I feel like a simple solution to these cards would be a resistive sensor or something (such as two metal contacts that you place your finger over) and without your finger on them, the card doesn't talk.
Myself and a couple of friends had the exact same idea in 2012. One of the friends went off and created a security technology company. No doubt they attempted to go with the idea. The company got millions in funding but they still went bankrupt, so i imagine it wasn't a winning idea. I haven't spoken to the friend in quite a few years - grew apart and all that.
I've had my card wrapped in "AL-foil" for about a month. Now I know I'm "mostly" safe. Thanks for this video and the knowledge it passes on to the public. My bank couldn't even give me a straight answer about this.
A tap and go skimmer was the first device I built with what I learned on EEVblog. It works like a charm and finances all my subsequent projects. Thank you dave.
I really don't understand why they don't just build in a little metal dome switch on the card that must be pressed to allow power to the chip. It's blindingly obvious, super simple and 100% read proof until the exact moment of payment.
+EEVblog Either in classical Maxwellian electrodynamics or in the quantum mechanical version, this is a case of electromagnetic radiation. Electromagnetic radiation is produced at the transmitter coil and absorbed at the receiver coil. The difference between near-field and far-field is that in far-field, the math is simplified greatly by making assumptions. Those assumptions break down in the near-field case. The physical phenomenon at work is the same.
+Mark Holm Near field-theory is the more nearly "correct" version in either classical or quantum electrodynamics. If one were being picky about theoretical correctness, one would insist on the full, near-field treatment regardless of distance. Of course, you would find that, at larger distances, some terms of the equations calculate to very, very small values, and you would, rightly, question whether there was any purpose to all that extra number crunching.
+Proximity Mine Both Maxwell's and quantum electrodynamics make this clear. You can not separate the magnetic and electric field components. NFC is a classical, Maxwellian theory. NFC says that there are aspects of the electromagnetic field that fall off at 1/r and aspects that fall off at 1/r squared. Far field theory simplifies the math by ignoring the components that fall off as 1/r squared. In quantum mechanics it gets wilder, with "real" and "virtual" photons. These are poor choices of names. All the photons are real. The "virtual" ones participate in interactions that are quite real, but counterintuitive. As in the Maxwellian version, the contributions of "virtual" photons fall off as 1/ r squared.
Reminds me of a few of my student mates. They made a tranceiver and antenna for scanning RFID cards from a distance of up to 10 meters. Worked pretty well, they could scan university cards from people walking below past the window of the lab.
No I dont, and if you want to do it you should try to develop it yourself instead of stealing all the work other did. You cant just take something someone else has worked on for two whole years and then make some quick fame by trying to make it art. Especially not without paying them for their work. Also, when encrypted RFID is just fine.
All this technology is well known, for last 150 years..nobody owns much here..You just make it bigger and more sensitive, but still there is a limit and it will be in region of a meter or two - 10m ? not sure.
That is true, but making it long range is still an area that has development. From what I understand one of the main problems is the LNA in the input. Noise overall is the limiting factor in these systems, and i agree, i doubt a system could be effective further than 10m if the encoding used is BASK (which generally has to have a fairly large signal to noise ratio).
From taking screenshots of your lovely scope I'm able to ascertain that your name is Dave.. Joking aside I imagine with even just Al foil the eddy currents would produce enough noise to disguise the AM packets, although they are sent after the circuit is charged but at that freq it probably stops the induction to the receiver coil in the first place.. I love how every second week these card are on the news as a "security risk" but never referring to the RFID technology itself. Anyhow great video mate..
Thanks for covering some of this Dave. It would be interesting to see more testing, experimentation, and methods of protection and disabling cards in the future. It was too bad that Mythbusters were never able to air their findings due to threats possible lawsuits even relate to talking about it. They are pretty tight lipped about it all to this day.
I wanted to totally disable the RFID function of my card. The answer was simple. A small notch in the bottom edge of the card, just a few mm, breaks the coil and stops it working.
Dave Cad... classic :D Also, this technology is very similar to the QI standard for wireless charging for phones & tablets. Instead of sending the credit card data, the device sends information to the pad such as how much current to supply and when to stop by modulating the load on the phone's internal charging coils.
The fun thing to do is have a larger coil in the purse that also picks up this magnetic field and outputs random noise in the RFID bands. The best part is that under normal conditions it does nothing, only when you're being scanned by some thief.
Mythbusters actually get banned by discovery channel's investors from testing NFC card security, that is now insecure these cards is, saddly, all banks now only issue NFC cards, HUGE mistake IMO
A friend of mine was on the standards committee for the design of all RFID banking cards and he went through the maths regarding theft and RF levels both to activate the card and the RF from the card and the chance of someone stealing your data is very low. Anyway you'll get your money back as it was an unauthorised transaction.
Tip: Last NFC transactions history is stored directly in most Visa cards. There are applications to read them also. This video focuses a lot on scanning aspect, but scan is useless without SE response. So the only way to actually steal money is to perform MitM attack with HCE endpoint to emulate SE. As for biometric passports - data is encrypted and key is generated from passport number, date of birth and date of expiration. That's why you have this
Not an RF field? That's exactly what this is! That schematic you drew is equivalent to a good old fashioned crystal radio with a loopstick antenna. Generally, any of the antennas with circular elements work by coupling the magnetic (B) field, while dipoles and related things like yagi arrays couple the electric (E) field.
Thanks for this comment... I was wondering about the statement at 1:50, and was going to ask: what’s the difference? I thought antennas we’re basically just strangely shaped (as compared to the coils we’re used to when talking about them as) inductors... though magnetic versus electric coupling definitely sounds like a difference... still, Dave, if you see this, I’d love to hear more about what you see as the differences. (Feel free to point me in the direction of existing videos, of course...)
I'd say that the reason people think that putting cards together will protect them is that a lot of implementations don't do anti-collision properly. Haven't tested it with Opal, but certainly the MyKi readers in Melbourne don't implement anti-collision, if it sees multiple cards it just gives up. So they've probably seen a message like "multiple cards detected, try again" and assumed that that means that the system can't read them if there are multiple cards there. As far as reading them from a distance, there's an application note, I believe on the TI website which covers building long range antennas for RFID, after a point you end up with something that looks like the anti-theft tag gates in shops. What I'd be more interested in (haven't got around to actually testing it though) is how much of the signal you could passively sniff while a transaction is in progress, because although the system is designed to use magnetic coupling, 13.5MHz propagates reasonably well so you're going to get some degree of RF leakage.
With the TI RFID Development kit TRF7970A I managed to read more than 10 cards at the same time. However I have seen tags that use the 125 kHz system for building access control interfer with the theft protection of a Fiat Punto. It took my friend at work several weeks to figure out what was going on and why his car didn't start sometimes. That was before 2006 though.
To clarify: the message that the chip sends to authorise a transaction and prove that it isn't a clone (the cryptogram) is protected by strong cryptography, but information that is also present on the front of the card or on the magstripe, such as the card number, is always transmitted in the clear. So it's possible to skim a card and use the card number to shop online or something, but, in principle, it's not possible to physically clone a skimmed card. In practice, this isn't always true, mainly due to American banks that don't bother checking the cryptogram.
+Francois Molinier nope, the cryptogram is the response part of a challenge-response protocol. it's a digital signature of the transaction details and a nonce, so a MITM won't work as these will be different for a different transaction. this is all moot anyway since the card will give you the number if you ask for it, and that's all you really need to make a transaction
If you want to disable your payWave or PayPass chip, simply cut the side of the card where the wire loops around the card. You don't need to cut much, only to rupture the loop.
People have seen skimmers walking the London Tube with handheld Point of Sale devices. Here in the UK the limit is a much more manageable £30. Still spend a few hours walking about London crowds and you could make a decent living. Electronically pickpocketing £30 quid a time.
There is no hope of this working. The owner of the pos device would never receive the money. The financial rules that apply are far too strict. Sounds like a "plausible" myth to me.
in the USA, I don't think banks issue cards with the RFID chip anymore. As a matter of fact, I remember all my cards being replaced without the RFID symbol. They only contain the chip.
if people are so concerned, and they don't care to use the touch and go of the card, then I would just say they should exacto the coil and break the circuit.
Such a shield works while the card is in it. Remove the card to use with the RFID scanner at checkout and a black hat behind you in the checkout line doesn't even need to transmit anything to pick up the signal.
The ISO14443 standard calls for readers to have a minimum of 1.5A/m output. ISO15693 calls for 2.0 A/m. if anyone's interested. ISO10373 is concerned with the measurements of the readers. Your phone will be producing around 1.0A/m at 13.56MHz. the ISO14443A ID1 credentials can sometimes read somewhere around 0.3 to 0.4A/m depending upon the amount of processing involved. Actually you'll find that most cards won't be read over about 15cm with a reader producing 4A/m as the magnetic field just isn't strong enough. You won't find anything portable over 4A/m as you start needing a beefy RF amp It is quite possible for these cards to be read from this distance but like Dave said, it doesn't mean they can actually set the transactions up.
I know of someone who used to chat with their victim. They worked in a shop with a card reader that they would put the card in and hand to the customer. They would get in to a surprised sorta reaction, put the card down on their touchless payment machine and and get an easy £30. Somehow it was also untraceable.
If you are worried about people stealing your data you could always just disable the RFID functionality. I know that my bank has an option online to just turn the feature off. The same option is there to disable the magnetic strip. What this does is probably just declines any transactions made when using those technologies.
I have an idea or two about a protection features that can be added to these cards. How about if the chip in the card only starts working if it detects the electrical resistance from your fingers on the card? That way the only way the card can work, is if you are holding it. Otherwise it's only going to activate the coil if it is within a 13.56MHz magnetic field but there isn't going to be any data exchange. Something like a metallic grid on the card that should read somewhere between say 10 and 50 koms in order to start the chip. Or have specific finger locations that you need to hold the card at, in order for it to work. And there is even a simpler way to do it, just put a dome switch in the card that should be pressed in order to connect the coil to the electronics inside. Needless to say that it's location must be a bit deeper in the card in order to prevent the button getting pressed while in your purse or pocket. That way you can only activate the card if you are holding at a specific location and apply some relatively significant pressure.
Dave keeps going on about how it's "not an antenna", and that it uses magnetic coupling not "RF fields", but aren't they essentially the same thing, just longer distances? Like all EM waves are composed of Electric and magnetic fields right, so what makes this different?
Look up "Near and far field". In the near field, E-Field (electric) or H-Field (magnetic) can dominate. In the far field, there is a fixed ratio of E- and H-Field which is given by the impedance of air, which is about 377 Ohm. In this application, the H-Field dominates, meaning the impedance is much lower then the air impedance of 377 Ohm. For a radio broad cast transmitter you would aim at matching impedances of transmitter and antenna to increase efficiency.
My thoughts exactly. Let's take a FM radio broadcast station for example... It is a BIG primary and the receivers are all secondaries in a big imaginary transformer... Magnetic coupling being the magic phrase here.
+sarowie thanks for the jumping off point. Does this mean the phone is still generating a small far-field RF signal at its MHz carrier frequency when searching for a nearby tag and could u pick that up on a spectrum analyser?
Yeah, I'm starting to feel like he just does these things on purpose. Saying controversial things like "it's not an antenna", or that "current flows through capacitors". Then he watches the comment numbers mount and the view count climb. Great business model.
I'd like to propose two fixes you might want to add before releasing it: 1) It is actually the same chip as the one seen from the outside, not a separate one (Google images "paywave x-ray"), and this way they can also have the same data shared (e.g. some cards count your contactless transactions and allow only X in a row). 2) They are not just data storage like your usual tag, but the are actively negotiating with the terminal and cryptographically sign transactions. The data you can read out from it alone will not help you much (you do get CC number and expiration date, but not name or CVC2 - it's worse to have your card captured by a security camera than having it scanned). To make a transaction, you would need to go around with a terminal, or relay the communication via the Internet to another phone at a rogue merchant's place, and since merchants must be registered, this makes it a lot harder for criminals.
Hey EEVblog, I might not be absolutely correct but it seems RF communication works with the same principle as RFID cause you are still using the same electromagnetic field for TX and RX except that the distance has to be very closed for reception. The current that is oscillating in RF antenna induce the same magnetic field for long distance transmission, and at the destination end you surely do need the antenna where the same signal will be induce except that mechanism for reception is different, but basically the medium is still the same. Thanks for pointing this out.
In the UK at least, banks are entirely responsible for any fraudulent transactions using the NFC component. Whereas using the chip and pin method, responsibility falls with the card holder automatically unless they can prove otherwise.
Oh, I have a slight issue with how you are thinking modulating a coil is not a radio? The difference between a transformer and a radio is the radio modulates the electromagnetic field (we call it electromagnetic radiation for a reason). My one transistor AM crystal radio works exactly the same way using the radio signal to provide enough current to run it, admittedly I do ground it rather than ground to the other end of the coil. I bet if I tune a heterodyne receiver to 50Hz I'll be able to here a continuous 50Hz radio signal. With a powerful enough radio signal one can in fact activate one of these cards.
Great vid and explanation Dave, but could you please also show how you do the measurements, I know most people will argue that the video will take too long, but it can be interesting to learn more about more complex measurements sometimes :)
Actually, the modulation is ~106KHz. (13.56MHz / 128). It only goes to 847.5KHZ (13.56MHz / 16) after the PPS handshake between the PICC (card) and PCD (reader). The card has to say, "I support these baud rates" during the RATS command, then the reader has to choose the baud rate to use with the PPS command. Otherwise, spot on, mate! I didn't know you did RFID stuff.
Funny story, my father had one of the early types and I knew the risks and downloaded a card reader app and said "watch this" pinged his card and it displayed the number and everything then I said "is this your card" he replied "yes, that's not good" so the mobile phone app demo that you did I also used to prove that they were easy to read
I haven't tried taking it apart so I don't know what tech the Tesla key uses, but other metal keys in my pocket sometimes interfere with the car's ability to read the key. That's over a much longer distance though.
yeah,I guess i would be more converned with the ones they are sticking to the front of gas pumps and at rest stops. seems here in Michigan,theives have targeted the main areas they know people in a hurry to travel stop. they have already hit up several gas stations and rest stop machines.
Considering my CC number was stolen 3 times out of the local shopping center I work out of. The issue was traced back to people hanging out in the food court/common areas on laptops with what 'looks' like a normal antenna hanging out a USB port. How I took care of this scam was about the simplest thing in the world. I just walked into my bank and requested a CC/Debit card WITHOUT the pay wave feature. They make them in the chip reading variety as well. As both my bank cards have chip readers, and NO pay wave nonsense. Never be afraid to ask or request one. Most banks do have these available and will gladly order it in for a customer. The other scam that was exposed, the readers on gas/petrol pumps. Seems the bulk of the companies continue to use the same KEY to open the access panels! (And the serial ID sticker tabs are a joke! One was ripped off a pump I went to use. The clerk didn't check the system for a 'hack'. Just slapped a new serial sticker over the torn one) So never use 'pay at the pump' and request a no pay wave card. And you'll be in slightly better shape. Another thing to consider: How flippen LAZY is society when they can't be bothered to swipe or insert a card? Do they want to look like David Copperfield doing a magic "Wave the card trick" each time they purchase an item? Just insert or swipe the card already.
>> "How flippen LAZY is society when they can't be bothered to swipe or insert a card?" I have wondered the same thing. It is just the latest novelty feature. Most people are clueless and banks are still crooks. An alternative to requesting a new card without this feature is to cut or puncture a single antenna coil trace or find the tiny bump where the components exist and give it a slight tap with a hammer to crush them.
Consider yourself lucky. I told my CC company that I didn't want a card with the RFID/NFC based system. They told me that they don't make any cards without this new technology. I was told not to worry. They would reimburse me for any fraudulent activity on the card. It amazes me that a CC company would rather fix CC fraud after the fact than try to prevent it up front. I wouldn't be surprised if their accepting fraudulent uses of CC's is part of the reason for high merchant fees and high interest rates to CC users.
No need to sign up. LOL. Actually I sent news stories about people in public areas using laptops to steal CC numbers and information. The local center didn't do squat even when faced with evidence.
People love gimmicks. And they think "Hey, it's so cool that all I need to do is wave my 'magic card' to pay for something. Now we have Google and Apple pay....paypal pay.... Things are going plastic in a huge way.
I don't think that I believe your statement that card information can't be stolen, because how would the store's scanner process a payment? My wife's card had not left it's paper sheath since it was issued, and yet it, and every RFID card in her wallet were compromised somehow. The old cards without contactless payment were unaffected. I call BS on the VISA assertion that this is secure.
It'd be cool to see what's being passed between a Nintendo Wii U or 3DS and the Amiibo NFC figures, or between Skylanders and Disney Infinity figures and their respective NFC stands.
Just put the card in an aluminumized envelope, just like you'd do with those toll transponders. I'd have thought that putting the card inside of an aluminum box would shield it because the box should act as a shorted turn in the transformer.
To the end the sticky tape sticks more and more against your card and the risen numbers.. you show the card from various angles and with lighting from different sides... bad people could try to read the numbers. CRC could even help them to guess... yes, I know there are still things missing like the security code from the back, but I would have used a thicker tape, blurring the outlines of the numbers more.
I don't know about Australia but many places in the US they have RFID tags in the cars for toll roads, the readers are over the road at least 16 feet in the air, they can record me passing even at 75mph. now i doubt the protocols are the same but i'm fairly sure the tech is. larger antenna and more power obviously, but since your not a criminal and not equipped with these toys I wouldn't discount the criminal elements ability to procure such devices.
So you trade the inconvenience of swiping your card for the inconvenience of wrapping and unwrapping your card in tin foil. (Yes, I know it's not tin.)
I would like to see Dave take a look at the rfid Guardbunny created by Kristin Paget. First featured at schmoocon 2012 and later went openhardware and got an article on Hack a day.
This is why no-one with any technical knowledge should call them 'RFID' cards. These are all NFC(Or near-field-commutation) cards. Dave gets half a break as he's using layman's terms for ease of explanation, but searching for 'NFC' reader and 'RFID' reader gets quite different results. Many public transport cards use the same tech, so they make for great test cards if you don't want your credit card shown on air. :) And if you want a somewhat overpriced(due to postage outside of us) way to see what tech a reader uses: dangerousthings.com/shop/rfid-diagnostic-tool/
That I didn't know! Shame on the ISO standards! Also, as far as I know, these 'shields' act as much like a shorted turn as magnetic shielding, taking the energy the card requires and turning it into heat. A 'loop' of aluminium sheet works as a great shield, but one with a break in it(Still overlapping, but insulated) doesn't. For photos: goo.gl/photos/nWY5YPL9KhZabgFP9 I believe the more conductive the material the better it works in this application. I wish I had a piece of ferrite large enough to test this further.
From what I can tell, the only info that you can get out of these cards is the same info on the front of the card (card number and expiry date). It doesn't give you any of the crypto information needed to create a duplicate card using the modern EMV protocols, and it doesn't give you the CVV number you usually need to make online purchases. It might be possible to make a fake magnetic strip card, which may work if your card issuer and the store's card processor still allow magstripe transactions - though if you're in the US, that's likely the case.
A perfect solution to stop these cards being read without the owners permission would be to embed a photo diode into the body of the card that only allows the circuit within the card to activate when it is in ambient light (ie out of a persons wallet) then when it is in the wallet / bag, it would be unreadable.
Here in the United States, there are some Agencies/companies that will not accept a unsigned card for certain transactions, like the US postal service when purchasing money orders. Although I do not see the point in it, since they normally hand you a pen, and tell you to sign your card. How does this prove that you are who you say you are, it only proves that you may have forged someone else's signature. and by the way, None of my credit cards have the RFID symbol on them. in the US, credit card companies and banks are getting away from the RFID cards. Replacing them with the newer list vulnerable cards. but they still don't require a pin number.
Here abouts in Ontario Canada, people call it "arrfid" as a single spoken word. The cards don't take a lot of flexing, heat or use before failure. Any three of those cause them chips to fail, and I find my cards have a max six months functionality before I am getting a new one (one card replacement lasted six weeks). My bank allows stores to set the spend limit up to 100 dollars, but the bank only allows 50 consecutive transactions. But, that is when everything is in working order, and the general fail rate is about 40%. Mostly because stores need to continually update security and they don't and their scanners stop working. More interesting question to ask. My bank manager told me recently that there is word in the banks that the mag strip is going to be phased out soon has anyone else hear this is a thing on the way?
It was my understanding that RFID referred to card containing actual RF chips which also contained a coil. So when you slid your card through a magnetic field (think hotel room key) the RF chip would be able to send a code in a single RF burst, which was then read by the receiver. Is this technology also employed? Why is this not used in credit cards? Awesome video Dave!
I know that the CC had run some experiments and was actually able to read these information from several hundred meters away. (though it were tags in clothes .. and maybe from the official ID cards which are used around here)
Sorry, that was a typo. I meant CCC (Chaos Computer Club) and it was an report on TV ... in I think 2014 or beginning of 2015. They have shown a test with a concealed reader (in a briefcase) and they have read RFID tags of clothes from people coming out of store while sitting in a coffee shop across and little down the street. And they talked that they had successfully had read common tags from even more afar (one other source I have found while looking for that source said that it is potential possible to read [special] RFID tags from up to 1km) But sorry couldn't find the original source on the fly.
All magnetic fields have a electric field, an electro magnetic field is what we call RF. So technically wouldn't the transformer magnetic fields be just as much RF as traditional RF and if not please clarify?
I must ad to this that the magnetic and electric field do not have to be proportional and as such a magnetic field is much stronger in transformers then the electric field.
I think you are correct. This system is an example of "Near-field magnetic induction communication" (see Wikipedia). The electric field is largely suppressed by the absence of a proper antenna, so the magnetic field is unable to transmit much energy into free space. Hence the transmission range is deliberately restricted to a few meters.
once u have used the app to read your card what's to stop the app squawking all your card details back to whoever wrote the app? This technology is called contactless payment here in the UK BTW.
Beats the paint-drying Lab Re-arranging vid Dave :) Seriously, was insightful. Actually quite simple how it works in terms of coms. But surely the card is read only, so if you could capture the traffic and decode it, one could emulate it? Or perhaps there is some sort of 'key' on board, like SSL
hi Dave Actually RF's are magnetic waves so why are you bothering yourself to say its different from a typical RF cable that sends off data in form off some modulation of a RF pulse?
Those anti-theft systems at stores use an electromagnetic field, right? Would love to see a hack that turns them into a giant skimmer that could be wheeled up to any store front.
"This is NOT a RF system, it works on magnetic fields instead of RF-fields" o.O Well, what are RF-systems working on ? RF-systems are in theory a transformer system - and yes, they are called antennaes.
SnopFop - TheSkogemann rf (and other EM waves) are composed of electric and magnetic fields, but a pure magnetic field acts differently than an EM wave. That's why transformers and rf antenna/receiver systems follow different equations.
RF systems are NOT transformer systems. Transformers have magnetic coupling across the coils, RF systems do not couple between antennas. If you put a load on the secondary coil of a transformer, that creates a major load on the primary. If you turn on your radio in your car, that doesn't load the broadcast station at all. They have no clue if you are listening or not except with surveys. RF systems use electro-magnetic radiation, not just magnetic fields. Transformers use magnetic fields and don't give a crap about electric fields.
could you use some gadgets in your lab to generate a more powerful transmitter? That would have been interesting. And to test the max distance with the phone's power and plot it out
* it's the same chip that does both functions in all cases * none of it is encrypted, whichever provider you have * with a sufficiently high powered emitter / large gain antenna, you can read the card at a good distance of several meters if not more
Have you seen the jamming cards that deliberately jam the RFID frequencies when they detect a field? I've seen a bunch of these on the market (eg: armourcard, which is an Aus company - they sell them at JB). Would be interesting to see whether they're any good using the testing setup you used there. Interesting story is that I see them on the counter near the EFTPOS pinpads, and every time i get a failed card read at JB (and had to insert the card instead) one of these display stands is pretty much next to the pinpad. Tends to lend credibility to the product, but really silly placement by JB!
EEVblog Last I saw I *think* they were $50ish AUD or something, so not very cheap. Price may have changed tho. If need be i might be able to send you the one I have.
Here in the UK it's between 25 and 50 pounds depending on your bank. Mine doesn't work which is infuriating because I want it to and my bank keep sending a new card for the WRONG account. Oh and at least on my Visa card, the chip used for the RFID is the same one as the normal chip
I use my iphone to do the equivalent of the tap n go, but the iphone apple pay has extra layers of protection. Like it needs my thumbprint to work, and if I lose the iphone or it gets stolen(which would result in basically the card was also lost or stolen) I can just simply shutdown the phone with Find My Iphone and not worry about it. So now, all I carry is my iphone with me, all the credit cards stay at home.
I feel like a simple solution to these cards would be a resistive sensor or something (such as two metal contacts that you place your finger over) and without your finger on them, the card doesn't talk.
Myself and a couple of friends had the exact same idea in 2012. One of the friends went off and created a security technology company. No doubt they attempted to go with the idea. The company got millions in funding but they still went bankrupt, so i imagine it wasn't a winning idea. I haven't spoken to the friend in quite a few years - grew apart and all that.
Yeah right, Mrs EEVBlog's bag..
It's your new manbag isn't it :-)
Busted.
+EEVblog hey dave, with some effort i think at 15:55 you can read the credit card number... Just a guess.
I don't see it.
+EEVblog well, i just wanted to let you know ;)
+EEVblog ahh he can see the bumps being show by the lights reflecting off the tape
Love that DaveCAD works beautifully even on small screens.
I've had my card wrapped in "AL-foil" for about a month. Now I know I'm "mostly" safe. Thanks for this video and the knowledge it passes on to the public. My bank couldn't even give me a straight answer about this.
A tap and go skimmer was the first device I built with what I learned on EEVblog. It works like a charm and finances all my subsequent projects. Thank you dave.
Cool
I really don't understand why they don't just build in a little metal dome switch on the card that must be pressed to allow power to the chip. It's blindingly obvious, super simple and 100% read proof until the exact moment of payment.
That is RF . RF stands for, wait for it, Radio Frequency. 873 kHz is a frequency that my radio can pick up, is designed to pick up. It is RF !
Start by looking up Near Field vs Far Field theory.
Aehm.. No!
+EEVblog Either in classical Maxwellian electrodynamics or in the quantum mechanical version, this is a case of electromagnetic radiation. Electromagnetic radiation is produced at the transmitter coil and absorbed at the receiver coil. The difference between near-field and far-field is that in far-field, the math is simplified greatly by making assumptions. Those assumptions break down in the near-field case. The physical phenomenon at work is the same.
+Mark Holm Near field-theory is the more nearly "correct" version in either classical or quantum electrodynamics. If one were being picky about theoretical correctness, one would insist on the full, near-field treatment regardless of distance. Of course, you would find that, at larger distances, some terms of the equations calculate to very, very small values, and you would, rightly, question whether there was any purpose to all that extra number crunching.
+Proximity Mine Both Maxwell's and quantum electrodynamics make this clear. You can not separate the magnetic and electric field components. NFC is a classical, Maxwellian theory. NFC says that there are aspects of the electromagnetic field that fall off at 1/r and aspects that fall off at 1/r squared. Far field theory simplifies the math by ignoring the components that fall off as 1/r squared. In quantum mechanics it gets wilder, with "real" and "virtual" photons. These are poor choices of names. All the photons are real. The "virtual" ones participate in interactions that are quite real, but counterintuitive. As in the Maxwellian version, the contributions of "virtual" photons fall off as 1/ r squared.
Reminds me of a few of my student mates. They made a tranceiver and antenna for scanning RFID cards from a distance of up to 10 meters. Worked pretty well, they could scan university cards from people walking below past the window of the lab.
Do you have documentation? I'm planning an art installation to show that RFID maybe isn't the best idea.
No I dont, and if you want to do it you should try to develop it yourself instead of stealing all the work other did. You cant just take something someone else has worked on for two whole years and then make some quick fame by trying to make it art. Especially not without paying them for their work.
Also, when encrypted RFID is just fine.
Ouch!
All this technology is well known, for last 150 years..nobody owns much here..You just make it bigger and more sensitive, but still there is a limit and it will be in region of a meter or two - 10m ? not sure.
That is true, but making it long range is still an area that has development. From what I understand one of the main problems is the LNA in the input. Noise overall is the limiting factor in these systems, and i agree, i doubt a system could be effective further than 10m if the encoding used is BASK (which generally has to have a fairly large signal to noise ratio).
From taking screenshots of your lovely scope I'm able to ascertain that your name is Dave..
Joking aside I imagine with even just Al foil the eddy currents would produce enough noise to disguise the AM packets, although they are sent after the circuit is charged but at that freq it probably stops the induction to the receiver coil in the first place..
I love how every second week these card are on the news as a "security risk" but never referring to the RFID technology itself. Anyhow great video mate..
Creating foil card sleeves seems like a much more practical solution than buying entire accessories to solve the problem.
Indeed.
Thanks for covering some of this Dave. It would be interesting to see more testing, experimentation, and methods of protection and disabling cards in the future. It was too bad that Mythbusters were never able to air their findings due to threats possible lawsuits even relate to talking about it. They are pretty tight lipped about it all to this day.
I wanted to totally disable the RFID function of my card. The answer was simple. A small notch in the bottom edge of the card, just a few mm, breaks the coil and stops it working.
Thanks for clearing up the misconception and highlighting the technology.
Thats the REAL PERFECT way to really explain those "RFID" cards! Perfect, and Understandable.
Indeed, It is a Inductively coupled system.
Dave Cad... classic :D Also, this technology is very similar to the QI standard for wireless charging for phones & tablets. Instead of sending the credit card data, the device sends information to the pad such as how much current to supply and when to stop by modulating the load on the phone's internal charging coils.
The fun thing to do is have a larger coil in the purse that also picks up this magnetic field and outputs random noise in the RFID bands. The best part is that under normal conditions it does nothing, only when you're being scanned by some thief.
Mythbusters actually get banned by discovery channel's investors from testing NFC card security, that is now insecure these cards is, saddly, all banks now only issue NFC cards, HUGE mistake IMO
yes I hear a reported of that. they say that when was filming a lot of visa lowers come. and they decide not to air that episode
My bank recently gave me a new card that does not have the NFC technology. It still has the magnetic strip and the new thing on it is a chip.
They've got plenty to deal with before they get to NFC... watch?v=VdlKtexIUU8
Not true just got a new card from my bank a month or so ago. No chip and no NFC. U S A! U S A! lol
A friend of mine was on the standards committee for the design of all RFID banking cards and he went through the maths regarding theft and RF levels both to activate the card and the RF from the card and the chance of someone stealing your data is very low. Anyway you'll get your money back as it was an unauthorised transaction.
The convenience outweighs the risk apart from when it interferes with my bus pass!
Good Lord! It works. Just two layers of aluminum foil inserted in my wallet and NFC can't read anything. Thank you very much for that advice!
More sophisticated than a charcoal rubbing of a pocket to determine the contents.
Tip: Last NFC transactions history is stored directly in most Visa cards. There are applications to read them also.
This video focuses a lot on scanning aspect, but scan is useless without SE response. So the only way to actually steal money is to perform MitM attack with HCE endpoint to emulate SE.
As for biometric passports - data is encrypted and key is generated from passport number, date of birth and date of expiration.
That's why you have this
Not an RF field? That's exactly what this is! That schematic you drew is equivalent to a good old fashioned crystal radio with a loopstick antenna.
Generally, any of the antennas with circular elements work by coupling the magnetic (B) field, while dipoles and related things like yagi arrays couple the electric (E) field.
Thanks for this comment... I was wondering about the statement at 1:50, and was going to ask: what’s the difference? I thought antennas we’re basically just strangely shaped (as compared to the coils we’re used to when talking about them as) inductors... though magnetic versus electric coupling definitely sounds like a difference... still, Dave, if you see this, I’d love to hear more about what you see as the differences. (Feel free to point me in the direction of existing videos, of course...)
thanks for sharing your cc# on the scope lol
He also shared it in the reflection of the tape over the numbers near the end.
I'd say that the reason people think that putting cards together will protect them is that a lot of implementations don't do anti-collision properly. Haven't tested it with Opal, but certainly the MyKi readers in Melbourne don't implement anti-collision, if it sees multiple cards it just gives up. So they've probably seen a message like "multiple cards detected, try again" and assumed that that means that the system can't read them if there are multiple cards there.
As far as reading them from a distance, there's an application note, I believe on the TI website which covers building long range antennas for RFID, after a point you end up with something that looks like the anti-theft tag gates in shops.
What I'd be more interested in (haven't got around to actually testing it though) is how much of the signal you could passively sniff while a transaction is in progress, because although the system is designed to use magnetic coupling, 13.5MHz propagates reasonably well so you're going to get some degree of RF leakage.
With the TI RFID Development kit TRF7970A I managed to read more than 10 cards at the same time. However I have seen tags that use the 125 kHz system for building access control interfer with the theft protection of a Fiat Punto. It took my friend at work several weeks to figure out what was going on and why his car didn't start sometimes. That was before 2006 though.
Yes, my 125KHz lab access cards don't work with two in my wallet.
To clarify: the message that the chip sends to authorise a transaction and prove that it isn't a clone (the cryptogram) is protected by strong cryptography, but information that is also present on the front of the card or on the magstripe, such as the card number, is always transmitted in the clear. So it's possible to skim a card and use the card number to shop online or something, but, in principle, it's not possible to physically clone a skimmed card. In practice, this isn't always true, mainly due to American banks that don't bother checking the cryptogram.
+Francois Molinier nope, the cryptogram is the response part of a challenge-response protocol. it's a digital signature of the transaction details and a nonce, so a MITM won't work as these will be different for a different transaction. this is all moot anyway since the card will give you the number if you ask for it, and that's all you really need to make a transaction
If you want to disable your payWave or PayPass chip, simply cut the side of the card where the wire loops around the card. You don't need to cut much, only to rupture the loop.
why do i find 'Dave CAD' funny with the smiley face in the D? i do not know but it made me laugh (3:10)
For years now, on my circuit diagrams, I've put a little DaveCAD smiley in the corner, just cuz it makes me chuckle ;)
You can get a commercial DaveCAD license from EEVblog so you can use it on the back of more then one envelope lol
heh, yup. Perhaps I should have clarified that these are drawings I was making for myself alone in my room :P.
You are using an unauthorised version of Dave CAD.
smelly box "Lets go to DaveCAD" Always gets me
People have seen skimmers walking the London Tube with handheld Point of Sale devices. Here in the UK the limit is a much more manageable £30. Still spend a few hours walking about London crowds and you could make a decent living. Electronically pickpocketing £30 quid a time.
There is no hope of this working. The owner of the pos device would never receive the money. The financial rules that apply are far too strict. Sounds like a "plausible" myth to me.
I'm sure every real business would pay good money to find out ho to get your cash quickly from the ACH.
in the USA, I don't think banks issue cards with the RFID chip anymore. As a matter of fact, I remember all my cards being replaced without the RFID symbol. They only contain the chip.
"Don't wear it on your head, put it in your pocket" lol.
You will find that the credit card details can be retrieved. If you had pressed the tag information, you would have seen the credit card number.
if people are so concerned, and they don't care to use the touch and go of the card, then I would just say they should exacto the coil and break the circuit.
Hole punch. Break a single wire and the coil is useless, and a small hole doesn't hurt it's normal use.
+theLuigiFan0007 Can confirm. I did this with my uni ID card by accident XD.
Such a shield works while the card is in it. Remove the card to use with the RFID scanner at checkout and a black hat behind you in the checkout line doesn't even need to transmit anything to pick up the signal.
lol the black tape reminded me of the scraped off ICs, And you thought all along those foil cone hats in the 80's was all for just laughs.
The ISO14443 standard calls for readers to have a minimum of 1.5A/m output. ISO15693 calls for 2.0 A/m. if anyone's interested. ISO10373 is concerned with the measurements of the readers.
Your phone will be producing around 1.0A/m at 13.56MHz. the ISO14443A ID1 credentials can sometimes read somewhere around 0.3 to 0.4A/m depending upon the amount of processing involved. Actually you'll find that most cards won't be read over about 15cm with a reader producing 4A/m as the magnetic field just isn't strong enough. You won't find anything portable over 4A/m as you start needing a beefy RF amp
It is quite possible for these cards to be read from this distance but like Dave said, it doesn't mean they can actually set the transactions up.
I know of someone who used to chat with their victim. They worked in a shop with a card reader that they would put the card in and hand to the customer. They would get in to a surprised sorta reaction, put the card down on their touchless payment machine and and get an easy £30. Somehow it was also untraceable.
In Portugal the code is asked every 60€ of purchases and if a single transaction is more than 20€.
If you are worried about people stealing your data you could always just disable the RFID functionality. I know that my bank has an option online to just turn the feature off. The same option is there to disable the magnetic strip. What this does is probably just declines any transactions made when using those technologies.
I have an idea or two about a protection features that can be added to these cards. How about if the chip in the card only starts working if it detects the electrical resistance from your fingers on the card? That way the only way the card can work, is if you are holding it. Otherwise it's only going to activate the coil if it is within a 13.56MHz magnetic field but there isn't going to be any data exchange.
Something like a metallic grid on the card that should read somewhere between say 10 and 50 koms in order to start the chip. Or have specific finger locations that you need to hold the card at, in order for it to work.
And there is even a simpler way to do it, just put a dome switch in the card that should be pressed in order to connect the coil to the electronics inside. Needless to say that it's location must be a bit deeper in the card in order to prevent the button getting pressed while in your purse or pocket. That way you can only activate the card if you are holding at a specific location and apply some relatively significant pressure.
Dave keeps going on about how it's "not an antenna", and that it uses magnetic coupling not "RF fields", but aren't they essentially the same thing, just longer distances?
Like all EM waves are composed of Electric and magnetic fields right, so what makes this different?
Look up "Near and far field". In the near field, E-Field (electric) or H-Field (magnetic) can dominate.
In the far field, there is a fixed ratio of E- and H-Field which is given by the impedance of air, which is about 377 Ohm.
In this application, the H-Field dominates, meaning the impedance is much lower then the air impedance of
377 Ohm. For a radio broad cast transmitter you would aim at matching impedances of transmitter and antenna to increase efficiency.
My thoughts exactly. Let's take a FM radio broadcast station for example... It is a BIG primary and the receivers are all secondaries in a big imaginary transformer... Magnetic coupling being the magic phrase here.
+sarowie thanks for the jumping off point.
Does this mean the phone is still generating a small far-field RF signal at its MHz carrier frequency when searching for a nearby tag and could u pick that up on a spectrum analyser?
Yeah, I'm starting to feel like he just does these things on purpose.
Saying controversial things like "it's not an antenna", or that "current flows through capacitors".
Then he watches the comment numbers mount and the view count climb. Great business model.
It's an antenna in the near field.
I'd like to propose two fixes you might want to add before releasing it: 1) It is actually the same chip as the one seen from the outside, not a separate one (Google images "paywave x-ray"), and this way they can also have the same data shared (e.g. some cards count your contactless transactions and allow only X in a row). 2) They are not just data storage like your usual tag, but the are actively negotiating with the terminal and cryptographically sign transactions. The data you can read out from it alone will not help you much (you do get CC number and expiration date, but not name or CVC2 - it's worse to have your card captured by a security camera than having it scanned). To make a transaction, you would need to go around with a terminal, or relay the communication via the Internet to another phone at a rogue merchant's place, and since merchants must be registered, this makes it a lot harder for criminals.
Yes, it's not easy, but it's possible and has been done. Risk is pretty low though.
Hey EEVblog, I might not be absolutely correct but it seems RF communication works with the same principle as RFID cause you are still using the same electromagnetic field for TX and RX except that the distance has to be very closed for reception. The current that is oscillating in RF antenna induce the same magnetic field for long distance transmission, and at the destination end you surely do need the antenna where the same signal will be induce except that mechanism for reception is different, but basically the medium is still the same. Thanks for pointing this out.
Thanks Dave.
Just for your information: Skimming like this is already happening in Europe.
For those curios: ESD bags does NOT block the signal
In the UK at least, banks are entirely responsible for any fraudulent transactions using the NFC component. Whereas using the chip and pin method, responsibility falls with the card holder automatically unless they can prove otherwise.
I remember in the 90 all the public phone use that chip for cards with credits. And we use a eprom with the software to emulate and call free.
Been using metallic Christmas foil wrapping paper in my wallet to protect my credit cards. Thank you for the video ! tjl
Oh, I have a slight issue with how you are thinking modulating a coil is not a radio? The difference between a transformer and a radio is the radio modulates the electromagnetic field (we call it electromagnetic radiation for a reason). My one transistor AM crystal radio works exactly the same way using the radio signal to provide enough current to run it, admittedly I do ground it rather than ground to the other end of the coil. I bet if I tune a heterodyne receiver to 50Hz I'll be able to here a continuous 50Hz radio signal. With a powerful enough radio signal one can in fact activate one of these cards.
Also NFC TagInfo by NXP gives lots of data.
Informative video Dave. Well done.
Great vid and explanation Dave, but could you please also show how you do the measurements, I know most people will argue that the video will take too long, but it can be interesting to learn more about more complex measurements sometimes :)
In the UK it's just 'touchless payment' and limited to £30 afaik.
you don't have to put it all around, one layer of foil on any side is enough because it detunes the resonant frequency a lot.
Actually, the modulation is ~106KHz. (13.56MHz / 128). It only goes to 847.5KHZ (13.56MHz / 16) after the PPS handshake between the PICC (card) and PCD (reader). The card has to say, "I support these baud rates" during the RATS command, then the reader has to choose the baud rate to use with the PPS command.
Otherwise, spot on, mate! I didn't know you did RFID stuff.
Funny story, my father had one of the early types and I knew the risks and downloaded a card reader app and said "watch this" pinged his card and it displayed the number and everything then I said "is this your card" he replied "yes, that's not good" so the mobile phone app demo that you did I also used to prove that they were easy to read
Cut the handbag open and search that protective layer!
I haven't tried taking it apart so I don't know what tech the Tesla key uses, but other metal keys in my pocket sometimes interfere with the car's ability to read the key. That's over a much longer distance though.
yeah,I guess i would be more converned with the ones they are sticking to the front of gas pumps and at rest stops. seems here in Michigan,theives have targeted the main areas they know people in a hurry to travel stop. they have already hit up several gas stations and rest stop machines.
Hagenberg goes EEVBlog ;-)
Considering my CC number was stolen 3 times out of the local shopping center I work out of. The issue was traced back to people hanging out in the food court/common areas on laptops with what 'looks' like a normal antenna hanging out a USB port. How I took care of this scam was about the simplest thing in the world. I just walked into my bank and requested a CC/Debit card WITHOUT the pay wave feature. They make them in the chip reading variety as well. As both my bank cards have chip readers, and NO pay wave nonsense. Never be afraid to ask or request one. Most banks do have these available and will gladly order it in for a customer. The other scam that was exposed, the readers on gas/petrol pumps. Seems the bulk of the companies continue to use the same KEY to open the access panels! (And the serial ID sticker tabs are a joke! One was ripped off a pump I went to use. The clerk didn't check the system for a 'hack'. Just slapped a new serial sticker over the torn one) So never use 'pay at the pump' and request a no pay wave card. And you'll be in slightly better shape.
Another thing to consider: How flippen LAZY is society when they can't be bothered to swipe or insert a card? Do they want to look like David Copperfield doing a magic "Wave the card trick" each time they purchase an item? Just insert or swipe the card already.
>> "How flippen LAZY is society when they can't be bothered to swipe or insert a card?" I have wondered the same thing. It is just the latest novelty feature. Most people are clueless and banks are still crooks. An alternative to requesting a new card without this feature is to cut or puncture a single antenna coil trace or find the tiny bump where the components exist and give it a slight tap with a hammer to crush them.
You're not signed up to any porn sites by any chance are you?
Consider yourself lucky. I told my CC company that I didn't want a card with the RFID/NFC based system. They told me that they don't make any cards without this new technology. I was told not to worry. They would reimburse me for any fraudulent activity on the card. It amazes me that a CC company would rather fix CC fraud after the fact than try to prevent it up front. I wouldn't be surprised if their accepting fraudulent uses of CC's is part of the reason for high merchant fees and high interest rates to CC users.
No need to sign up. LOL. Actually I sent news stories about people in public areas using laptops to steal CC numbers and information. The local center didn't do squat even when faced with evidence.
People love gimmicks. And they think "Hey, it's so cool that all I need to do is wave my 'magic card' to pay for something. Now we have Google and Apple pay....paypal pay.... Things are going plastic in a huge way.
I don't think that I believe your statement that card information can't be stolen, because how would the store's scanner process a payment? My wife's card had not left it's paper sheath since it was issued, and yet it, and every RFID card in her wallet were compromised somehow. The old cards without contactless payment were unaffected. I call BS on the VISA assertion that this is secure.
It'd be cool to see what's being passed between a Nintendo Wii U or 3DS and the Amiibo NFC figures, or between Skylanders and Disney Infinity figures and their respective NFC stands.
Just put the card in an aluminumized envelope, just like you'd do with those toll transponders.
I'd have thought that putting the card inside of an aluminum box would shield it because the box should act as a shorted turn in the transformer.
If there is loose money laying around some criminals WILL find a way to pick them up.
On my 5K Imac, I can read some digits of the card number around 16:10 :p
To the end the sticky tape sticks more and more against your card and the risen numbers.. you show the card from various angles and with lighting from different sides...
bad people could try to read the numbers. CRC could even help them to guess...
yes, I know there are still things missing like the security code from the back, but I would have used a thicker tape, blurring the outlines of the numbers more.
I don't know about Australia but many places in the US they have RFID tags in the cars for toll roads, the readers are over the road at least 16 feet in the air, they can record me passing even at 75mph. now i doubt the protocols are the same but i'm fairly sure the tech is. larger antenna and more power obviously, but since your not a criminal and not equipped with these toys I wouldn't discount the criminal elements ability to procure such devices.
You can expose card by power flashlight and see embedded coil and chip
You are the bear grylls of electronics
So you trade the inconvenience of swiping your card for the inconvenience of wrapping and unwrapping your card in tin foil. (Yes, I know it's not tin.)
Hey Dave, how about a video on those little security chips. Those look pretty neat to me.
Best video on how NFC works but with wrong title
I would like to see Dave take a look at the rfid Guardbunny created by Kristin Paget. First featured at schmoocon 2012 and later went openhardware and got an article on Hack a day.
This is why no-one with any technical knowledge should call them 'RFID' cards. These are all NFC(Or near-field-commutation) cards.
Dave gets half a break as he's using layman's terms for ease of explanation, but searching for 'NFC' reader and 'RFID' reader gets quite different results.
Many public transport cards use the same tech, so they make for great test cards if you don't want your credit card shown on air. :) And if you want a somewhat overpriced(due to postage outside of us) way to see what tech a reader uses: dangerousthings.com/shop/rfid-diagnostic-tool/
Yes, true. The term RFID seems to pervade the industry though, although in regards to phones it's usually NFC.
BTW, The ISO 1443 standard itself uses the term RFID
That I didn't know! Shame on the ISO standards!
Also, as far as I know, these 'shields' act as much like a shorted turn as magnetic shielding, taking the energy the card requires and turning it into heat. A 'loop' of aluminium sheet works as a great shield, but one with a break in it(Still overlapping, but insulated) doesn't. For photos: goo.gl/photos/nWY5YPL9KhZabgFP9
I believe the more conductive the material the better it works in this application. I wish I had a piece of ferrite large enough to test this further.
The standard is correct. Maxwell is correct. "NFC is secure" is wrong.
From what I can tell, the only info that you can get out of these cards is the same info on the front of the card (card number and expiry date). It doesn't give you any of the crypto information needed to create a duplicate card using the modern EMV protocols, and it doesn't give you the CVV number you usually need to make online purchases. It might be possible to make a fake magnetic strip card, which may work if your card issuer and the store's card processor still allow magstripe transactions - though if you're in the US, that's likely the case.
A perfect solution to stop these cards being read without the owners permission would be to embed a photo diode into the body of the card that only allows the circuit within the card to activate when it is in ambient light (ie out of a persons wallet) then when it is in the wallet / bag, it would be unreadable.
"Not valid unless signed"
Nice to see I'm not the only one who doesn't sign their cards. Zero point in doing it.
Signatures are not valid any more in Australia, officially phased out.
Well yeah, still says the card isn't valid without it though.
I can never even get the ink to stay on there anyway. Not sure what sort of marker / pen it's expecting me to use :(
It's a throw-back since before they changed the rules recently. I guess they couldn't be bothered changing their card stock.
Here in the United States, there are some Agencies/companies that will not accept a unsigned card for certain transactions, like the US postal service when purchasing money orders. Although I do not see the point in it, since they normally hand you a pen, and tell you to sign your card. How does this prove that you are who you say you are, it only proves that you may have forged someone else's signature. and by the way, None of my credit cards have the RFID symbol on them. in the US, credit card companies and banks are getting away from the RFID cards. Replacing them with the newer list vulnerable cards. but they still don't require a pin number.
Here abouts in Ontario Canada, people call it "arrfid" as a single spoken word. The cards don't take a lot of flexing, heat or use before failure. Any three of those cause them chips to fail, and I find my cards have a max six months functionality before I am getting a new one (one card replacement lasted six weeks). My bank allows stores to set the spend limit up to 100 dollars, but the bank only allows 50 consecutive transactions. But, that is when everything is in working order, and the general fail rate is about 40%. Mostly because stores need to continually update security and they don't and their scanners stop working. More interesting question to ask. My bank manager told me recently that there is word in the banks that the mag strip is going to be phased out soon has anyone else hear this is a thing on the way?
It was my understanding that RFID referred to card containing actual RF chips which also contained a coil. So when you slid your card through a magnetic field (think hotel room key) the RF chip would be able to send a code in a single RF burst, which was then read by the receiver. Is this technology also employed? Why is this not used in credit cards?
Awesome video Dave!
I know that the CC had run some experiments and was actually able to read these information from several hundred meters away. (though it were tags in clothes .. and maybe from the official ID cards which are used around here)
Who is CC? Do you have a link to the source?
Sorry, that was a typo. I meant CCC (Chaos Computer Club) and it was an report on TV ... in I think 2014 or beginning of 2015.
They have shown a test with a concealed reader (in a briefcase) and they have read RFID tags of clothes from people coming out of store while sitting in a coffee shop across and little down the street.
And they talked that they had successfully had read common tags from even more afar (one other source I have found while looking for that source said that it is potential possible to read [special] RFID tags from up to 1km)
But sorry couldn't find the original source on the fly.
How about cutting up an anti-static bag (the gray ones, not the pink ones)?
Aluminum foil is VERY fragile, and will not last long.
All magnetic fields have a electric field, an electro magnetic field is what we call RF. So technically wouldn't the transformer magnetic fields be just as much RF as traditional RF and if not please clarify?
I must ad to this that the magnetic and electric field do not have to be proportional and as such a magnetic field is much stronger in transformers then the electric field.
I think you are correct. This system is an example of "Near-field magnetic induction communication" (see Wikipedia). The electric field is largely suppressed by the absence of a proper antenna, so the magnetic field is unable to transmit much energy into free space. Hence the transmission range is deliberately restricted to a few meters.
yes, modulating a coil is a radio.
once u have used the app to read your card what's to stop the app squawking all your card details back to whoever wrote the app? This technology is called contactless payment here in the UK BTW.
Beats the paint-drying Lab Re-arranging vid Dave :)
Seriously, was insightful. Actually quite simple how it works in terms of coms. But surely the card is read only, so if you could capture the traffic and decode it, one could emulate it? Or perhaps there is some sort of 'key' on board, like SSL
hi Dave
Actually RF's are magnetic waves so why are you bothering yourself to say its different from a typical RF cable that sends off data in form off some modulation of a RF pulse?
RFID debit cards are so convenient. Wish they were safer.
Those anti-theft systems at stores use an electromagnetic field, right? Would love to see a hack that turns them into a giant skimmer that could be wheeled up to any store front.
I have tested access control RFID at the 125Khz band and even very thin aluminium works as a shield... :-/
"This is NOT a RF system, it works on magnetic fields instead of RF-fields" o.O Well, what are RF-systems working on ?
RF-systems are in theory a transformer system - and yes, they are called antennaes.
SnopFop - TheSkogemann rf (and other EM waves) are composed of electric and magnetic fields, but a pure magnetic field acts differently than an EM wave. That's why transformers and rf antenna/receiver systems follow different equations.
RF systems are NOT transformer systems. Transformers have magnetic coupling across the coils, RF systems do not couple between antennas. If you put a load on the secondary coil of a transformer, that creates a major load on the primary. If you turn on your radio in your car, that doesn't load the broadcast station at all. They have no clue if you are listening or not except with surveys.
RF systems use electro-magnetic radiation, not just magnetic fields. Transformers use magnetic fields and don't give a crap about electric fields.
could you use some gadgets in your lab to generate a more powerful transmitter? That would have been interesting. And to test the max distance with the phone's power and plot it out
Mrs EEVBlog's bag... TAKE IT APART !!
My card got cloned while I was buying aluminium foil to protect my card from being cloned.
* it's the same chip that does both functions in all cases
* none of it is encrypted, whichever provider you have
* with a sufficiently high powered emitter / large gain antenna, you can read the card at a good distance of several meters if not more
Given a good antenna and equipment there is still a range limit from RF noise, but that could be quite a range.
Cutting the antenna in your credit card definitely works to prevent NFC fraud....
Have you seen the jamming cards that deliberately jam the RFID frequencies when they detect a field? I've seen a bunch of these on the market (eg: armourcard, which is an Aus company - they sell them at JB). Would be interesting to see whether they're any good using the testing setup you used there. Interesting story is that I see them on the counter near the EFTPOS pinpads, and every time i get a failed card read at JB (and had to insert the card instead) one of these display stands is pretty much next to the pinpad. Tends to lend credibility to the product, but really silly placement by JB!
Yeah! Test this!
Didn't know about these, and JB Hi-Fi, hmm I could just go pick one up.
EEVblog Last I saw I *think* they were $50ish AUD or something, so not very cheap. Price may have changed tho. If need be i might be able to send you the one I have.
Here in the UK it's between 25 and 50 pounds depending on your bank. Mine doesn't work which is infuriating because I want it to and my bank keep sending a new card for the WRONG account. Oh and at least on my Visa card, the chip used for the RFID is the same one as the normal chip
The current limit for "no cardholder verification" by contactless in the UK is £30 regardless of bank.
I use my iphone to do the equivalent of the tap n go, but the iphone apple pay has extra layers of protection. Like it needs my thumbprint to work, and if I lose the iphone or it gets stolen(which would result in basically the card was also lost or stolen) I can just simply shutdown the phone with Find My Iphone and not worry about it.
So now, all I carry is my iphone with me, all the credit cards stay at home.
Soo good, keep it up!