective Bluetooth range is around 30ft and in a retail setting with lots of interference it is likely much shorter. Given the range the criminal would have to stand around to collect the data, they would be very suspicious for any security personnel. If the criminal is a store employee that will be in the area like someone monitoring self-checkout lanes or a cashier it will make it much less suspicious. The other option is using a burner phone as the receiver and hiding it within range, this could work if there is a good place to hide it without being too suspicious or leaving it somewhere that it may be discovered. These skimmers are also battery powered so adding a Bluetooth radio reduces battery life when the goal is to harvest as many card numbers as possible.
Pros:
The real pro is speed, if the phone collecting the data has an internet connection the harvested numbers could be relayed in near real time. This allows the criminals to use the card numbers quickly and try to steal as much as possible before the alerts are triggered.
This becomes very useful in the ‘forgot something’ scam where two charges are done at the same store in a short period of time. Charge one is legit and charge two is done by criminals, if done right this generally does not trigger credit card alerts because it looks like the customer forgot some items and went back to get them or made their larger purchase of a TV or computer separate from smaller items.
Deploying wifi, cellular, and Bluetooth blockers around the checkouts can cut down on these attacks.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…
“Cybersecurity is increasingly complex, in part, due to the interconnected…
“Unfortunately, time and time again we see NGOs, hospitals and…
As I have always said - it is verified trust…