Locating a wireless communication attack

US 10,055,581 B2
Filed: 06/24/2014
Issued: 08/21/2018
Est. Priority Date: 06/24/2014
Status: Active Grant

First Claim

Patent Images

1. An apparatus for detecting a presence of an illicit skimmer device configured to capture customer data, comprising:

a communication monitor including a wireless sensor configured to monitor communication activity by capturing frames over a wireless air interface;

a hardware processor communicatively coupled with the communication monitor and configured to analyze the frames for a presence of a predefined communication parameter associated with a communication from the illicit skimmer device over a short-range wireless connection, the hardware processor further being configured to delay a completion of the communication from the illicit skimmer device to a criminal device; and

an interface communicatively coupled with the hardware processor and configured to generate an alert for a system administrator when the hardware processor detects a presence of the predefined communication parameter, the predefined communication parameter represented by at least one of;

the frames being sent by a device over the short-range wireless connection, and one of;

the device is in a discoverable mode, orthe device is in a non-discoverable mode, and the frames are sent in response to a brute-force inquiry;

the frames including a series of sixteen-digit numbers;

a transmission of the frames coincides with updates from a point-of-sale terminal;

the frames are transmitted continuously for a duration that is greater than a predetermined duration threshold; and

the frames are first transmitted during a predefined time range,wherein the illicit skimmer device is separate from the criminal device, andwherein the communication from the illicit skimmer device to the criminal device takes place via the short-range wireless connection upon a pairing of the illicit skimmer device with the criminal device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique for locating a wireless communication attack includes monitoring of Bluetooth® communications activity by a Bluetooth® capable communication device. Any monitored communication activity is analyzed against parameters that are predefined to detect a communication attempt by a suspected criminal device to an illicit device. If the communication attempt by the suspected criminal device is detected by the analysis, a communication to the criminal device is controlled so as to delay completion of the communication to the criminal device in order to provide time to locate the criminal device.

43 Citations

View as Search Results

14 Claims

1. An apparatus for detecting a presence of an illicit skimmer device configured to capture customer data, comprising:
- a communication monitor including a wireless sensor configured to monitor communication activity by capturing frames over a wireless air interface;
  
  a hardware processor communicatively coupled with the communication monitor and configured to analyze the frames for a presence of a predefined communication parameter associated with a communication from the illicit skimmer device over a short-range wireless connection, the hardware processor further being configured to delay a completion of the communication from the illicit skimmer device to a criminal device; and
  
  an interface communicatively coupled with the hardware processor and configured to generate an alert for a system administrator when the hardware processor detects a presence of the predefined communication parameter, the predefined communication parameter represented by at least one of;
  
  the frames being sent by a device over the short-range wireless connection, and one of;
  
  the device is in a discoverable mode, orthe device is in a non-discoverable mode, and the frames are sent in response to a brute-force inquiry;
  
  the frames including a series of sixteen-digit numbers;
  
  a transmission of the frames coincides with updates from a point-of-sale terminal;
  
  the frames are transmitted continuously for a duration that is greater than a predetermined duration threshold; and
  
  the frames are first transmitted during a predefined time range,wherein the illicit skimmer device is separate from the criminal device, andwherein the communication from the illicit skimmer device to the criminal device takes place via the short-range wireless connection upon a pairing of the illicit skimmer device with the criminal device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The apparatus of claim 1, wherein, the hardware processor is further configured to emulate the communication from the illicit skimmer device to the criminal device.
  - 3. The apparatus of claim 2, wherein the emulated communication includes false data having a predetermined size.
  - 4. The apparatus of claim 1, wherein the communication monitor is configured to supply a signal strength measurement associated with the communication from the illicit skimmer device.
  - 5. The apparatus of claim 1, wherein the interface is coupled to a security camera directed to observe a vicinity near the illicit skimmer device.
  - 6. The apparatus of claim 1, wherein the hardware processor is further configured to discover a first Media Access Control address of the criminal device from the frames, and discover a second Media Access Control address of the criminal device by scanning for a wireless device having a Media Access Control address that is within +/−
    - 1 of the first Media Access Control address.

7. A system for detecting a presence of an illicit skimmer device configured to capture customer data, comprising:
- a communication monitor including a wireless sensor configured to monitor communication activity by capturing frames over a wireless air interface;
  
  a hardware processor communicatively coupled with the communication monitor and configured to analyze the frames for a presence of a predefined communication parameter associated with a communication from the illicit skimmer device over a short-range wireless connection, the hardware processor further being configured to delay a completion of the communication from the illicit skimmer device to a criminal device;
  
  an interface communicatively coupled with the hardware processor and configured to generate an alert for a system administrator when the hardware processor detects a presence of the predefined communication parameter, the predefined communication parameter represented by at least one of;
  
  the frames being sent by a device over the short-range wireless connection, and one of;
  
  the device is in a discoverable mode, orthe device is in a non-discoverable mode, and the frames are sent in response to a brute-force inquiry;
  
  the frames including a series of sixteen-digit numbers;
  
  a transmission of the frames coincides with updates from a point-of-sale terminal;
  
  the frames are transmitted continuously for a duration that is greater than a predetermined duration threshold; and
  
  the frames are first transmitted during a predefined time range,wherein the illicit skimmer device is separate from the criminal device, andwherein the communication from the illicit skimmer device to the criminal device takes place via the short-range wireless connection upon a pairing of the illicit skimmer device with the criminal device.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein, the hardware processor is further configured to emulate the communication from the illicit skimmer device to the criminal device.
  - 9. The system of claim 8, wherein the emulated communication includes false data having a predetermined size.
  - 10. The system of claim 7, wherein the communication monitor is configured to supply a signal strength measurement associated with the communication from the illicit skimmer device.
  - 11. The system of claim 7, wherein the interface is coupled to a security camera directed to observe a vicinity near the illicit skimmer device.
  - 12. The system of claim 7, wherein the hardware processor is further configured to discover a first Media Access Control address of the criminal device from the frames, and discover a second Media Access Control address of the criminal device by scanning for a wireless device having a Media Access Control address that is within +/−
    - 1 of the first Media Access Control address.

13. A method of detecting a presence of an illicit skimmer device configured to capture customer data, the method comprising the steps of:
- monitoring, by a communication monitor that includes a wireless sensor, communication activity by capturing frames over a wireless air interface;
  
  analyzing, by a hardware processor communicatively coupled with the communication monitor, the frames for a presence of a predefined communication parameter associated with a communication from the illicit skimmer device over a short-range wireless connection;
  
  detecting, by the hardware processor, a presence of the predefined communication parameter, the predefined communication parameter represented by at least one of;
  
  the frames being sent by a device over the short-range wireless connection, and one of;
  
  the device is in a discoverable mode, orthe device is in a non-discoverable mode, and the frames are sent in response to a brute-force inquiry;
  
  the frames including a series of sixteen-digit numbers;
  
  a transmission of the frames coincides with updates from a point-of-sale terminal;
  
  the frames are transmitted continuously for a duration that is greater than a predetermined duration threshold; and
  
  the frames are first transmitted during a predefined time range;
  
  delaying, by the hardware processor, a completion of the communication from the illicit skimmer device to a criminal device; and
  
  generating, by an interface communicatively coupled with the hardware processor, an alert for a system administrator upon the detection of the presence of the predefined communication parameter,wherein the illicit skimmer device is separate from the criminal device, andwherein the communication from the illicit skimmer device to the criminal device takes place via the short-range wireless connection upon a pairing of the illicit skimmer device with the criminal device.
- View Dependent Claims (14)
- - 14. The method of claim 13, further comprising the step of emulating the communication from the illicit skimmer device to the criminal device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Symbol Technologies, LLC (Zebra Technologies Corporation)
Original Assignee
Symbol Technologies, LLC (Zebra Technologies Corporation)
Inventors
Batta, Puneet, Harris, Jason T, Miranda, Trevor, Thomas, Jacob
Primary Examiner(s)
Abyaneh, Ali S

Application Number

US14/312,745
Publication Number

US 20150371038A1
Time in Patent Office

1,519 Days
Field of Search

726 23
US Class Current
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 2221/034   Test or assess a computer o...

H04L 2463/146   Tracing the source of attacks

H04N 7/183   for receiving images from a...

H04W 12/12   Detection or prevention of ...

H04W 12/122   Counter-measures against at...

H04W 12/79   Radio fingerprint

Locating a wireless communication attack

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Locating a wireless communication attack

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links