Recent searches

No recent searches

Search options

Only available when logged in.
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

270
active users

shakedown.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.1

#nfc

0 posts0 participants0 posts today
*
Kevin Karhan :verified:

@glitzersachen @leanlearnlead problem is whilst #Germany and the rest of the #EU did standardize on #CCS2 for #ChargingStations, there's no mandate for all EVs to have the connector for it!

The whole #payment fiasco comes to it: I don't have to register to fill up a gas tank:

  • All I've to do is pay after pumping or the gas station staff will call the police.

I don't think it's too much to ask to accept all common cashless payments either if they don't want the #cash with unmanned charging stations.

  • I'm not even expecting them to accept #Monero or god forbid some #Shitcoins or some obscure single-bank - only payment system. If my local #Döner shop can do #NFC payments then the #TechBros that 'reinvent charging' can do so too.
#monero#shitcoins#doner
Replied in thread
*
Kevin Karhan :verified:

@Salty @leanlearnlead charging being slower because shitty #batteries are used instead if #Methanol #FuelCell|s is one thing, but why can't I just chug in a banknote into a machine or pay at a teller at a "Charging Station" and get like an SMS, eMail or any other notification when it's done?

  • Cash aside, there's no reason in the age of #NFC-enabled parking meters to not have the same convenience as those, as a #ChargingStation doesn't have the excuse of "no grid electricity" to be kneecapped.

Worse even if someone's vehicle doesn't have a #CC2 charging port (basically all scooters ≤15kW / 90km/h)...

Terence Eden’s Blog

Contactless Payments with GrapheneOS

shkspr.mobi/blog/2025/06/conta

Google's monopolistic stranglehold on Android results in poor experience for power-users, and artificially restricts choice for those who have older phones. For example, Google Wallet is the de facto way to use NFC payments on Android. There's one problem though - it only works with Google's Android. If you have the temerity to install a 3rd party Android OS - like the hyper-secure GrapheneOS - you'll be locked out of it.

First of all, Google is lying. It does meet security standards and it is not rooted. I get that I have no right to run someone else's software in an environment they don't like, but this is just misinformation. 3rd party OSes are often more secure that a stock OS which has been left to rot by an unresponsive manufacturer.

Anyway, here's how you can use contactless payments on Graphene.

Prerequisites

I'm going to tell you what I did. If you found another way, leave a comment or write your own blog post.

I'm using the latest version of Graphene (2025062000) with Play Services installed. The app is running in my main profile. None of the advanced app protection has been toggled for the app. NFC is on.

You will have to agree to Curve's privacy policy. And the privacy policy of your credit card. Look, if you're using Graphene, you're probably overly privacy sensitive. If you're concerned about The Man™ knowing that you used your card to buy a breakfast beer and then sharing that with 958 trusted partners, just use cash instead.

Install Curve

Here's a referral link to install Curve - join and you get £10. Or, you can install directly from the Play Store.

You'll need to create an account and pass KYC / AML checks. Curve are regulated by the FCA so you should feel safe giving your details to them.

Add a card

Curve is a virtual card provider. So add your existing Visa or MasterCard to the app (no Amex). When you spend on Curve, you're actually spending on the underlying card you've added. Curve promise cheaper foreign exchange fees and a few other perks. But what we're really interested in is NFC payments.

Set up Curve Pay

On your app's dashboard, you should see a banner saying "Curve Pay is good to go!". If not, head into your account and set it up there.

If it has all set up, you should see a welcome tutorial explaining how contactless works.

Set your default wallet

On your phone, go to Settings → Connected devices → Connection Preferences → NFC → Contactless Payments.

Or, search your settings for Pay.

Select your default wallet app - in this case, Curve.

Pay for something

You need to make sure NFC is turned on before you can use NFC payments. I know that sounds obvious, but I forgot to do it the first time and got very confused.

Go to a local shop, pick up something, hand it to the merchant, wave your phone over the payment terminal like you are a technowizard from the future.

Enjoy eating whatever you paid for!

That's it!

Once you're done, you can turn of NFC if you're paranoid.

Apparently, Curve also works with Garmin Smart Watches - but I don't have one to test out.

If you've found this blog post useful, I'd be grateful if you signed up with my referral link for Curve.

Notification showing I paid £3.95 for a sticky bun.
Terence Eden’s Blog · Contactless Payments with GrapheneOS
More from Terence Eden
#android#google#GrapheneOS
*
Terence Eden

🆕 blog! “Reading NFC Passport Chips in Linux”

For boring and totally not nefarious reasons, I want to read all the data contained in my passport's NFC chip using Linux. After a long and annoying search, I settled on roeften's pypassport.

I can now read all the passport information, including biometrics.

👀 Read more: shkspr.mobi/blog/2025/06/readi

#CyberSecurity #hacking #linux #nfc #rfid

Terence Eden’s Blog · Reading NFC Passport Chips in Linux
More from Terence Eden
Replied in thread
*
Kevin Karhan :verified:

@riley Case in point, #IrDA on optical bandwiths would work excellent for #DataExchange on #airgapped systems with minimal risk of violating #TEMPEST or similar standards, thus making RED/BLACK seperation in various projects on mine simpler.

  • Not to mention it's trivial to spoof or merely jam #wireless #RF like #NFC]* and thus denying the ability to use these, whereas it's harder to block a line-of-sight without being identified as root cause of it.
en.wikipedia.orgAir gap (networking) - Wikipedia
#wireless#rf#nfc
Replied in thread
*
Kevin Karhan :verified:

@hisold My bank stopped issuing #girocard cards with #magstrip 10+ years ago as magstrip was phased out and #NFC was phased in as well as #PSD1 being introduced.

  • Even before that merchants rarely accepted magstrips and those who did asked for #ID as soon as purchases [i.e. fuel at a gas station) exceeded like €100 because unlike #Chip + #PIN the payment processor does not guarantee them that the payment will be accepted and the amount guaranteed.

That's the main push factor: Alongside lower processing fees and faster processing, the Chip+PIN & #NFC systems actually request a blockage of the amount and will automatically decline without incuring fees if the balance / limit is below that amount - sometimes even before the PIN has been entered (it'll just not show it until the PIN is entered so fraudsters can't just abuse this as a means to check balance.

  • There's a nice podcast with #JohnBoseak where he explains how stuff used to [and allegeldy still does] work in the #USA re: #CreditCards. Given that I worked for a #PaymentProcessor in the past this is some basic knowledge re: #security, because one needs to understand how stuff like CNP ("Card not Present") works and how the system is architected to the point that even if someone were to hack the database of said payment processor, they'd never find any CCs or the CVVs stored there at all.

It's also insightful because #fraud would be way more rampant if the card issuer, payment processor and card system operator [i.e. AMEX, VISA, MasterCard] didn't all run their own AFE [Anti-Fraud Engine] each automatically assessing risks within less than a second for every transaction.

  • That's why one can get their #CC blocked when using a #VPN and why fraudsters need the location of their victims because if I had a CC and used it regularly and someone were to try to swipe a skilled copy of that at a Walmart or Best Buy on the East Coast of the USA less than 24 hours of my last use in Germany, that would automatically get declined as fraud and the person at the cashier will call security because noone is travelling that quickly that far.

But that's just some cold OSINT based off #TechSupport and peeking behind the curtains professionally...

  • There's way more but I can't go into details on that.

Rest assured if you have a CC you can be as certain that someone tried to abuse it as I'm certain my bank blocked fraudulent money orders against my account because of AFEs working - it's just > 99% of all fraud attempts get blocked instantly and merchants rate-limited or kicked off the system when they do something suspicious.

  • Same reason why one can't frame someone for a crime by just wiring obviously illicit funds to their account: AML (Anti-Money Laundering) will catch that and unless the account holder were to ask "Where's the money/transaction?" #FinCEN et. al. won't even bother calling the account holder up simply because "oops I wired money to the wrong account. Can you please send it back?"- #scam is a well-known method to turn unsuspecting people into money launderers.

So yeah, that "#magstrip" may be just lacquer but unless it's specifically advertised otherwise only holds the CC & CVV as well as service codes [i.e. chip+pin only] to tell the terminal "Don't accept magstrip, mandate Chip+PIN"]...

  • Outside the #USA, this is the norm due to #PSD2 exceeding #PCIDSS by quite a lot!

Only underdeveloped countries like the #US still use #Magstrips and #credit and not Chip+PIN & #debit!

YouTubeMiami’s Darklord of Credit Card Scams | John BoseakBy Danny Jones
Cappy Ishihara

Looking for aspiring Linux hardware and software hackers to work on NFC-F/FeliCa (Secure NFC) support in Linux! We're interested!

Imagine Linux emulating transit cards— also logging into SEGA (Aime), Namco (BaNaPassPort), Konami (e-Amusement) arcade games!

Join us @hq and let's turn Linux phones into transit (or arcade) cards! Let's ride the train, on Linux! #nfc #nfcf #felica #linux #hardwarehacking

Brian Greenberg :verified:

⚠️ Mobile security risk: New Android malware "SuperCard X" enables contactless payment fraud via NFC relay attacks 📱💳

Here’s how it works:
🔹 Victims are socially engineered through fake bank alerts (smishing + calls)
🔹 Tricked into installing a rogue app posing as “security software”
🔹 NFC data is intercepted from real debit/credit cards
🔹 Attackers relay stolen credentials to PoS terminals and ATMs for fraudulent cashouts

Why it matters:
• Attackers no longer need stolen physical cards — just proximity + deception
• Banking customers, payment providers, and card issuers are all at risk
• Google is working on Android protections — but vigilance is key now

🛡️ Tip: Always scrutinize app installs, verify messages before acting, and keep Google Play Protect enabled.

#CyberSecurity #MobileSecurity #Malware #NFC #FinancialFraud #ThreatIntel #security #privacy #cloud #infosec

thehackernews.com/2025/04/supe

The Hacker NewsSuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay AttacksSuperCard X malware exploits NFC relay and social engineering to steal card data in Italy, enabling ATM fraud.
TrendingLive feeds
About