Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Is there any way of knowing if a card is cloned and how detected?
For example, in the case in contactless card which is implemented in the transport, as you know if the card was altered?
No way to find and fix it and implement a security measure?
Offline
I don't see how that would be possible. In theory, if the authentication end saw the same card at two different locations at the same time then, perhaps it could be flagged, but I don't think they could wipe the card or change the data on it. I think they would just deny authentication. That said, I highly doubt the authentication end would perform this check. More than likely, in the case of a bus pass type of account, the genuine paying customer would notice extra charges on his account and close the account and start another. Obviously, if one were to clone many accounts, the risk of being detected is reduced.
Offline
It is very rare for an organisation to implement measures for detecting duplicates. As Bugman1400 has already stated - the most obvious indicator of a duplicated card is the detection of the same card within a small time frame (for instance the same card used on a transport system on two sides of the country within minutes). Another common scenario is when the card is used in two places that are physically impossible to get to from one another without getting access elsewhere first.
I'm not aware of any organisation making use of CSNs / UIDs anywhere (excluding access control systems).
There is no way of looking at the original card and telling if it has been duplicated. Depending on the technology used there are some cases where the clone will vary slightly from the original (eg the CSN).
The other thing to consider is that there are organisations out there that factor in these vulnerabilities because its profitable to do so.
Offline
Pages: 1