I feel like a simple solution to these cards would be a resistive sensor or something (such as two metal contacts that you place your finger over) and without your finger on them, the card doesn't talk.
Myself and a couple of friends had the exact same idea in 2012. One of the friends went off and created a security technology company. No doubt they attempted to go with the idea. The company got millions in funding but they still went bankrupt, so i imagine it wasn't a winning idea. I haven't spoken to the friend in quite a few years - grew apart and all that.
I've had my card wrapped in "AL-foil" for about a month. Now I know I'm "mostly" safe. Thanks for this video and the knowledge it passes on to the public. My bank couldn't even give me a straight answer about this.
A tap and go skimmer was the first device I built with what I learned on EEVblog. It works like a charm and finances all my subsequent projects. Thank you dave.
Reminds me of a few of my student mates. They made a tranceiver and antenna for scanning RFID cards from a distance of up to 10 meters. Worked pretty well, they could scan university cards from people walking below past the window of the lab.
No I dont, and if you want to do it you should try to develop it yourself instead of stealing all the work other did. You cant just take something someone else has worked on for two whole years and then make some quick fame by trying to make it art. Especially not without paying them for their work. Also, when encrypted RFID is just fine.
All this technology is well known, for last 150 years..nobody owns much here..You just make it bigger and more sensitive, but still there is a limit and it will be in region of a meter or two - 10m ? not sure.
That is true, but making it long range is still an area that has development. From what I understand one of the main problems is the LNA in the input. Noise overall is the limiting factor in these systems, and i agree, i doubt a system could be effective further than 10m if the encoding used is BASK (which generally has to have a fairly large signal to noise ratio).
Thanks for covering some of this Dave. It would be interesting to see more testing, experimentation, and methods of protection and disabling cards in the future. It was too bad that Mythbusters were never able to air their findings due to threats possible lawsuits even relate to talking about it. They are pretty tight lipped about it all to this day.
From taking screenshots of your lovely scope I'm able to ascertain that your name is Dave.. Joking aside I imagine with even just Al foil the eddy currents would produce enough noise to disguise the AM packets, although they are sent after the circuit is charged but at that freq it probably stops the induction to the receiver coil in the first place.. I love how every second week these card are on the news as a "security risk" but never referring to the RFID technology itself. Anyhow great video mate..
With the TI RFID Development kit TRF7970A I managed to read more than 10 cards at the same time. However I have seen tags that use the 125 kHz system for building access control interfer with the theft protection of a Fiat Punto. It took my friend at work several weeks to figure out what was going on and why his car didn't start sometimes. That was before 2006 though.
I really don't understand why they don't just build in a little metal dome switch on the card that must be pressed to allow power to the chip. It's blindingly obvious, super simple and 100% read proof until the exact moment of payment.
+EEVblog Either in classical Maxwellian electrodynamics or in the quantum mechanical version, this is a case of electromagnetic radiation. Electromagnetic radiation is produced at the transmitter coil and absorbed at the receiver coil. The difference between near-field and far-field is that in far-field, the math is simplified greatly by making assumptions. Those assumptions break down in the near-field case. The physical phenomenon at work is the same.
+Mark Holm Near field-theory is the more nearly "correct" version in either classical or quantum electrodynamics. If one were being picky about theoretical correctness, one would insist on the full, near-field treatment regardless of distance. Of course, you would find that, at larger distances, some terms of the equations calculate to very, very small values, and you would, rightly, question whether there was any purpose to all that extra number crunching.
+Proximity Mine Both Maxwell's and quantum electrodynamics make this clear. You can not separate the magnetic and electric field components. NFC is a classical, Maxwellian theory. NFC says that there are aspects of the electromagnetic field that fall off at 1/r and aspects that fall off at 1/r squared. Far field theory simplifies the math by ignoring the components that fall off as 1/r squared. In quantum mechanics it gets wilder, with "real" and "virtual" photons. These are poor choices of names. All the photons are real. The "virtual" ones participate in interactions that are quite real, but counterintuitive. As in the Maxwellian version, the contributions of "virtual" photons fall off as 1/ r squared.
The fun thing to do is have a larger coil in the purse that also picks up this magnetic field and outputs random noise in the RFID bands. The best part is that under normal conditions it does nothing, only when you're being scanned by some thief.
Dave Cad... classic :D Also, this technology is very similar to the QI standard for wireless charging for phones & tablets. Instead of sending the credit card data, the device sends information to the pad such as how much current to supply and when to stop by modulating the load on the phone's internal charging coils.
I wanted to totally disable the RFID function of my card. The answer was simple. A small notch in the bottom edge of the card, just a few mm, breaks the coil and stops it working.
A friend of mine was on the standards committee for the design of all RFID banking cards and he went through the maths regarding theft and RF levels both to activate the card and the RF from the card and the chance of someone stealing your data is very low. Anyway you'll get your money back as it was an unauthorised transaction.
People have seen skimmers walking the London Tube with handheld Point of Sale devices. Here in the UK the limit is a much more manageable £30. Still spend a few hours walking about London crowds and you could make a decent living. Electronically pickpocketing £30 quid a time.
There is no hope of this working. The owner of the pos device would never receive the money. The financial rules that apply are far too strict. Sounds like a "plausible" myth to me.
If you want to disable your payWave or PayPass chip, simply cut the side of the card where the wire loops around the card. You don't need to cut much, only to rupture the loop.
Not an RF field? That's exactly what this is! That schematic you drew is equivalent to a good old fashioned crystal radio with a loopstick antenna. Generally, any of the antennas with circular elements work by coupling the magnetic (B) field, while dipoles and related things like yagi arrays couple the electric (E) field.
Thanks for this comment... I was wondering about the statement at 1:50, and was going to ask: what’s the difference? I thought antennas we’re basically just strangely shaped (as compared to the coils we’re used to when talking about them as) inductors... though magnetic versus electric coupling definitely sounds like a difference... still, Dave, if you see this, I’d love to hear more about what you see as the differences. (Feel free to point me in the direction of existing videos, of course...)
I would like to see Dave take a look at the rfid Guardbunny created by Kristin Paget. First featured at schmoocon 2012 and later went openhardware and got an article on Hack a day.
Tip: Last NFC transactions history is stored directly in most Visa cards. There are applications to read them also. This video focuses a lot on scanning aspect, but scan is useless without SE response. So the only way to actually steal money is to perform MitM attack with HCE endpoint to emulate SE. As for biometric passports - data is encrypted and key is generated from passport number, date of birth and date of expiration. That's why you have this
Great vid and explanation Dave, but could you please also show how you do the measurements, I know most people will argue that the video will take too long, but it can be interesting to learn more about more complex measurements sometimes :)
Dave keeps going on about how it's "not an antenna", and that it uses magnetic coupling not "RF fields", but aren't they essentially the same thing, just longer distances? Like all EM waves are composed of Electric and magnetic fields right, so what makes this different?
Look up "Near and far field". In the near field, E-Field (electric) or H-Field (magnetic) can dominate. In the far field, there is a fixed ratio of E- and H-Field which is given by the impedance of air, which is about 377 Ohm. In this application, the H-Field dominates, meaning the impedance is much lower then the air impedance of 377 Ohm. For a radio broad cast transmitter you would aim at matching impedances of transmitter and antenna to increase efficiency.
My thoughts exactly. Let's take a FM radio broadcast station for example... It is a BIG primary and the receivers are all secondaries in a big imaginary transformer... Magnetic coupling being the magic phrase here.
+sarowie thanks for the jumping off point. Does this mean the phone is still generating a small far-field RF signal at its MHz carrier frequency when searching for a nearby tag and could u pick that up on a spectrum analyser?
Yeah, I'm starting to feel like he just does these things on purpose. Saying controversial things like "it's not an antenna", or that "current flows through capacitors". Then he watches the comment numbers mount and the view count climb. Great business model.
I haven't tried taking it apart so I don't know what tech the Tesla key uses, but other metal keys in my pocket sometimes interfere with the car's ability to read the key. That's over a much longer distance though.
Hey EEVblog, I might not be absolutely correct but it seems RF communication works with the same principle as RFID cause you are still using the same electromagnetic field for TX and RX except that the distance has to be very closed for reception. The current that is oscillating in RF antenna induce the same magnetic field for long distance transmission, and at the destination end you surely do need the antenna where the same signal will be induce except that mechanism for reception is different, but basically the medium is still the same. Thanks for pointing this out.
once u have used the app to read your card what's to stop the app squawking all your card details back to whoever wrote the app? This technology is called contactless payment here in the UK BTW.
in the USA, I don't think banks issue cards with the RFID chip anymore. As a matter of fact, I remember all my cards being replaced without the RFID symbol. They only contain the chip.
Mythbusters actually get banned by discovery channel's investors from testing NFC card security, that is now insecure these cards is, saddly, all banks now only issue NFC cards, HUGE mistake IMO
is it possible to use a jammer to jam the 13.56 mhz to prevent the tap from working at all? the scenario is someone could broadcast a blank 13.56 mhz wave so the terminal cant read so it prevent the transaction to force the use of the chip or swipe so the skimmer could be used. in the past when the chip came out criminals would make the shimmer insert have some tab to block the chip so when you put the card in it would not make connection to the chip at all or it would have some wires to corrupt the signals to the chip to make the transaction fail so it forces the customer to swipe. i am asking because i suspect that a couple gas stations here in the united states may be in on a skimming ring and they say it is a problem with the card or security.
I'd say that the reason people think that putting cards together will protect them is that a lot of implementations don't do anti-collision properly. Haven't tested it with Opal, but certainly the MyKi readers in Melbourne don't implement anti-collision, if it sees multiple cards it just gives up. So they've probably seen a message like "multiple cards detected, try again" and assumed that that means that the system can't read them if there are multiple cards there. As far as reading them from a distance, there's an application note, I believe on the TI website which covers building long range antennas for RFID, after a point you end up with something that looks like the anti-theft tag gates in shops. What I'd be more interested in (haven't got around to actually testing it though) is how much of the signal you could passively sniff while a transaction is in progress, because although the system is designed to use magnetic coupling, 13.5MHz propagates reasonably well so you're going to get some degree of RF leakage.
Question: Even if you had a super powerful transmitter, one capable of transmitting through the shielding sufficiently enough to activate the card, wouldnt it still not work because the card needs to then transmit back?
This is correct: The card, but the card won't be able to modulate it's answer onto the stronger magnetic field in a protocol complient way. This is done by design of the technology to limit the usable range to a few cm.
The card doesn't transmit, it communicates by varying the load. A guy at school made a reader that can communicate with ISO 14443 cards over a couple of meters as part of his dissertation, so it might be possible. It's not as much about power as it is about sensitivity.
Hey Dave, would love to see you do something with the keyless "fob in pocket" start auto systems. The rumor is that criminals can place a transceiver near your house say at the front door where a lot of people leave their keys and basically extend the range to get into the car. Don't know what happens if they start it and drive away. Does the engine shutdown when the key is no longer in communication range?
It was my understanding that RFID referred to card containing actual RF chips which also contained a coil. So when you slid your card through a magnetic field (think hotel room key) the RF chip would be able to send a code in a single RF burst, which was then read by the receiver. Is this technology also employed? Why is this not used in credit cards? Awesome video Dave!
To the end the sticky tape sticks more and more against your card and the risen numbers.. you show the card from various angles and with lighting from different sides... bad people could try to read the numbers. CRC could even help them to guess... yes, I know there are still things missing like the security code from the back, but I would have used a thicker tape, blurring the outlines of the numbers more.
They rise the numbers in Australian debit cards?! On debit cards in switzerland and germany, the number is just printed. Same with prepaid credit cards. This even true for prepaid credit cards (which are additionally marked with "online use only"). I have only seen risen numbers on true credit cards.
***** The marketing departments of banks seem silly to me. As a costumer, I care for functionally and prices. Maybe I care for the card "not looking like an ugly unprofessional mess", but thats about it. At least in europe, sells personal does not care what type of card you are holding as long as the machine says that the transaction was successful. Those risen numbers only remind me of the old paper transaction system that copied the card details mechanical on to paper. As I grew up in Switzerland, I feel any system other then Chip and Pin as antique and outdated - I hate it, that in Germany I have to hand over my card and sign a slip of paper. Let alone when they take my card and scan the mag-strip. So not having risen numbers feels better for me.
I have a German debit card with risen numbers (issued this year), so it is a Swiss thing or depends on the Bank. Maybe they do it because that's what older people expect, it doesn't really hurt and - maybe - you can use it in some less developed countries, that do still use paper transfer... but I Don't know if those exist.
Schwuuuuup Maybe my definition of "risen" varies from yours. On my debit card, the number is ever so slightly risen - there one layer of sticky tape should be enough to make the number unreadable on camera. But on a credit card, the number is really embossed.
What if they use a few shorted turns in the fabric to keep the induced voltage at ground zero? Can the transmitter get anything if you have shorted turns under it?
Can you switch that facility off or burn out the circuit with out of course damaging the chip. I prefer the idea of inserting the card and typing a code myself.
You could probably dump a big capacitor through a heavy coil of wire to create a magnetic field strong enough to fry the RFID chip. I have a dent in my ceiling from setting a cpu heatsink a coil of wire and dumping about 1kj through it.
It'd be cool to see what's being passed between a Nintendo Wii U or 3DS and the Amiibo NFC figures, or between Skylanders and Disney Infinity figures and their respective NFC stands.
I know of someone who used to chat with their victim. They worked in a shop with a card reader that they would put the card in and hand to the customer. They would get in to a surprised sorta reaction, put the card down on their touchless payment machine and and get an easy £30. Somehow it was also untraceable.
yeah,I guess i would be more converned with the ones they are sticking to the front of gas pumps and at rest stops. seems here in Michigan,theives have targeted the main areas they know people in a hurry to travel stop. they have already hit up several gas stations and rest stop machines.
All magnetic fields have a electric field, an electro magnetic field is what we call RF. So technically wouldn't the transformer magnetic fields be just as much RF as traditional RF and if not please clarify?
I must ad to this that the magnetic and electric field do not have to be proportional and as such a magnetic field is much stronger in transformers then the electric field.
I think you are correct. This system is an example of "Near-field magnetic induction communication" (see Wikipedia). The electric field is largely suppressed by the absence of a proper antenna, so the magnetic field is unable to transmit much energy into free space. Hence the transmission range is deliberately restricted to a few meters.
If you are worried about people stealing your data you could always just disable the RFID functionality. I know that my bank has an option online to just turn the feature off. The same option is there to disable the magnetic strip. What this does is probably just declines any transactions made when using those technologies.
Actually, the modulation is ~106KHz. (13.56MHz / 128). It only goes to 847.5KHZ (13.56MHz / 16) after the PPS handshake between the PICC (card) and PCD (reader). The card has to say, "I support these baud rates" during the RATS command, then the reader has to choose the baud rate to use with the PPS command. Otherwise, spot on, mate! I didn't know you did RFID stuff.
if people are so concerned, and they don't care to use the touch and go of the card, then I would just say they should exacto the coil and break the circuit.
I'd like to propose two fixes you might want to add before releasing it: 1) It is actually the same chip as the one seen from the outside, not a separate one (Google images "paywave x-ray"), and this way they can also have the same data shared (e.g. some cards count your contactless transactions and allow only X in a row). 2) They are not just data storage like your usual tag, but the are actively negotiating with the terminal and cryptographically sign transactions. The data you can read out from it alone will not help you much (you do get CC number and expiration date, but not name or CVC2 - it's worse to have your card captured by a security camera than having it scanned). To make a transaction, you would need to go around with a terminal, or relay the communication via the Internet to another phone at a rogue merchant's place, and since merchants must be registered, this makes it a lot harder for criminals.
hi Dave Actually RF's are magnetic waves so why are you bothering yourself to say its different from a typical RF cable that sends off data in form off some modulation of a RF pulse?
Do the tags put into clothing etc. work on the same principle and iso standard? I'm just curious as to the function expected by the use of these tags. They seem very intrusive.
Such a shield works while the card is in it. Remove the card to use with the RFID scanner at checkout and a black hat behind you in the checkout line doesn't even need to transmit anything to pick up the signal.
To clarify: the message that the chip sends to authorise a transaction and prove that it isn't a clone (the cryptogram) is protected by strong cryptography, but information that is also present on the front of the card or on the magstripe, such as the card number, is always transmitted in the clear. So it's possible to skim a card and use the card number to shop online or something, but, in principle, it's not possible to physically clone a skimmed card. In practice, this isn't always true, mainly due to American banks that don't bother checking the cryptogram.
+Francois Molinier nope, the cryptogram is the response part of a challenge-response protocol. it's a digital signature of the transaction details and a nonce, so a MITM won't work as these will be different for a different transaction. this is all moot anyway since the card will give you the number if you ask for it, and that's all you really need to make a transaction
Just put the card in an aluminumized envelope, just like you'd do with those toll transponders. I'd have thought that putting the card inside of an aluminum box would shield it because the box should act as a shorted turn in the transformer.
Here in the UK it's between 25 and 50 pounds depending on your bank. Mine doesn't work which is infuriating because I want it to and my bank keep sending a new card for the WRONG account. Oh and at least on my Visa card, the chip used for the RFID is the same one as the normal chip
I have an idea or two about a protection features that can be added to these cards. How about if the chip in the card only starts working if it detects the electrical resistance from your fingers on the card? That way the only way the card can work, is if you are holding it. Otherwise it's only going to activate the coil if it is within a 13.56MHz magnetic field but there isn't going to be any data exchange. Something like a metallic grid on the card that should read somewhere between say 10 and 50 koms in order to start the chip. Or have specific finger locations that you need to hold the card at, in order for it to work. And there is even a simpler way to do it, just put a dome switch in the card that should be pressed in order to connect the coil to the electronics inside. Needless to say that it's location must be a bit deeper in the card in order to prevent the button getting pressed while in your purse or pocket. That way you can only activate the card if you are holding at a specific location and apply some relatively significant pressure.
could you use some gadgets in your lab to generate a more powerful transmitter? That would have been interesting. And to test the max distance with the phone's power and plot it out
Here abouts in Ontario Canada, people call it "arrfid" as a single spoken word. The cards don't take a lot of flexing, heat or use before failure. Any three of those cause them chips to fail, and I find my cards have a max six months functionality before I am getting a new one (one card replacement lasted six weeks). My bank allows stores to set the spend limit up to 100 dollars, but the bank only allows 50 consecutive transactions. But, that is when everything is in working order, and the general fail rate is about 40%. Mostly because stores need to continually update security and they don't and their scanners stop working. More interesting question to ask. My bank manager told me recently that there is word in the banks that the mag strip is going to be phased out soon has anyone else hear this is a thing on the way?
Have you seen the jamming cards that deliberately jam the RFID frequencies when they detect a field? I've seen a bunch of these on the market (eg: armourcard, which is an Aus company - they sell them at JB). Would be interesting to see whether they're any good using the testing setup you used there. Interesting story is that I see them on the counter near the EFTPOS pinpads, and every time i get a failed card read at JB (and had to insert the card instead) one of these display stands is pretty much next to the pinpad. Tends to lend credibility to the product, but really silly placement by JB!
EEVblog Last I saw I *think* they were $50ish AUD or something, so not very cheap. Price may have changed tho. If need be i might be able to send you the one I have.
Oh, I have a slight issue with how you are thinking modulating a coil is not a radio? The difference between a transformer and a radio is the radio modulates the electromagnetic field (we call it electromagnetic radiation for a reason). My one transistor AM crystal radio works exactly the same way using the radio signal to provide enough current to run it, admittedly I do ground it rather than ground to the other end of the coil. I bet if I tune a heterodyne receiver to 50Hz I'll be able to here a continuous 50Hz radio signal. With a powerful enough radio signal one can in fact activate one of these cards.
So you trade the inconvenience of swiping your card for the inconvenience of wrapping and unwrapping your card in tin foil. (Yes, I know it's not tin.)
Maybe a while. That's a licence to shoplift (none of the security tags would activate the door alarm). For ages lifters have been lining their bags with foil to beat those pesky door alarms - if they are caught they get done for 'going equipped', even if they haven't nicked anything. A bag with it built in would allow them to 'go equipped' and not get in trouble if stopped. If they made them they would fly off the shelves and straight out the door (avoiding the tills on the way of course!). It might also affect mobile phone reception???
Those anti-theft systems at stores use an electromagnetic field, right? Would love to see a hack that turns them into a giant skimmer that could be wheeled up to any store front.
great video as always, some banks NAB for example, offer a paypass for your phone which basically acts just like your card for transactions. I obviously turn my NFC off, but I wonder if someone didn't could readers do the same thing or would there be some kind of extra security level in it's software?
Beats the paint-drying Lab Re-arranging vid Dave :) Seriously, was insightful. Actually quite simple how it works in terms of coms. But surely the card is read only, so if you could capture the traffic and decode it, one could emulate it? Or perhaps there is some sort of 'key' on board, like SSL
The ISO14443 standard calls for readers to have a minimum of 1.5A/m output. ISO15693 calls for 2.0 A/m. if anyone's interested. ISO10373 is concerned with the measurements of the readers. Your phone will be producing around 1.0A/m at 13.56MHz. the ISO14443A ID1 credentials can sometimes read somewhere around 0.3 to 0.4A/m depending upon the amount of processing involved. Actually you'll find that most cards won't be read over about 15cm with a reader producing 4A/m as the magnetic field just isn't strong enough. You won't find anything portable over 4A/m as you start needing a beefy RF amp It is quite possible for these cards to be read from this distance but like Dave said, it doesn't mean they can actually set the transactions up.
I find it funny, the building I live in has NFC "RFID" tags to get in. I got a new phone that has NFC, and I've pondered emulating my tag just for kicks.
my brothers school uses them for payong for lunch, and access to doors and printers etc. he and his friends cloned some peoples cards and got free lunches lol
I don't think that I believe your statement that card information can't be stolen, because how would the store's scanner process a payment? My wife's card had not left it's paper sheath since it was issued, and yet it, and every RFID card in her wallet were compromised somehow. The old cards without contactless payment were unaffected. I call BS on the VISA assertion that this is secure.
This is why no-one with any technical knowledge should call them 'RFID' cards. These are all NFC(Or near-field-commutation) cards. Dave gets half a break as he's using layman's terms for ease of explanation, but searching for 'NFC' reader and 'RFID' reader gets quite different results. Many public transport cards use the same tech, so they make for great test cards if you don't want your credit card shown on air. :) And if you want a somewhat overpriced(due to postage outside of us) way to see what tech a reader uses: dangerousthings.com/shop/rfid-diagnostic-tool/
That I didn't know! Shame on the ISO standards! Also, as far as I know, these 'shields' act as much like a shorted turn as magnetic shielding, taking the energy the card requires and turning it into heat. A 'loop' of aluminium sheet works as a great shield, but one with a break in it(Still overlapping, but insulated) doesn't. For photos: goo.gl/photos/nWY5YPL9KhZabgFP9 I believe the more conductive the material the better it works in this application. I wish I had a piece of ferrite large enough to test this further.
In theory could one "record" the RFID data from a credit card then "play" it back into POS terminal at a store to generate a transaction under the $100 threshold to require a PIN using either a cellphone or possible some sort of Arduino based device?
![I.N "HALLUCINATION" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/n5B5q1Hwt_U/mqdefault.jpg)
I feel like a simple solution to these cards would be a resistive sensor or something (such as two metal contacts that you place your finger over) and without your finger on them, the card doesn't talk.
Myself and a couple of friends had the exact same idea in 2012. One of the friends went off and created a security technology company. No doubt they attempted to go with the idea. The company got millions in funding but they still went bankrupt, so i imagine it wasn't a winning idea. I haven't spoken to the friend in quite a few years - grew apart and all that.
I've had my card wrapped in "AL-foil" for about a month. Now I know I'm "mostly" safe. Thanks for this video and the knowledge it passes on to the public. My bank couldn't even give me a straight answer about this.
Love that DaveCAD works beautifully even on small screens.
A tap and go skimmer was the first device I built with what I learned on EEVblog. It works like a charm and finances all my subsequent projects. Thank you dave.
Cool
Yeah right, Mrs EEVBlog's bag..
It's your new manbag isn't it :-)
Busted.
+EEVblog hey dave, with some effort i think at 15:55 you can read the credit card number... Just a guess.
I don't see it.
+EEVblog well, i just wanted to let you know ;)
+EEVblog ahh he can see the bumps being show by the lights reflecting off the tape
Reminds me of a few of my student mates. They made a tranceiver and antenna for scanning RFID cards from a distance of up to 10 meters. Worked pretty well, they could scan university cards from people walking below past the window of the lab.
Do you have documentation? I'm planning an art installation to show that RFID maybe isn't the best idea.
No I dont, and if you want to do it you should try to develop it yourself instead of stealing all the work other did. You cant just take something someone else has worked on for two whole years and then make some quick fame by trying to make it art. Especially not without paying them for their work.
Also, when encrypted RFID is just fine.
Ouch!
All this technology is well known, for last 150 years..nobody owns much here..You just make it bigger and more sensitive, but still there is a limit and it will be in region of a meter or two - 10m ? not sure.
That is true, but making it long range is still an area that has development. From what I understand one of the main problems is the LNA in the input. Noise overall is the limiting factor in these systems, and i agree, i doubt a system could be effective further than 10m if the encoding used is BASK (which generally has to have a fairly large signal to noise ratio).
Thanks for covering some of this Dave. It would be interesting to see more testing, experimentation, and methods of protection and disabling cards in the future. It was too bad that Mythbusters were never able to air their findings due to threats possible lawsuits even relate to talking about it. They are pretty tight lipped about it all to this day.
From taking screenshots of your lovely scope I'm able to ascertain that your name is Dave..
Joking aside I imagine with even just Al foil the eddy currents would produce enough noise to disguise the AM packets, although they are sent after the circuit is charged but at that freq it probably stops the induction to the receiver coil in the first place..
I love how every second week these card are on the news as a "security risk" but never referring to the RFID technology itself. Anyhow great video mate..
With the TI RFID Development kit TRF7970A I managed to read more than 10 cards at the same time. However I have seen tags that use the 125 kHz system for building access control interfer with the theft protection of a Fiat Punto. It took my friend at work several weeks to figure out what was going on and why his car didn't start sometimes. That was before 2006 though.
Yes, my 125KHz lab access cards don't work with two in my wallet.
I really don't understand why they don't just build in a little metal dome switch on the card that must be pressed to allow power to the chip. It's blindingly obvious, super simple and 100% read proof until the exact moment of payment.
Creating foil card sleeves seems like a much more practical solution than buying entire accessories to solve the problem.
Indeed.
That is RF . RF stands for, wait for it, Radio Frequency. 873 kHz is a frequency that my radio can pick up, is designed to pick up. It is RF !
Start by looking up Near Field vs Far Field theory.
Aehm.. No!
+EEVblog Either in classical Maxwellian electrodynamics or in the quantum mechanical version, this is a case of electromagnetic radiation. Electromagnetic radiation is produced at the transmitter coil and absorbed at the receiver coil. The difference between near-field and far-field is that in far-field, the math is simplified greatly by making assumptions. Those assumptions break down in the near-field case. The physical phenomenon at work is the same.
+Mark Holm Near field-theory is the more nearly "correct" version in either classical or quantum electrodynamics. If one were being picky about theoretical correctness, one would insist on the full, near-field treatment regardless of distance. Of course, you would find that, at larger distances, some terms of the equations calculate to very, very small values, and you would, rightly, question whether there was any purpose to all that extra number crunching.
+Proximity Mine Both Maxwell's and quantum electrodynamics make this clear. You can not separate the magnetic and electric field components. NFC is a classical, Maxwellian theory. NFC says that there are aspects of the electromagnetic field that fall off at 1/r and aspects that fall off at 1/r squared. Far field theory simplifies the math by ignoring the components that fall off as 1/r squared. In quantum mechanics it gets wilder, with "real" and "virtual" photons. These are poor choices of names. All the photons are real. The "virtual" ones participate in interactions that are quite real, but counterintuitive. As in the Maxwellian version, the contributions of "virtual" photons fall off as 1/ r squared.
Thanks for clearing up the misconception and highlighting the technology.
Thats the REAL PERFECT way to really explain those "RFID" cards! Perfect, and Understandable.
Indeed, It is a Inductively coupled system.
The fun thing to do is have a larger coil in the purse that also picks up this magnetic field and outputs random noise in the RFID bands. The best part is that under normal conditions it does nothing, only when you're being scanned by some thief.
Good Lord! It works. Just two layers of aluminum foil inserted in my wallet and NFC can't read anything. Thank you very much for that advice!
Dave Cad... classic :D Also, this technology is very similar to the QI standard for wireless charging for phones & tablets. Instead of sending the credit card data, the device sends information to the pad such as how much current to supply and when to stop by modulating the load on the phone's internal charging coils.
I wanted to totally disable the RFID function of my card. The answer was simple. A small notch in the bottom edge of the card, just a few mm, breaks the coil and stops it working.
A friend of mine was on the standards committee for the design of all RFID banking cards and he went through the maths regarding theft and RF levels both to activate the card and the RF from the card and the chance of someone stealing your data is very low. Anyway you'll get your money back as it was an unauthorised transaction.
People have seen skimmers walking the London Tube with handheld Point of Sale devices. Here in the UK the limit is a much more manageable £30. Still spend a few hours walking about London crowds and you could make a decent living. Electronically pickpocketing £30 quid a time.
There is no hope of this working. The owner of the pos device would never receive the money. The financial rules that apply are far too strict. Sounds like a "plausible" myth to me.
I'm sure every real business would pay good money to find out ho to get your cash quickly from the ACH.
The convenience outweighs the risk apart from when it interferes with my bus pass!
If you want to disable your payWave or PayPass chip, simply cut the side of the card where the wire loops around the card. You don't need to cut much, only to rupture the loop.
Not an RF field? That's exactly what this is! That schematic you drew is equivalent to a good old fashioned crystal radio with a loopstick antenna.
Generally, any of the antennas with circular elements work by coupling the magnetic (B) field, while dipoles and related things like yagi arrays couple the electric (E) field.
Thanks for this comment... I was wondering about the statement at 1:50, and was going to ask: what’s the difference? I thought antennas we’re basically just strangely shaped (as compared to the coils we’re used to when talking about them as) inductors... though magnetic versus electric coupling definitely sounds like a difference... still, Dave, if you see this, I’d love to hear more about what you see as the differences. (Feel free to point me in the direction of existing videos, of course...)
I would like to see Dave take a look at the rfid Guardbunny created by Kristin Paget. First featured at schmoocon 2012 and later went openhardware and got an article on Hack a day.
More sophisticated than a charcoal rubbing of a pocket to determine the contents.
Tip: Last NFC transactions history is stored directly in most Visa cards. There are applications to read them also.
This video focuses a lot on scanning aspect, but scan is useless without SE response. So the only way to actually steal money is to perform MitM attack with HCE endpoint to emulate SE.
As for biometric passports - data is encrypted and key is generated from passport number, date of birth and date of expiration.
That's why you have this
You will find that the credit card details can be retrieved. If you had pressed the tag information, you would have seen the credit card number.
In Portugal the code is asked every 60€ of purchases and if a single transaction is more than 20€.
Great vid and explanation Dave, but could you please also show how you do the measurements, I know most people will argue that the video will take too long, but it can be interesting to learn more about more complex measurements sometimes :)
I have tested access control RFID at the 125Khz band and even very thin aluminium works as a shield... :-/
Dave keeps going on about how it's "not an antenna", and that it uses magnetic coupling not "RF fields", but aren't they essentially the same thing, just longer distances?
Like all EM waves are composed of Electric and magnetic fields right, so what makes this different?
Look up "Near and far field". In the near field, E-Field (electric) or H-Field (magnetic) can dominate.
In the far field, there is a fixed ratio of E- and H-Field which is given by the impedance of air, which is about 377 Ohm.
In this application, the H-Field dominates, meaning the impedance is much lower then the air impedance of
377 Ohm. For a radio broad cast transmitter you would aim at matching impedances of transmitter and antenna to increase efficiency.
My thoughts exactly. Let's take a FM radio broadcast station for example... It is a BIG primary and the receivers are all secondaries in a big imaginary transformer... Magnetic coupling being the magic phrase here.
+sarowie thanks for the jumping off point.
Does this mean the phone is still generating a small far-field RF signal at its MHz carrier frequency when searching for a nearby tag and could u pick that up on a spectrum analyser?
Yeah, I'm starting to feel like he just does these things on purpose.
Saying controversial things like "it's not an antenna", or that "current flows through capacitors".
Then he watches the comment numbers mount and the view count climb. Great business model.
It's an antenna in the near field.
I haven't tried taking it apart so I don't know what tech the Tesla key uses, but other metal keys in my pocket sometimes interfere with the car's ability to read the key. That's over a much longer distance though.
Hey EEVblog, I might not be absolutely correct but it seems RF communication works with the same principle as RFID cause you are still using the same electromagnetic field for TX and RX except that the distance has to be very closed for reception. The current that is oscillating in RF antenna induce the same magnetic field for long distance transmission, and at the destination end you surely do need the antenna where the same signal will be induce except that mechanism for reception is different, but basically the medium is still the same. Thanks for pointing this out.
once u have used the app to read your card what's to stop the app squawking all your card details back to whoever wrote the app? This technology is called contactless payment here in the UK BTW.
Would it be realistically possible for someone to make a device that remotely fries the wireless pay circuit in these credit cards?
Yes, not difficult.
In theory yes. Super high magnetic field and sure it will burn... You might notice it tho.
It's been done! Android app the mimics a point of sale device.
Yes, TPAI made a video about it.
The point is to FRY the chip, not READ the chip.
thanks for sharing your cc# on the scope lol
He also shared it in the reflection of the tape over the numbers near the end.
in the USA, I don't think banks issue cards with the RFID chip anymore. As a matter of fact, I remember all my cards being replaced without the RFID symbol. They only contain the chip.
Mythbusters actually get banned by discovery channel's investors from testing NFC card security, that is now insecure these cards is, saddly, all banks now only issue NFC cards, HUGE mistake IMO
yes I hear a reported of that. they say that when was filming a lot of visa lowers come. and they decide not to air that episode
My bank recently gave me a new card that does not have the NFC technology. It still has the magnetic strip and the new thing on it is a chip.
They've got plenty to deal with before they get to NFC... watch?v=VdlKtexIUU8
Not true just got a new card from my bank a month or so ago. No chip and no NFC. U S A! U S A! lol
is it possible to use a jammer to jam the 13.56 mhz to prevent the tap from working at all?
the scenario is someone could broadcast a blank 13.56 mhz wave so the terminal cant read so it prevent the transaction to force the use of the chip or swipe so the skimmer could be used.
in the past when the chip came out criminals would make the shimmer insert have some tab to block the chip so when you put the card in it would not make connection to the chip at all or it would have some wires to corrupt the signals to the chip to make the transaction fail so it forces the customer to swipe.
i am asking because i suspect that a couple gas stations here in the united states may be in on a skimming ring and they say it is a problem with the card or security.
Informative video Dave. Well done.
I'd say that the reason people think that putting cards together will protect them is that a lot of implementations don't do anti-collision properly. Haven't tested it with Opal, but certainly the MyKi readers in Melbourne don't implement anti-collision, if it sees multiple cards it just gives up. So they've probably seen a message like "multiple cards detected, try again" and assumed that that means that the system can't read them if there are multiple cards there.
As far as reading them from a distance, there's an application note, I believe on the TI website which covers building long range antennas for RFID, after a point you end up with something that looks like the anti-theft tag gates in shops.
What I'd be more interested in (haven't got around to actually testing it though) is how much of the signal you could passively sniff while a transaction is in progress, because although the system is designed to use magnetic coupling, 13.5MHz propagates reasonably well so you're going to get some degree of RF leakage.
Hey Dave, how about a video on those little security chips. Those look pretty neat to me.
Does the alignment between the transceiver and the card matter?
Question: Even if you had a super powerful transmitter, one capable of transmitting through the shielding sufficiently enough to activate the card, wouldnt it still not work because the card needs to then transmit back?
I suspect if you could get enough energy into the chip to make it transit through a good layer of shielding you would burn out the chip.
This is correct: The card, but the card won't be able to modulate it's answer onto the stronger magnetic field in a protocol complient way. This is done by design of the technology to limit the usable range to a few cm.
Do the cards have over-voltage protection for the coil?
The card doesn't transmit, it communicates by varying the load. A guy at school made a reader that can communicate with ISO 14443 cards over a couple of meters as part of his dissertation, so it might be possible. It's not as much about power as it is about sensitivity.
Also NFC TagInfo by NXP gives lots of data.
Hey Dave, would love to see you do something with the keyless "fob in pocket" start auto systems. The rumor is that criminals can place a transceiver near your house say at the front door where a lot of people leave their keys and basically extend the range to get into the car. Don't know what happens if they start it and drive away. Does the engine shutdown when the key is no longer in communication range?
It was my understanding that RFID referred to card containing actual RF chips which also contained a coil. So when you slid your card through a magnetic field (think hotel room key) the RF chip would be able to send a code in a single RF burst, which was then read by the receiver. Is this technology also employed? Why is this not used in credit cards?
Awesome video Dave!
To the end the sticky tape sticks more and more against your card and the risen numbers.. you show the card from various angles and with lighting from different sides...
bad people could try to read the numbers. CRC could even help them to guess...
yes, I know there are still things missing like the security code from the back, but I would have used a thicker tape, blurring the outlines of the numbers more.
They rise the numbers in Australian debit cards?! On debit cards in switzerland and germany, the number is just printed. Same with prepaid credit cards. This even true for prepaid credit cards (which are additionally marked with "online use only"). I have only seen risen numbers on true credit cards.
+sarowie There are also risen numbers on some prepaid cards, as a "feature" to make the cardholder feel less cheap. (Bullshit of course)
*****
The marketing departments of banks seem silly to me. As a costumer, I care for functionally and prices. Maybe I care for the card "not looking like an ugly unprofessional mess", but thats about it. At least in europe, sells personal does not care what type of card you are holding as long as the machine says that the transaction was successful.
Those risen numbers only remind me of the old paper transaction system that copied the card details mechanical on to paper. As I grew up in Switzerland, I feel any system other then Chip and Pin as antique and outdated - I hate it, that in Germany I have to hand over my card and sign a slip of paper. Let alone when they take my card and scan the mag-strip. So not having risen numbers feels better for me.
I have a German debit card with risen numbers (issued this year), so it is a Swiss thing or depends on the Bank.
Maybe they do it because that's what older people expect, it doesn't really hurt and - maybe - you can use it in some less developed countries, that do still use paper transfer... but I Don't know if those exist.
Schwuuuuup
Maybe my definition of "risen" varies from yours. On my debit card, the number is ever so slightly risen - there one layer of sticky tape should be enough to make the number unreadable on camera. But on a credit card, the number is really embossed.
What if they use a few shorted turns in the fabric to keep the induced voltage at ground zero? Can the transmitter get anything if you have shorted turns under it?
Can you switch that facility off or burn out the circuit with out of course damaging the chip. I prefer the idea of inserting the card and typing a code myself.
Take a hole punch to the coil around the card.
You could probably dump a big capacitor through a heavy coil of wire to create a magnetic field strong enough to fry the RFID chip.
I have a dent in my ceiling from setting a cpu heatsink a coil of wire and dumping about 1kj through it.
Or a snip
@rocketman221projects The magnetic strip would need to be left alone for "regular" use.
I wouldn't try and overload it. You likely can drill out the coil connection. 1mm would do it.
It'd be cool to see what's being passed between a Nintendo Wii U or 3DS and the Amiibo NFC figures, or between Skylanders and Disney Infinity figures and their respective NFC stands.
I know of someone who used to chat with their victim. They worked in a shop with a card reader that they would put the card in and hand to the customer. They would get in to a surprised sorta reaction, put the card down on their touchless payment machine and and get an easy £30. Somehow it was also untraceable.
yeah,I guess i would be more converned with the ones they are sticking to the front of gas pumps and at rest stops. seems here in Michigan,theives have targeted the main areas they know people in a hurry to travel stop. they have already hit up several gas stations and rest stop machines.
lol the black tape reminded me of the scraped off ICs, And you thought all along those foil cone hats in the 80's was all for just laughs.
All magnetic fields have a electric field, an electro magnetic field is what we call RF. So technically wouldn't the transformer magnetic fields be just as much RF as traditional RF and if not please clarify?
I must ad to this that the magnetic and electric field do not have to be proportional and as such a magnetic field is much stronger in transformers then the electric field.
I think you are correct. This system is an example of "Near-field magnetic induction communication" (see Wikipedia). The electric field is largely suppressed by the absence of a proper antenna, so the magnetic field is unable to transmit much energy into free space. Hence the transmission range is deliberately restricted to a few meters.
yes, modulating a coil is a radio.
If you are worried about people stealing your data you could always just disable the RFID functionality. I know that my bank has an option online to just turn the feature off. The same option is there to disable the magnetic strip. What this does is probably just declines any transactions made when using those technologies.
Is it possible to emulate a NFC tag with the phone? I.e, store a copy of a tag and emulate it?
Actually, the modulation is ~106KHz. (13.56MHz / 128). It only goes to 847.5KHZ (13.56MHz / 16) after the PPS handshake between the PICC (card) and PCD (reader). The card has to say, "I support these baud rates" during the RATS command, then the reader has to choose the baud rate to use with the PPS command.
Otherwise, spot on, mate! I didn't know you did RFID stuff.
In the UK it's just 'touchless payment' and limited to £30 afaik.
Did you forget some annotations at the end?
if people are so concerned, and they don't care to use the touch and go of the card, then I would just say they should exacto the coil and break the circuit.
Hole punch. Break a single wire and the coil is useless, and a small hole doesn't hurt it's normal use.
+theLuigiFan0007 Can confirm. I did this with my uni ID card by accident XD.
I'd like to propose two fixes you might want to add before releasing it: 1) It is actually the same chip as the one seen from the outside, not a separate one (Google images "paywave x-ray"), and this way they can also have the same data shared (e.g. some cards count your contactless transactions and allow only X in a row). 2) They are not just data storage like your usual tag, but the are actively negotiating with the terminal and cryptographically sign transactions. The data you can read out from it alone will not help you much (you do get CC number and expiration date, but not name or CVC2 - it's worse to have your card captured by a security camera than having it scanned). To make a transaction, you would need to go around with a terminal, or relay the communication via the Internet to another phone at a rogue merchant's place, and since merchants must be registered, this makes it a lot harder for criminals.
Yes, it's not easy, but it's possible and has been done. Risk is pretty low though.
"Don't wear it on your head, put it in your pocket" lol.
why do i find 'Dave CAD' funny with the smiley face in the D? i do not know but it made me laugh (3:10)
For years now, on my circuit diagrams, I've put a little DaveCAD smiley in the corner, just cuz it makes me chuckle ;)
You can get a commercial DaveCAD license from EEVblog so you can use it on the back of more then one envelope lol
heh, yup. Perhaps I should have clarified that these are drawings I was making for myself alone in my room :P.
You are using an unauthorised version of Dave CAD.
smelly box "Lets go to DaveCAD" Always gets me
And when you loose it anyone can help themselves to your money. Not the smartest idea. I'm sticking with the old chip and pin.....much safer
Best video on how NFC works but with wrong title
hi Dave
Actually RF's are magnetic waves so why are you bothering yourself to say its different from a typical RF cable that sends off data in form off some modulation of a RF pulse?
Do the tags put into clothing etc. work on the same principle and iso standard? I'm just curious as to the function expected by the use of these tags. They seem very intrusive.
I remember in the 90 all the public phone use that chip for cards with credits. And we use a eprom with the software to emulate and call free.
Can you get the hex dump from the oscilloscope image? :D
Hi! Where can I find more details on the schematic you've drawn in this video?
How about cutting up an anti-static bag (the gray ones, not the pink ones)?
Aluminum foil is VERY fragile, and will not last long.
Such a shield works while the card is in it. Remove the card to use with the RFID scanner at checkout and a black hat behind you in the checkout line doesn't even need to transmit anything to pick up the signal.
To clarify: the message that the chip sends to authorise a transaction and prove that it isn't a clone (the cryptogram) is protected by strong cryptography, but information that is also present on the front of the card or on the magstripe, such as the card number, is always transmitted in the clear. So it's possible to skim a card and use the card number to shop online or something, but, in principle, it's not possible to physically clone a skimmed card. In practice, this isn't always true, mainly due to American banks that don't bother checking the cryptogram.
+Francois Molinier nope, the cryptogram is the response part of a challenge-response protocol. it's a digital signature of the transaction details and a nonce, so a MITM won't work as these will be different for a different transaction. this is all moot anyway since the card will give you the number if you ask for it, and that's all you really need to make a transaction
Just put the card in an aluminumized envelope, just like you'd do with those toll transponders.
I'd have thought that putting the card inside of an aluminum box would shield it because the box should act as a shorted turn in the transformer.
Here in the UK it's between 25 and 50 pounds depending on your bank. Mine doesn't work which is infuriating because I want it to and my bank keep sending a new card for the WRONG account. Oh and at least on my Visa card, the chip used for the RFID is the same one as the normal chip
The current limit for "no cardholder verification" by contactless in the UK is £30 regardless of bank.
I have an idea or two about a protection features that can be added to these cards. How about if the chip in the card only starts working if it detects the electrical resistance from your fingers on the card? That way the only way the card can work, is if you are holding it. Otherwise it's only going to activate the coil if it is within a 13.56MHz magnetic field but there isn't going to be any data exchange.
Something like a metallic grid on the card that should read somewhere between say 10 and 50 koms in order to start the chip. Or have specific finger locations that you need to hold the card at, in order for it to work.
And there is even a simpler way to do it, just put a dome switch in the card that should be pressed in order to connect the coil to the electronics inside. Needless to say that it's location must be a bit deeper in the card in order to prevent the button getting pressed while in your purse or pocket. That way you can only activate the card if you are holding at a specific location and apply some relatively significant pressure.
you don't have to put it all around, one layer of foil on any side is enough because it detunes the resonant frequency a lot.
i wonder if you can make an rf id protected duck tape wallet using that foil
could you use some gadgets in your lab to generate a more powerful transmitter? That would have been interesting. And to test the max distance with the phone's power and plot it out
Here abouts in Ontario Canada, people call it "arrfid" as a single spoken word. The cards don't take a lot of flexing, heat or use before failure. Any three of those cause them chips to fail, and I find my cards have a max six months functionality before I am getting a new one (one card replacement lasted six weeks). My bank allows stores to set the spend limit up to 100 dollars, but the bank only allows 50 consecutive transactions. But, that is when everything is in working order, and the general fail rate is about 40%. Mostly because stores need to continually update security and they don't and their scanners stop working. More interesting question to ask. My bank manager told me recently that there is word in the banks that the mag strip is going to be phased out soon has anyone else hear this is a thing on the way?
Thanks Dave.
Just for your information: Skimming like this is already happening in Europe.
Have you seen the jamming cards that deliberately jam the RFID frequencies when they detect a field? I've seen a bunch of these on the market (eg: armourcard, which is an Aus company - they sell them at JB). Would be interesting to see whether they're any good using the testing setup you used there. Interesting story is that I see them on the counter near the EFTPOS pinpads, and every time i get a failed card read at JB (and had to insert the card instead) one of these display stands is pretty much next to the pinpad. Tends to lend credibility to the product, but really silly placement by JB!
Yeah! Test this!
Didn't know about these, and JB Hi-Fi, hmm I could just go pick one up.
EEVblog Last I saw I *think* they were $50ish AUD or something, so not very cheap. Price may have changed tho. If need be i might be able to send you the one I have.
Oh, I have a slight issue with how you are thinking modulating a coil is not a radio? The difference between a transformer and a radio is the radio modulates the electromagnetic field (we call it electromagnetic radiation for a reason). My one transistor AM crystal radio works exactly the same way using the radio signal to provide enough current to run it, admittedly I do ground it rather than ground to the other end of the coil. I bet if I tune a heterodyne receiver to 50Hz I'll be able to here a continuous 50Hz radio signal. With a powerful enough radio signal one can in fact activate one of these cards.
So you trade the inconvenience of swiping your card for the inconvenience of wrapping and unwrapping your card in tin foil. (Yes, I know it's not tin.)
So when is somebody going to make a shoplifting RFID/NFC theft protection handbag with the lining over the main compartment?
Maybe a while. That's a licence to shoplift (none of the security tags would activate the door alarm). For ages lifters have been lining their bags with foil to beat those pesky door alarms - if they are caught they get done for 'going equipped', even if they haven't nicked anything. A bag with it built in would allow them to 'go equipped' and not get in trouble if stopped. If they made them they would fly off the shelves and straight out the door (avoiding the tills on the way of course!).
It might also affect mobile phone reception???
Those anti-theft systems at stores use an electromagnetic field, right? Would love to see a hack that turns them into a giant skimmer that could be wheeled up to any store front.
great video as always, some banks NAB for example, offer a paypass for your phone which basically acts just like your card for transactions. I obviously turn my NFC off, but I wonder if someone didn't could readers do the same thing or would there be some kind of extra security level in it's software?
Probably works the same from an authentification point of view. But you need an approved transaction system to do it.
Normally you get an app where you have to enter a PIN or such.
***** yeah a pin is optional but not as default
Beats the paint-drying Lab Re-arranging vid Dave :)
Seriously, was insightful. Actually quite simple how it works in terms of coms. But surely the card is read only, so if you could capture the traffic and decode it, one could emulate it? Or perhaps there is some sort of 'key' on board, like SSL
Hagenberg goes EEVBlog ;-)
What censoring tool are you using, very effective.
Been using metallic Christmas foil wrapping paper in my wallet to protect my credit cards. Thank you for the video ! tjl
The ISO14443 standard calls for readers to have a minimum of 1.5A/m output. ISO15693 calls for 2.0 A/m. if anyone's interested. ISO10373 is concerned with the measurements of the readers.
Your phone will be producing around 1.0A/m at 13.56MHz. the ISO14443A ID1 credentials can sometimes read somewhere around 0.3 to 0.4A/m depending upon the amount of processing involved. Actually you'll find that most cards won't be read over about 15cm with a reader producing 4A/m as the magnetic field just isn't strong enough. You won't find anything portable over 4A/m as you start needing a beefy RF amp
It is quite possible for these cards to be read from this distance but like Dave said, it doesn't mean they can actually set the transactions up.
I find it funny, the building I live in has NFC "RFID" tags to get in. I got a new phone that has NFC, and I've pondered emulating my tag just for kicks.
Use a hackrf one maybe?
The building one is likely a 125KHz system.
Yes, I see now the limitations of the hackrf device frequency range.
my brothers school uses them for payong for lunch, and access to doors and printers etc. he and his friends cloned some peoples cards and got free lunches lol
Where did you get the reader app for your phone??
On my 5K Imac, I can read some digits of the card number around 16:10 :p
I don't think that I believe your statement that card information can't be stolen, because how would the store's scanner process a payment? My wife's card had not left it's paper sheath since it was issued, and yet it, and every RFID card in her wallet were compromised somehow. The old cards without contactless payment were unaffected. I call BS on the VISA assertion that this is secure.
This is why no-one with any technical knowledge should call them 'RFID' cards. These are all NFC(Or near-field-commutation) cards.
Dave gets half a break as he's using layman's terms for ease of explanation, but searching for 'NFC' reader and 'RFID' reader gets quite different results.
Many public transport cards use the same tech, so they make for great test cards if you don't want your credit card shown on air. :) And if you want a somewhat overpriced(due to postage outside of us) way to see what tech a reader uses: dangerousthings.com/shop/rfid-diagnostic-tool/
Yes, true. The term RFID seems to pervade the industry though, although in regards to phones it's usually NFC.
BTW, The ISO 1443 standard itself uses the term RFID
That I didn't know! Shame on the ISO standards!
Also, as far as I know, these 'shields' act as much like a shorted turn as magnetic shielding, taking the energy the card requires and turning it into heat. A 'loop' of aluminium sheet works as a great shield, but one with a break in it(Still overlapping, but insulated) doesn't. For photos: goo.gl/photos/nWY5YPL9KhZabgFP9
I believe the more conductive the material the better it works in this application. I wish I had a piece of ferrite large enough to test this further.
The standard is correct. Maxwell is correct. "NFC is secure" is wrong.
In theory could one "record" the RFID data from a credit card then "play" it back into POS terminal at a store to generate a transaction under the $100 threshold to require a PIN using either a cellphone or possible some sort of Arduino based device?
Should not be possible. These cards are designed to foil replay attacks
Jackscepticeye?