Beware 'physical' high-tech cyberthreats at malls, PC World warns

If you think spam and malware on your computer and mobile devices are the only threats to look out for during the holidays, think again: there are also physical high-tech threats like skimmers and strategically placed cameras, a tech site reported.

 

PC World said these are among the physical risks cybercriminals can exploit to steal credit or bank card information without having to physically take a victim's card.

 

The report said skimmers are among the most popular tools used by cybercriminals as they can be mounted on point-of-sale (POS) credit card devices, ATMs, and gas pumps.

 

Quoting Sophos' Chester Wisniewski, it said skimmers could be assembled using 3D-printed parts and an Arduino computer board.

 

It added such devices can be hidden behind a false panel atop the PIN pad and above the area where customers swipe their cards.

 

Worse, ID Theft Security CEO Robert Siciliano pointed out some skimmers can be handheld or worn on the body - and crooked employees with these skimmers can double-swipe cards to capture the data.

 

"Fellow employees or the customer would never notice," he said.

 

However, PC World quoted Bit9 security compliance manager Chris Strand as saying the consolation is that most skimmers are limited as they are relatively simple and get only the credit-card numbers.

 

Still, he said many such devices "can be constructed using home-based manufacturing techniques.”

 

“The devices and the tools used to create them are becoming more simplified making them more difficult to trace,” he added.

 

Cameras

 

Meanwhile, another physical threat involves cameras that can log keystrokes from a strategic position, PC World said.

 

“All it takes to log someone’s keystrokes is a strategically placed web/security/spy camera,” Sophos' Chester Wisniewski said.

 

He added a smartphone can be easily reconfigured into a rogue access point for supposedly free Wi-Fi. "It doesn’t always require specialized equipment."

 

Healthy suspicion

 

Retailers and customers can detect and defeat threats like these by adopting a "healthy suspicion," it quoted Wisniewski as saying.

 

"Managers, coworkers and customers must be trained on the risks posed by skimming in general. Daily checks of existing hardware and close monitoring of employees are essential," added Siciliano.

 

Also, Strand said the best way to defeat such threats is to "ensure that hardware or fixed-function devices are limited in their interface to allow only customer input via the keypad or close proximity RFID input.”

 

”Limiting the common interfaces that many of these devices have, such as open wireless ports, physical inputs like USB ports, and any other interface to access the device, reduces the possible access points that cyber thieves may use to compromise a device,” he added. — TJD, GMA News