Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

Information security

  1. Jun 15, 2009 #1
    Which of the following means of communications is it safe to transmit sensitive data such as a credit card number or a social security number through:

    1) cell phone
    2) landline phone
    3) fax
    4) snail mail

    ?
    I have been trying to use google to get an answer to this question, but that did not seem to be working. I found a lot of people writing about the http://en.wikipedia.org/wiki/PCI_DSS" [Broken], but I couldn't really find any definitive answer to the question I asked above.
     
    Last edited by a moderator: May 4, 2017
  2. jcsd
  3. Jun 15, 2009 #2

    Gokul43201

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    5) email + PGP
     
  4. Jun 15, 2009 #3
    Well landlines can be bugged, snail mail can be intercepted. Cell phones and fax, not sure, can they have their messages intercepted?
    I suppose with fax, anyone could see it when the details come out the other side. With landline, you have to trust the person you are giving the details to not to write them down for use later. Cell phones in relation to a phone call would be the same but SMS, not sure.

    I suppose the key would be in something encrypted via email as pointed out above would be the best.

    If you insist on using snail mail or fax, theres always an enigma machine, doubt many people keep decoders for them around. Definitely give you an advantage there.
     
    Last edited by a moderator: May 4, 2017
  5. Jun 15, 2009 #4

    russ_watters

    User Avatar

    Staff: Mentor

    Cell phones are the safest. Their signals are encrypted.
     
  6. Jun 15, 2009 #5
    There's nothing inherently more secure about any of these methods of communication. You can do encryption on any of them if you want...and when you do encryption, that doesn't guarantee security anyway...because there is usually possibility of man in the middle or other exploits.

    When you purchase goods from a store, be it in person, online, or on the telephone, they have access to your credit card number and identity and could impersonate you if they wanted to.
     
    Last edited by a moderator: May 4, 2017
  7. Jun 15, 2009 #6

    Moonbear

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    I think people have a false sense of security if they think any method is secure. All of those methods depend on the honesty of the person at the other end receiving the information. It's also not worth being paranoid about. I had a credit card number stolen several years ago, and it wasn't too difficult sorting through the charges and getting them removed. The credit card company flagged it when it appeared I was making charges in two countries at once and locked the account before too much damage was done. That made it easy to file the reports sorting out which were legitimate charges and which were the fraudulent ones.
     
  8. Jun 16, 2009 #7
    The bigger problems happen when someone decides to steal your identity. That can take a lot more work to sort out than just someone stealing your number.
     
  9. Jun 16, 2009 #8

    chroot

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    None of the communications channels you've mentioned are inherently secure, and only one includes any form of intentional security: the cell phone.

    Cell phone traffic on modern networks is unbreakable for people who do not have access to expensive cellular phone basestation equipment -- a much larger investment than a common criminal could hope to recoup via fraud. Spread-spectrum frequency hopping, channel coding, and encryption make it a pretty secure system from pretty much everyone except the people who work for the cell phone companies and the government. If your security needs are so great that you need secrecy from the government, though, cell phones will not provide that.

    Fax transmissions are no more secure than ordinary land-line phone calls. There is absolutely no security involved in fax transmission, just modulation and demodulation. Anyone who can tap your land-line can snoop on your fax traffic.

    The Enigma machine is so simple that any modern PC can break it in a fraction of a second. It was only secure in an era of vastly simpler computational devices.

    Gokul's suggestion is probably the best one. PGP provides security that can be strong enough to provide secrecy against the world's largest governments. It produces printable (text) output, which could be read aloud over the phone, sent through snail mail, or even published in the New York Times with absolutely no loss of security.

    - Warren
     
  10. Jun 16, 2009 #9
    Just a note, the enigma comment I made wasn't meant as a serious one. It happened to be the only code I could think of when writing the post.
     
  11. Jun 16, 2009 #10

    Ouabache

    User Avatar
    Science Advisor
    Homework Helper

    It's ironic, the inspiration for naming this software, came from a little town that time forgot and the decades cannot improve. (somewhere in Mist County I believe). :rolleyes:
     
  12. Jun 16, 2009 #11
    As already pointed out your primary worry is concerning the people on the other end. I'm fairly certain that the vast majority of personal information gained and used illegally is appropriated by the persons working for the businesses that are receiving the information. Unless you are a person of note whom others may want to target for information theft the likelihood that someone will go through the trouble of intercepting yours is incredibly slim.
    I think really the biggest risk to your information comes from malware that you or the business you are dealing with may have picked up somewhere.
     
  13. Jun 16, 2009 #12
    Let's say someone gets my credit card number and uses it to make expensive purchases. If I can prove that I did not make these purchases, do I still have to pay the charges? I think I don't, but then does the credit card company have to pay the business at which the purchases where made? If the credit card thieves are caught, then they are the ones that probably have to pay, but if they are not, I am wondering who has to take the loss. Moonbear, can you say in more detail what happened in your case.
     
  14. Jun 16, 2009 #13
    No you wouldn't, I would assume the CC company has insurance for those sorts of things. Makes sense.

    I say this because if you book a flight with a Credit Card (not a Debit Card), and the airline goes bust or something awful like that, you can get a refund straight away from your Credit Card company and then they deal with it.
     
  15. Jun 16, 2009 #14
    Can i ask a question please,nowaays mobile hacking software are also available ,are they are very effective
     
  16. Jun 16, 2009 #15
    I wouldn't have thought mobiles were that secure either. How is it not easy to see what encryption the mobile phone actually uses and then decode it. I guess signals from the relay towers would be a different case tho.
     
  17. Jun 16, 2009 #16

    mgb_phys

    User Avatar
    Science Advisor
    Homework Helper

    The encryption on a GSM phone can be broken by custom hardware on a PC. But not quite in real time and the phone switches frequencies regularly, the new frequency being encrypted. It is possible to reconstruct a GSM call if you were able to record the traffic for all bands and then later decrypt and stitch together the calls.This has been demonstrated in the lab but I don't know of any reports of doing it in the field.

    Another method is to partly jam the base station, the GSM protocol can switch into a low signal unencrypted mode as a last resort.

    A bigger risk on a modern phone is that it is really a computer running all sorts of software, viruses that cause the phone to relay all your calls to another number or allow another phone to listen in on all your calls have been demonstrated.
     
  18. Jun 16, 2009 #17

    Moonbear

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    No, you're not responsible for paying for fraudulent uses of your card. If you know a card is missing and didn't report it (i.e., they physically have your card rather than having counterfeited one using your number), the CC company may specify some amount you would be responsible for paying...check your CC agreement.

    I don't know who takes the loss for certain, just that it wasn't me. I think it may be the retailer since the CC company would probably withhold payment from them when they are notified the purchase is fraudulent. It's basically a theft loss from whoever accepted the card number, the same as if someone had shoplifted or paid with a bad check if they use a counterfeit card.
     
  19. Jun 16, 2009 #18

    Office_Shredder

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    In the US the credit card company takes the hit. In the UK the retailer takes the hit. I don't know about anywhere else
     
  20. Jun 16, 2009 #19

    Hootenanny

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    Just because you know which encryption algorithm is in use, doesn't mean that it is easy to break it. In fact, an encryption algorithm that could be broken simply by knowing how it works wouldn't be a very good algorithm now would it?
     
  21. Jun 16, 2009 #20

    mgb_phys

    User Avatar
    Science Advisor
    Homework Helper

    As Hootenay says the encryption technique is well known (http://en.wikipedia.org/wiki/A5/1) it also quite a weak system, partly because the last 10bits of of the 64bit key are turned off.
    Part of the security comes from the way that the call continually hops frequencies, the phone and the base station agree in code which frequency to change to, so you only have a brief window of data to get a key from unless you can record all the bands.
     
    Last edited: Jun 16, 2009
Know someone interested in this topic? Share this thread via Reddit, Google+, Twitter, or Facebook




Similar Discussions: Information security
  1. Security at Athens (Replies: 3)

  2. Secure login (Replies: 13)

  3. Security clearance (Replies: 21)

Loading...