A team from the University of Florida won a 2018 Usenix Security Distinguished Paper Award for Fear the Reaper: Characterization and Fast Detection of Card Skimmers, which presents their work on the "Skim Reaper," a fast, easy-to-use, reliable credit-card skimmer-detector.
The team analyzed the NYPD's trove of skimmers and realized that skimmers overwhelmingly work by shimming a second read-head into the swipe slot (the alternative, a "deep tap," requires extensive work on the target machine and has only been found on gas pumps). By designing a credit-card-sized probe, they can detect these second read-heads.
It's a breakthrough: the skimmers themselves are virtually invisible and undetectable to physical inspection, but hiding the second read-head is going to be very hard.
Skimmers represent a significant and growing threat to
payment terminals around the world. Moreover, adversaries have become increasingly sophisticated, making
the detection of such attacks difficult. We address these
problems by conducting the first large-scale academic
analysis of skimming devices. With a characterization
of the techniques
being used by attackers, we
first debunk much of the common advice offered to pro-
tect consumers. We then develop the Skim Reaper tool,
which relies on the necessary physical properties of the
most common types of skimming devices found in New
York City. After successfully testing our solution on
skimmers used in real crimes, we show that simple adversarial countermeasures are ineffective against our device. Accordingly, though systematization, characterization and measurement, we show that robust and portable
tools can be developed to help consumers and law enforcement to rapidly detect such attacks.
Fear the Reaper: Characterization and Fast Detection of Card Skimmers [Nolen Scaife, Christian Peeters, and Patrick Traynor/Usenix Security]
(via Four Short Links)
Back in August, I gave the closing keynote at the second Decentralized Web Summit, entitled "Big Tech's problem is Big, not Tech; the Internet Archive released video right afterwards, but now they've cleaned up the video and rereleased it for your viewing pleasure.
For more than two years, Radiolab has been running a brilliant side-podcast called More Perfect which involves deeply reported, engaging stories about Supreme Court decisions, skilfully mixing in audio from the trials, historic or new interviews with the people involved, and commentary from scholars and activists that serve to illuminate the incredible stories behind the […]
I'm heading to the east coast next week, first for a lecture series in NYC for Columbia University (including a conversation with Radiolab's Jad Abumrad about Big Tech, monopolies and democratic technology); and from there I'm headed to Pennsylvania for a talk about my novel Walkaway at Swarthmore, on Sept 28 from 7-9PM at the […]
iOS 12 is finally here, which means now is the best time for aspiring developers to throw their hats into the app development game. While app development can be tricky for some, you can take an intuitive, beginner-friendly approach to understanding app creation and Apple’s latest iOS platform with the iOS 12 & Xcode 10 Bootcamp, […]
It might still be September, but the holiday season will be here before you know it, which means now is the time to think about where you want to vacation to—and what to do once you get there. To this end, we’ve scoured the Web and tracked down a number of travel hacking ebooks, gadgets, […]
The human eye is a beautiful, incredible thing, but it’s far from perfect, especially when it comes to examining objects up close. Capable of magnifying objects up to 1,000 times, this portable microscope camera lets you see wonders hidden to your regular vision, and it’s on sale today for $38.99. Don’t let its compact size fool […]