Locating a wireless communication attack
First Claim
Patent Images
1. An apparatus for detecting a presence of an illicit skimmer device configured to capture customer data, comprising:
- a communication monitor including a wireless sensor configured to monitor communication activity by capturing frames over a wireless air interface;
a hardware processor communicatively coupled with the communication monitor and configured to analyze the frames for a presence of a predefined communication parameter associated with a communication from the illicit skimmer device over a short-range wireless connection, the hardware processor further being configured to delay a completion of the communication from the illicit skimmer device to a criminal device; and
an interface communicatively coupled with the hardware processor and configured to generate an alert for a system administrator when the hardware processor detects a presence of the predefined communication parameter, the predefined communication parameter represented by at least one of;
the frames being sent by a device over the short-range wireless connection, and one of;
the device is in a discoverable mode, orthe device is in a non-discoverable mode, and the frames are sent in response to a brute-force inquiry;
the frames including a series of sixteen-digit numbers;
a transmission of the frames coincides with updates from a point-of-sale terminal;
the frames are transmitted continuously for a duration that is greater than a predetermined duration threshold; and
the frames are first transmitted during a predefined time range,wherein the illicit skimmer device is separate from the criminal device, andwherein the communication from the illicit skimmer device to the criminal device takes place via the short-range wireless connection upon a pairing of the illicit skimmer device with the criminal device.
4 Assignments
0 Petitions
Accused Products
Abstract
A technique for locating a wireless communication attack includes monitoring of Bluetooth® communications activity by a Bluetooth® capable communication device. Any monitored communication activity is analyzed against parameters that are predefined to detect a communication attempt by a suspected criminal device to an illicit device. If the communication attempt by the suspected criminal device is detected by the analysis, a communication to the criminal device is controlled so as to delay completion of the communication to the criminal device in order to provide time to locate the criminal device.
43 Citations
14 Claims
-
1. An apparatus for detecting a presence of an illicit skimmer device configured to capture customer data, comprising:
-
a communication monitor including a wireless sensor configured to monitor communication activity by capturing frames over a wireless air interface; a hardware processor communicatively coupled with the communication monitor and configured to analyze the frames for a presence of a predefined communication parameter associated with a communication from the illicit skimmer device over a short-range wireless connection, the hardware processor further being configured to delay a completion of the communication from the illicit skimmer device to a criminal device; and an interface communicatively coupled with the hardware processor and configured to generate an alert for a system administrator when the hardware processor detects a presence of the predefined communication parameter, the predefined communication parameter represented by at least one of; the frames being sent by a device over the short-range wireless connection, and one of; the device is in a discoverable mode, or the device is in a non-discoverable mode, and the frames are sent in response to a brute-force inquiry; the frames including a series of sixteen-digit numbers; a transmission of the frames coincides with updates from a point-of-sale terminal; the frames are transmitted continuously for a duration that is greater than a predetermined duration threshold; and the frames are first transmitted during a predefined time range, wherein the illicit skimmer device is separate from the criminal device, and wherein the communication from the illicit skimmer device to the criminal device takes place via the short-range wireless connection upon a pairing of the illicit skimmer device with the criminal device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for detecting a presence of an illicit skimmer device configured to capture customer data, comprising:
-
a communication monitor including a wireless sensor configured to monitor communication activity by capturing frames over a wireless air interface; a hardware processor communicatively coupled with the communication monitor and configured to analyze the frames for a presence of a predefined communication parameter associated with a communication from the illicit skimmer device over a short-range wireless connection, the hardware processor further being configured to delay a completion of the communication from the illicit skimmer device to a criminal device; an interface communicatively coupled with the hardware processor and configured to generate an alert for a system administrator when the hardware processor detects a presence of the predefined communication parameter, the predefined communication parameter represented by at least one of; the frames being sent by a device over the short-range wireless connection, and one of; the device is in a discoverable mode, or the device is in a non-discoverable mode, and the frames are sent in response to a brute-force inquiry; the frames including a series of sixteen-digit numbers; a transmission of the frames coincides with updates from a point-of-sale terminal; the frames are transmitted continuously for a duration that is greater than a predetermined duration threshold; and the frames are first transmitted during a predefined time range, wherein the illicit skimmer device is separate from the criminal device, and wherein the communication from the illicit skimmer device to the criminal device takes place via the short-range wireless connection upon a pairing of the illicit skimmer device with the criminal device. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method of detecting a presence of an illicit skimmer device configured to capture customer data, the method comprising the steps of:
-
monitoring, by a communication monitor that includes a wireless sensor, communication activity by capturing frames over a wireless air interface; analyzing, by a hardware processor communicatively coupled with the communication monitor, the frames for a presence of a predefined communication parameter associated with a communication from the illicit skimmer device over a short-range wireless connection; detecting, by the hardware processor, a presence of the predefined communication parameter, the predefined communication parameter represented by at least one of; the frames being sent by a device over the short-range wireless connection, and one of; the device is in a discoverable mode, or the device is in a non-discoverable mode, and the frames are sent in response to a brute-force inquiry; the frames including a series of sixteen-digit numbers; a transmission of the frames coincides with updates from a point-of-sale terminal; the frames are transmitted continuously for a duration that is greater than a predetermined duration threshold; and the frames are first transmitted during a predefined time range; delaying, by the hardware processor, a completion of the communication from the illicit skimmer device to a criminal device; and generating, by an interface communicatively coupled with the hardware processor, an alert for a system administrator upon the detection of the presence of the predefined communication parameter, wherein the illicit skimmer device is separate from the criminal device, and wherein the communication from the illicit skimmer device to the criminal device takes place via the short-range wireless connection upon a pairing of the illicit skimmer device with the criminal device. - View Dependent Claims (14)
-
Specification