|
|
|
|
|
|
by fakespastic
5625 days ago
|
|
|
Yeah, but the attacker needs access to the magnetic sensor in order to install a ripping device. Physical security prevents it in most cases. In the case of a phone, how could you prevent playback attacks? Say I walk up to a Coke machine and authorize a $1.00 payment, and someone nearby is able to capture that protocol stream. All they'd have to do is play it back to the Coke machine after I leave, and at that point they are welcome to unlimited corn syrup swill. I'm no cryptographer, but I can't think of any way to mitigate it. Something like SecurID, whereby you are given a new token code every minute, might work, but the intervals for new codes would have to be tighter, unless you plan to stand around and monitor everyone else's purchases for the entire interval. This is one for the really smart guys to figure out, and I expect that someday, it will become reality. Can't wait. |
|
|