I feel like a simple solution to these cards would be a resistive sensor or something (such as two metal contacts that you place your finger over) and without your finger on them, the card doesn't talk.
Myself and a couple of friends had the exact same idea in 2012. One of the friends went off and created a security technology company. No doubt they attempted to go with the idea. The company got millions in funding but they still went bankrupt, so i imagine it wasn't a winning idea. I haven't spoken to the friend in quite a few years - grew apart and all that.
I really don't understand why they don't just build in a little metal dome switch on the card that must be pressed to allow power to the chip. It's blindingly obvious, super simple and 100% read proof until the exact moment of payment.
A tap and go skimmer was the first device I built with what I learned on EEVblog. It works like a charm and finances all my subsequent projects. Thank you dave.
I've had my card wrapped in "AL-foil" for about a month. Now I know I'm "mostly" safe. Thanks for this video and the knowledge it passes on to the public. My bank couldn't even give me a straight answer about this.
From taking screenshots of your lovely scope I'm able to ascertain that your name is Dave.. Joking aside I imagine with even just Al foil the eddy currents would produce enough noise to disguise the AM packets, although they are sent after the circuit is charged but at that freq it probably stops the induction to the receiver coil in the first place.. I love how every second week these card are on the news as a "security risk" but never referring to the RFID technology itself. Anyhow great video mate..
Reminds me of a few of my student mates. They made a tranceiver and antenna for scanning RFID cards from a distance of up to 10 meters. Worked pretty well, they could scan university cards from people walking below past the window of the lab.
No I dont, and if you want to do it you should try to develop it yourself instead of stealing all the work other did. You cant just take something someone else has worked on for two whole years and then make some quick fame by trying to make it art. Especially not without paying them for their work. Also, when encrypted RFID is just fine.
All this technology is well known, for last 150 years..nobody owns much here..You just make it bigger and more sensitive, but still there is a limit and it will be in region of a meter or two - 10m ? not sure.
That is true, but making it long range is still an area that has development. From what I understand one of the main problems is the LNA in the input. Noise overall is the limiting factor in these systems, and i agree, i doubt a system could be effective further than 10m if the encoding used is BASK (which generally has to have a fairly large signal to noise ratio).
+EEVblog Either in classical Maxwellian electrodynamics or in the quantum mechanical version, this is a case of electromagnetic radiation. Electromagnetic radiation is produced at the transmitter coil and absorbed at the receiver coil. The difference between near-field and far-field is that in far-field, the math is simplified greatly by making assumptions. Those assumptions break down in the near-field case. The physical phenomenon at work is the same.
+Mark Holm Near field-theory is the more nearly "correct" version in either classical or quantum electrodynamics. If one were being picky about theoretical correctness, one would insist on the full, near-field treatment regardless of distance. Of course, you would find that, at larger distances, some terms of the equations calculate to very, very small values, and you would, rightly, question whether there was any purpose to all that extra number crunching.
+Proximity Mine Both Maxwell's and quantum electrodynamics make this clear. You can not separate the magnetic and electric field components. NFC is a classical, Maxwellian theory. NFC says that there are aspects of the electromagnetic field that fall off at 1/r and aspects that fall off at 1/r squared. Far field theory simplifies the math by ignoring the components that fall off as 1/r squared. In quantum mechanics it gets wilder, with "real" and "virtual" photons. These are poor choices of names. All the photons are real. The "virtual" ones participate in interactions that are quite real, but counterintuitive. As in the Maxwellian version, the contributions of "virtual" photons fall off as 1/ r squared.
Thanks for covering some of this Dave. It would be interesting to see more testing, experimentation, and methods of protection and disabling cards in the future. It was too bad that Mythbusters were never able to air their findings due to threats possible lawsuits even relate to talking about it. They are pretty tight lipped about it all to this day.
Mythbusters actually get banned by discovery channel's investors from testing NFC card security, that is now insecure these cards is, saddly, all banks now only issue NFC cards, HUGE mistake IMO
Not an RF field? That's exactly what this is! That schematic you drew is equivalent to a good old fashioned crystal radio with a loopstick antenna. Generally, any of the antennas with circular elements work by coupling the magnetic (B) field, while dipoles and related things like yagi arrays couple the electric (E) field.
Thanks for this comment... I was wondering about the statement at 1:50, and was going to ask: what’s the difference? I thought antennas we’re basically just strangely shaped (as compared to the coils we’re used to when talking about them as) inductors... though magnetic versus electric coupling definitely sounds like a difference... still, Dave, if you see this, I’d love to hear more about what you see as the differences. (Feel free to point me in the direction of existing videos, of course...)
Tip: Last NFC transactions history is stored directly in most Visa cards. There are applications to read them also. This video focuses a lot on scanning aspect, but scan is useless without SE response. So the only way to actually steal money is to perform MitM attack with HCE endpoint to emulate SE. As for biometric passports - data is encrypted and key is generated from passport number, date of birth and date of expiration. That's why you have this
I wanted to totally disable the RFID function of my card. The answer was simple. A small notch in the bottom edge of the card, just a few mm, breaks the coil and stops it working.
The fun thing to do is have a larger coil in the purse that also picks up this magnetic field and outputs random noise in the RFID bands. The best part is that under normal conditions it does nothing, only when you're being scanned by some thief.
If you want to disable your payWave or PayPass chip, simply cut the side of the card where the wire loops around the card. You don't need to cut much, only to rupture the loop.
A friend of mine was on the standards committee for the design of all RFID banking cards and he went through the maths regarding theft and RF levels both to activate the card and the RF from the card and the chance of someone stealing your data is very low. Anyway you'll get your money back as it was an unauthorised transaction.
I'd say that the reason people think that putting cards together will protect them is that a lot of implementations don't do anti-collision properly. Haven't tested it with Opal, but certainly the MyKi readers in Melbourne don't implement anti-collision, if it sees multiple cards it just gives up. So they've probably seen a message like "multiple cards detected, try again" and assumed that that means that the system can't read them if there are multiple cards there. As far as reading them from a distance, there's an application note, I believe on the TI website which covers building long range antennas for RFID, after a point you end up with something that looks like the anti-theft tag gates in shops. What I'd be more interested in (haven't got around to actually testing it though) is how much of the signal you could passively sniff while a transaction is in progress, because although the system is designed to use magnetic coupling, 13.5MHz propagates reasonably well so you're going to get some degree of RF leakage.
Dave Cad... classic :D Also, this technology is very similar to the QI standard for wireless charging for phones & tablets. Instead of sending the credit card data, the device sends information to the pad such as how much current to supply and when to stop by modulating the load on the phone's internal charging coils.
People have seen skimmers walking the London Tube with handheld Point of Sale devices. Here in the UK the limit is a much more manageable £30. Still spend a few hours walking about London crowds and you could make a decent living. Electronically pickpocketing £30 quid a time.
There is no hope of this working. The owner of the pos device would never receive the money. The financial rules that apply are far too strict. Sounds like a "plausible" myth to me.
I'd like to propose two fixes you might want to add before releasing it: 1) It is actually the same chip as the one seen from the outside, not a separate one (Google images "paywave x-ray"), and this way they can also have the same data shared (e.g. some cards count your contactless transactions and allow only X in a row). 2) They are not just data storage like your usual tag, but the are actively negotiating with the terminal and cryptographically sign transactions. The data you can read out from it alone will not help you much (you do get CC number and expiration date, but not name or CVC2 - it's worse to have your card captured by a security camera than having it scanned). To make a transaction, you would need to go around with a terminal, or relay the communication via the Internet to another phone at a rogue merchant's place, and since merchants must be registered, this makes it a lot harder for criminals.
With the TI RFID Development kit TRF7970A I managed to read more than 10 cards at the same time. However I have seen tags that use the 125 kHz system for building access control interfer with the theft protection of a Fiat Punto. It took my friend at work several weeks to figure out what was going on and why his car didn't start sometimes. That was before 2006 though.
If you are worried about people stealing your data you could always just disable the RFID functionality. I know that my bank has an option online to just turn the feature off. The same option is there to disable the magnetic strip. What this does is probably just declines any transactions made when using those technologies.
Actually, the modulation is ~106KHz. (13.56MHz / 128). It only goes to 847.5KHZ (13.56MHz / 16) after the PPS handshake between the PICC (card) and PCD (reader). The card has to say, "I support these baud rates" during the RATS command, then the reader has to choose the baud rate to use with the PPS command. Otherwise, spot on, mate! I didn't know you did RFID stuff.
To clarify: the message that the chip sends to authorise a transaction and prove that it isn't a clone (the cryptogram) is protected by strong cryptography, but information that is also present on the front of the card or on the magstripe, such as the card number, is always transmitted in the clear. So it's possible to skim a card and use the card number to shop online or something, but, in principle, it's not possible to physically clone a skimmed card. In practice, this isn't always true, mainly due to American banks that don't bother checking the cryptogram.
+Francois Molinier nope, the cryptogram is the response part of a challenge-response protocol. it's a digital signature of the transaction details and a nonce, so a MITM won't work as these will be different for a different transaction. this is all moot anyway since the card will give you the number if you ask for it, and that's all you really need to make a transaction
if people are so concerned, and they don't care to use the touch and go of the card, then I would just say they should exacto the coil and break the circuit.
The ISO14443 standard calls for readers to have a minimum of 1.5A/m output. ISO15693 calls for 2.0 A/m. if anyone's interested. ISO10373 is concerned with the measurements of the readers. Your phone will be producing around 1.0A/m at 13.56MHz. the ISO14443A ID1 credentials can sometimes read somewhere around 0.3 to 0.4A/m depending upon the amount of processing involved. Actually you'll find that most cards won't be read over about 15cm with a reader producing 4A/m as the magnetic field just isn't strong enough. You won't find anything portable over 4A/m as you start needing a beefy RF amp It is quite possible for these cards to be read from this distance but like Dave said, it doesn't mean they can actually set the transactions up.
in the USA, I don't think banks issue cards with the RFID chip anymore. As a matter of fact, I remember all my cards being replaced without the RFID symbol. They only contain the chip.
Oh, I have a slight issue with how you are thinking modulating a coil is not a radio? The difference between a transformer and a radio is the radio modulates the electromagnetic field (we call it electromagnetic radiation for a reason). My one transistor AM crystal radio works exactly the same way using the radio signal to provide enough current to run it, admittedly I do ground it rather than ground to the other end of the coil. I bet if I tune a heterodyne receiver to 50Hz I'll be able to here a continuous 50Hz radio signal. With a powerful enough radio signal one can in fact activate one of these cards.
"This is NOT a RF system, it works on magnetic fields instead of RF-fields" o.O Well, what are RF-systems working on ? RF-systems are in theory a transformer system - and yes, they are called antennaes.
SnopFop - TheSkogemann rf (and other EM waves) are composed of electric and magnetic fields, but a pure magnetic field acts differently than an EM wave. That's why transformers and rf antenna/receiver systems follow different equations.
RF systems are NOT transformer systems. Transformers have magnetic coupling across the coils, RF systems do not couple between antennas. If you put a load on the secondary coil of a transformer, that creates a major load on the primary. If you turn on your radio in your car, that doesn't load the broadcast station at all. They have no clue if you are listening or not except with surveys. RF systems use electro-magnetic radiation, not just magnetic fields. Transformers use magnetic fields and don't give a crap about electric fields.
Considering my CC number was stolen 3 times out of the local shopping center I work out of. The issue was traced back to people hanging out in the food court/common areas on laptops with what 'looks' like a normal antenna hanging out a USB port. How I took care of this scam was about the simplest thing in the world. I just walked into my bank and requested a CC/Debit card WITHOUT the pay wave feature. They make them in the chip reading variety as well. As both my bank cards have chip readers, and NO pay wave nonsense. Never be afraid to ask or request one. Most banks do have these available and will gladly order it in for a customer. The other scam that was exposed, the readers on gas/petrol pumps. Seems the bulk of the companies continue to use the same KEY to open the access panels! (And the serial ID sticker tabs are a joke! One was ripped off a pump I went to use. The clerk didn't check the system for a 'hack'. Just slapped a new serial sticker over the torn one) So never use 'pay at the pump' and request a no pay wave card. And you'll be in slightly better shape. Another thing to consider: How flippen LAZY is society when they can't be bothered to swipe or insert a card? Do they want to look like David Copperfield doing a magic "Wave the card trick" each time they purchase an item? Just insert or swipe the card already.
>> "How flippen LAZY is society when they can't be bothered to swipe or insert a card?" I have wondered the same thing. It is just the latest novelty feature. Most people are clueless and banks are still crooks. An alternative to requesting a new card without this feature is to cut or puncture a single antenna coil trace or find the tiny bump where the components exist and give it a slight tap with a hammer to crush them.
Consider yourself lucky. I told my CC company that I didn't want a card with the RFID/NFC based system. They told me that they don't make any cards without this new technology. I was told not to worry. They would reimburse me for any fraudulent activity on the card. It amazes me that a CC company would rather fix CC fraud after the fact than try to prevent it up front. I wouldn't be surprised if their accepting fraudulent uses of CC's is part of the reason for high merchant fees and high interest rates to CC users.
No need to sign up. LOL. Actually I sent news stories about people in public areas using laptops to steal CC numbers and information. The local center didn't do squat even when faced with evidence.
People love gimmicks. And they think "Hey, it's so cool that all I need to do is wave my 'magic card' to pay for something. Now we have Google and Apple pay....paypal pay.... Things are going plastic in a huge way.
Such a shield works while the card is in it. Remove the card to use with the RFID scanner at checkout and a black hat behind you in the checkout line doesn't even need to transmit anything to pick up the signal.
I have an idea or two about a protection features that can be added to these cards. How about if the chip in the card only starts working if it detects the electrical resistance from your fingers on the card? That way the only way the card can work, is if you are holding it. Otherwise it's only going to activate the coil if it is within a 13.56MHz magnetic field but there isn't going to be any data exchange. Something like a metallic grid on the card that should read somewhere between say 10 and 50 koms in order to start the chip. Or have specific finger locations that you need to hold the card at, in order for it to work. And there is even a simpler way to do it, just put a dome switch in the card that should be pressed in order to connect the coil to the electronics inside. Needless to say that it's location must be a bit deeper in the card in order to prevent the button getting pressed while in your purse or pocket. That way you can only activate the card if you are holding at a specific location and apply some relatively significant pressure.
I know of someone who used to chat with their victim. They worked in a shop with a card reader that they would put the card in and hand to the customer. They would get in to a surprised sorta reaction, put the card down on their touchless payment machine and and get an easy £30. Somehow it was also untraceable.
I don't think that I believe your statement that card information can't be stolen, because how would the store's scanner process a payment? My wife's card had not left it's paper sheath since it was issued, and yet it, and every RFID card in her wallet were compromised somehow. The old cards without contactless payment were unaffected. I call BS on the VISA assertion that this is secure.
This is why no-one with any technical knowledge should call them 'RFID' cards. These are all NFC(Or near-field-commutation) cards. Dave gets half a break as he's using layman's terms for ease of explanation, but searching for 'NFC' reader and 'RFID' reader gets quite different results. Many public transport cards use the same tech, so they make for great test cards if you don't want your credit card shown on air. :) And if you want a somewhat overpriced(due to postage outside of us) way to see what tech a reader uses: dangerousthings.com/shop/rfid-diagnostic-tool/
That I didn't know! Shame on the ISO standards! Also, as far as I know, these 'shields' act as much like a shorted turn as magnetic shielding, taking the energy the card requires and turning it into heat. A 'loop' of aluminium sheet works as a great shield, but one with a break in it(Still overlapping, but insulated) doesn't. For photos: goo.gl/photos/nWY5YPL9KhZabgFP9 I believe the more conductive the material the better it works in this application. I wish I had a piece of ferrite large enough to test this further.
In the UK at least, banks are entirely responsible for any fraudulent transactions using the NFC component. Whereas using the chip and pin method, responsibility falls with the card holder automatically unless they can prove otherwise.
In the nineteenth century mankind learned thanks to Maxwell how a changing magnetic field creates a changing electric field and a changing electric field creates a changing magnetic field (together known as "electromagnetic radiation", also known as RF radiation when changing fast enough). In 2016, mankind learned that Maxwell (and before him, Faraday and Lenz) were all wrong. "RF" in "RFID" totally doesn't stand for "radio frequency"...
Really Freaking Idiotic Device. ;) That about sums up the implementation of the technology in the various cards most of us carry around in purses and wallets.
Such videos keeps me believing what my students tends to do all this years. You could be perfectly good electrical engineer without a basic understanding of physical phenomena underlying a device operation. "NFC works on magnetic field", "aluminum foil magnetic shielding" sound like F in grad school physics class ;]
Imho you should refer to magnetic and electric dipoles. There are a few weird effects in the near-field which disappear in the far field, like the two wave components (magnetic/electric) don't have orthogonal polarization and the radiation pattern in the near-field doesn't look like what "most" people now from textbooks. But in this case the antenna just couples to the magnetic part of the electromagnetic radiation.
Dave keeps going on about how it's "not an antenna", and that it uses magnetic coupling not "RF fields", but aren't they essentially the same thing, just longer distances? Like all EM waves are composed of Electric and magnetic fields right, so what makes this different?
Look up "Near and far field". In the near field, E-Field (electric) or H-Field (magnetic) can dominate. In the far field, there is a fixed ratio of E- and H-Field which is given by the impedance of air, which is about 377 Ohm. In this application, the H-Field dominates, meaning the impedance is much lower then the air impedance of 377 Ohm. For a radio broad cast transmitter you would aim at matching impedances of transmitter and antenna to increase efficiency.
My thoughts exactly. Let's take a FM radio broadcast station for example... It is a BIG primary and the receivers are all secondaries in a big imaginary transformer... Magnetic coupling being the magic phrase here.
+sarowie thanks for the jumping off point. Does this mean the phone is still generating a small far-field RF signal at its MHz carrier frequency when searching for a nearby tag and could u pick that up on a spectrum analyser?
Yeah, I'm starting to feel like he just does these things on purpose. Saying controversial things like "it's not an antenna", or that "current flows through capacitors". Then he watches the comment numbers mount and the view count climb. Great business model.
Great vid and explanation Dave, but could you please also show how you do the measurements, I know most people will argue that the video will take too long, but it can be interesting to learn more about more complex measurements sometimes :)
So you trade the inconvenience of swiping your card for the inconvenience of wrapping and unwrapping your card in tin foil. (Yes, I know it's not tin.)
Hey EEVblog, I might not be absolutely correct but it seems RF communication works with the same principle as RFID cause you are still using the same electromagnetic field for TX and RX except that the distance has to be very closed for reception. The current that is oscillating in RF antenna induce the same magnetic field for long distance transmission, and at the destination end you surely do need the antenna where the same signal will be induce except that mechanism for reception is different, but basically the medium is still the same. Thanks for pointing this out.
A perfect solution to stop these cards being read without the owners permission would be to embed a photo diode into the body of the card that only allows the circuit within the card to activate when it is in ambient light (ie out of a persons wallet) then when it is in the wallet / bag, it would be unreadable.
I don't know about Australia but many places in the US they have RFID tags in the cars for toll roads, the readers are over the road at least 16 feet in the air, they can record me passing even at 75mph. now i doubt the protocols are the same but i'm fairly sure the tech is. larger antenna and more power obviously, but since your not a criminal and not equipped with these toys I wouldn't discount the criminal elements ability to procure such devices.
In England it's called "contactless" and it's a maximum of £30. When my card breakers, I always make sure that it's NOT contactless. It's not hard to stick your card in n put your pin in. This is also why I'd never want a keyless car as the key puts out a signal, which can be picked up and within less than a min, your £10,000's car is no where to be seen. This is why I'll ALWAYS want a keyed car. Or an up to date finger print which measures if it's got a pulse. Which is no different to the thing you stick on your finger to check your BPM and oxygen levels. I'm not sure who comes up with these stupid, backwards, dick head ideas. But they need to be $h0t.
It's true and cars have been hacked, but they are getting safer. There still are cars out there that are vulnerable to various attacks, but the probability of someone actually hijacking and decrypting your code is tiny. You might say that you don't wanna take any chances, but take a look at how easy it is to pick a car lock anyway. No method is 100% secure. Same goes for the card. It could have an authentication feature which would make it pretty much unswipeable, unless some thief takes your data home and starts bruteforcing it, and even then it might just take years. I'm not sure if such a feature is actually implemented, but it should be.
It was my understanding that RFID referred to card containing actual RF chips which also contained a coil. So when you slid your card through a magnetic field (think hotel room key) the RF chip would be able to send a code in a single RF burst, which was then read by the receiver. Is this technology also employed? Why is this not used in credit cards? Awesome video Dave!
From what I can tell, the only info that you can get out of these cards is the same info on the front of the card (card number and expiry date). It doesn't give you any of the crypto information needed to create a duplicate card using the modern EMV protocols, and it doesn't give you the CVV number you usually need to make online purchases. It might be possible to make a fake magnetic strip card, which may work if your card issuer and the store's card processor still allow magstripe transactions - though if you're in the US, that's likely the case.
To the end the sticky tape sticks more and more against your card and the risen numbers.. you show the card from various angles and with lighting from different sides... bad people could try to read the numbers. CRC could even help them to guess... yes, I know there are still things missing like the security code from the back, but I would have used a thicker tape, blurring the outlines of the numbers more.
They rise the numbers in Australian debit cards?! On debit cards in switzerland and germany, the number is just printed. Same with prepaid credit cards. This even true for prepaid credit cards (which are additionally marked with "online use only"). I have only seen risen numbers on true credit cards.
***** The marketing departments of banks seem silly to me. As a costumer, I care for functionally and prices. Maybe I care for the card "not looking like an ugly unprofessional mess", but thats about it. At least in europe, sells personal does not care what type of card you are holding as long as the machine says that the transaction was successful. Those risen numbers only remind me of the old paper transaction system that copied the card details mechanical on to paper. As I grew up in Switzerland, I feel any system other then Chip and Pin as antique and outdated - I hate it, that in Germany I have to hand over my card and sign a slip of paper. Let alone when they take my card and scan the mag-strip. So not having risen numbers feels better for me.
I have a German debit card with risen numbers (issued this year), so it is a Swiss thing or depends on the Bank. Maybe they do it because that's what older people expect, it doesn't really hurt and - maybe - you can use it in some less developed countries, that do still use paper transfer... but I Don't know if those exist.
Schwuuuuup Maybe my definition of "risen" varies from yours. On my debit card, the number is ever so slightly risen - there one layer of sticky tape should be enough to make the number unreadable on camera. But on a credit card, the number is really embossed.
Just put the card in an aluminumized envelope, just like you'd do with those toll transponders. I'd have thought that putting the card inside of an aluminum box would shield it because the box should act as a shorted turn in the transformer.
yeah,I guess i would be more converned with the ones they are sticking to the front of gas pumps and at rest stops. seems here in Michigan,theives have targeted the main areas they know people in a hurry to travel stop. they have already hit up several gas stations and rest stop machines.
Funny story, my father had one of the early types and I knew the risks and downloaded a card reader app and said "watch this" pinged his card and it displayed the number and everything then I said "is this your card" he replied "yes, that's not good" so the mobile phone app demo that you did I also used to prove that they were easy to read
Beats the paint-drying Lab Re-arranging vid Dave :) Seriously, was insightful. Actually quite simple how it works in terms of coms. But surely the card is read only, so if you could capture the traffic and decode it, one could emulate it? Or perhaps there is some sort of 'key' on board, like SSL
I would like to see Dave take a look at the rfid Guardbunny created by Kristin Paget. First featured at schmoocon 2012 and later went openhardware and got an article on Hack a day.
* it's the same chip that does both functions in all cases * none of it is encrypted, whichever provider you have * with a sufficiently high powered emitter / large gain antenna, you can read the card at a good distance of several meters if not more
Have you seen the jamming cards that deliberately jam the RFID frequencies when they detect a field? I've seen a bunch of these on the market (eg: armourcard, which is an Aus company - they sell them at JB). Would be interesting to see whether they're any good using the testing setup you used there. Interesting story is that I see them on the counter near the EFTPOS pinpads, and every time i get a failed card read at JB (and had to insert the card instead) one of these display stands is pretty much next to the pinpad. Tends to lend credibility to the product, but really silly placement by JB!
EEVblog Last I saw I *think* they were $50ish AUD or something, so not very cheap. Price may have changed tho. If need be i might be able to send you the one I have.
Bummer... I downloaded that program on my phone and tried it with a couple of cards I have not really knowing if they were NFC cards or not. None of them are. Even my passport card I have doesn't. Now I can't play around with it. Oh well. Good video though with a good explanation of how this actually works and NOT "RFID" like the news media would tell you it is.
It'd be cool to see what's being passed between a Nintendo Wii U or 3DS and the Amiibo NFC figures, or between Skylanders and Disney Infinity figures and their respective NFC stands.
You keep saying something like AAAH FOIL, it took a while before I realized that you were saying ALLLL FOIL. So I assume you are saying ALUMINIUM FOIL or for the Yanks ALUMINUM FOIL.
If you try and use two cards at once with an eftpos reader it won't work, it tells you to present one card at a time. Which is probably why people think having two cards in your wallet protects you. Actually, I thought that. But I can see now that it only would protect you against one of the least sophisticated types of attack.
I'm sorry Dave, 13.56MHz qualifies as RF. In fact above 153kHz is the LW band and something around 67kHz is (was?) broadcast for RF clocks in Europe. The method of coupling into the receiver is not what decides whether it's RF, that is merely the transmission scheme and antenna coupling. Sure most transmission uses the 'E' field and this is predominantly 'M' field but what about AM receivers that have those dinky little ferrite rod antennas? They are really only a coupled transformer, or are they too not radios??
was hoping someone called him on this. his repeated statements its not rf were almost as bad as a phd level astronomy prof I once had telling the class that a microwave oven runs on inferred. Also im not sure on this but I dont think shielding is as hard as he claims, all you need is a para magnetic material. like the foil he then pulled out. If he had thought of it as rf and knew antena theory he would have been able to explain a lot more functional info about why the read range is short with a 22 meter wave length and devices that size (esp the card antenna) and the reader probably has less than enough room for a 4th wave unless its the model for parking garages as well
In the 13 MHz area we are (primarily) talking of inductively coupled systems where the necessary energy is provided by the magnetic field of the reader. Figure 1 depicts the very basic principle of an inductive coupled RFID system, which can be summarized as follows [3] [4]: For inductive coupled systems the underlying antennas are represented by coils of a defined size. It is well known that a coupling system of two coils can be replaced equivalently by a transformer. The connection between these two coils is given by the magnetic field (B) and the underlying value to describe this connection is the mutual inductance (M) and/or the coupling factor (k). www.eurasip.org/Proceedings/Ext/RFID2007/pdf/s1p4.pdf Man, it's almost like Dave knew what he was talking about!
Here abouts in Ontario Canada, people call it "arrfid" as a single spoken word. The cards don't take a lot of flexing, heat or use before failure. Any three of those cause them chips to fail, and I find my cards have a max six months functionality before I am getting a new one (one card replacement lasted six weeks). My bank allows stores to set the spend limit up to 100 dollars, but the bank only allows 50 consecutive transactions. But, that is when everything is in working order, and the general fail rate is about 40%. Mostly because stores need to continually update security and they don't and their scanners stop working. More interesting question to ask. My bank manager told me recently that there is word in the banks that the mag strip is going to be phased out soon has anyone else hear this is a thing on the way?
Here in the United States, there are some Agencies/companies that will not accept a unsigned card for certain transactions, like the US postal service when purchasing money orders. Although I do not see the point in it, since they normally hand you a pen, and tell you to sign your card. How does this prove that you are who you say you are, it only proves that you may have forged someone else's signature. and by the way, None of my credit cards have the RFID symbol on them. in the US, credit card companies and banks are getting away from the RFID cards. Replacing them with the newer list vulnerable cards. but they still don't require a pin number.
I'd rather figure out how to fry the RFID chip in any card I have, as it's a feature I'd NEVER use specifically because it's so insecure. Perhaps a disposable camera's xenon flash circuit, but add an air-core inductor in series with the flashtube, and put the card on the coil? Idea is that it basically makes a tiny EMP every time the flashtube goes off due to the high pulse current. Intent is to overload the input of the RFID chip to the point of failure. Putting the card in a microwave for 5 seconds wouldn't work, as it'd also fry the security chip, which I DON'T want to happen.
44R0Ndin Unfortunately, I think it's the same chip as the contact interface. Vendors of programmable chip cards with RFID and contact support (for stuff like corporate security) generally work like that, and it's the same companies supplying the credit card companies.
All magnetic fields have a electric field, an electro magnetic field is what we call RF. So technically wouldn't the transformer magnetic fields be just as much RF as traditional RF and if not please clarify?
I must ad to this that the magnetic and electric field do not have to be proportional and as such a magnetic field is much stronger in transformers then the electric field.
I think you are correct. This system is an example of "Near-field magnetic induction communication" (see Wikipedia). The electric field is largely suppressed by the absence of a proper antenna, so the magnetic field is unable to transmit much energy into free space. Hence the transmission range is deliberately restricted to a few meters.
hi Dave Actually RF's are magnetic waves so why are you bothering yourself to say its different from a typical RF cable that sends off data in form off some modulation of a RF pulse?
I haven't tried taking it apart so I don't know what tech the Tesla key uses, but other metal keys in my pocket sometimes interfere with the car's ability to read the key. That's over a much longer distance though.
Question: Even if you had a super powerful transmitter, one capable of transmitting through the shielding sufficiently enough to activate the card, wouldnt it still not work because the card needs to then transmit back?
This is correct: The card, but the card won't be able to modulate it's answer onto the stronger magnetic field in a protocol complient way. This is done by design of the technology to limit the usable range to a few cm.
The card doesn't transmit, it communicates by varying the load. A guy at school made a reader that can communicate with ISO 14443 cards over a couple of meters as part of his dissertation, so it might be possible. It's not as much about power as it is about sensitivity.
Those anti-theft systems at stores use an electromagnetic field, right? Would love to see a hack that turns them into a giant skimmer that could be wheeled up to any store front.
I feel like a simple solution to these cards would be a resistive sensor or something (such as two metal contacts that you place your finger over) and without your finger on them, the card doesn't talk.
Myself and a couple of friends had the exact same idea in 2012. One of the friends went off and created a security technology company. No doubt they attempted to go with the idea. The company got millions in funding but they still went bankrupt, so i imagine it wasn't a winning idea. I haven't spoken to the friend in quite a few years - grew apart and all that.
I really don't understand why they don't just build in a little metal dome switch on the card that must be pressed to allow power to the chip. It's blindingly obvious, super simple and 100% read proof until the exact moment of payment.
A tap and go skimmer was the first device I built with what I learned on EEVblog. It works like a charm and finances all my subsequent projects. Thank you dave.
Cool
Yeah right, Mrs EEVBlog's bag..
It's your new manbag isn't it :-)
Busted.
+EEVblog hey dave, with some effort i think at 15:55 you can read the credit card number... Just a guess.
I don't see it.
+EEVblog well, i just wanted to let you know ;)
+EEVblog ahh he can see the bumps being show by the lights reflecting off the tape
Love that DaveCAD works beautifully even on small screens.
I've had my card wrapped in "AL-foil" for about a month. Now I know I'm "mostly" safe. Thanks for this video and the knowledge it passes on to the public. My bank couldn't even give me a straight answer about this.
From taking screenshots of your lovely scope I'm able to ascertain that your name is Dave..
Joking aside I imagine with even just Al foil the eddy currents would produce enough noise to disguise the AM packets, although they are sent after the circuit is charged but at that freq it probably stops the induction to the receiver coil in the first place..
I love how every second week these card are on the news as a "security risk" but never referring to the RFID technology itself. Anyhow great video mate..
Reminds me of a few of my student mates. They made a tranceiver and antenna for scanning RFID cards from a distance of up to 10 meters. Worked pretty well, they could scan university cards from people walking below past the window of the lab.
Do you have documentation? I'm planning an art installation to show that RFID maybe isn't the best idea.
No I dont, and if you want to do it you should try to develop it yourself instead of stealing all the work other did. You cant just take something someone else has worked on for two whole years and then make some quick fame by trying to make it art. Especially not without paying them for their work.
Also, when encrypted RFID is just fine.
Ouch!
All this technology is well known, for last 150 years..nobody owns much here..You just make it bigger and more sensitive, but still there is a limit and it will be in region of a meter or two - 10m ? not sure.
That is true, but making it long range is still an area that has development. From what I understand one of the main problems is the LNA in the input. Noise overall is the limiting factor in these systems, and i agree, i doubt a system could be effective further than 10m if the encoding used is BASK (which generally has to have a fairly large signal to noise ratio).
That is RF . RF stands for, wait for it, Radio Frequency. 873 kHz is a frequency that my radio can pick up, is designed to pick up. It is RF !
Start by looking up Near Field vs Far Field theory.
Aehm.. No!
+EEVblog Either in classical Maxwellian electrodynamics or in the quantum mechanical version, this is a case of electromagnetic radiation. Electromagnetic radiation is produced at the transmitter coil and absorbed at the receiver coil. The difference between near-field and far-field is that in far-field, the math is simplified greatly by making assumptions. Those assumptions break down in the near-field case. The physical phenomenon at work is the same.
+Mark Holm Near field-theory is the more nearly "correct" version in either classical or quantum electrodynamics. If one were being picky about theoretical correctness, one would insist on the full, near-field treatment regardless of distance. Of course, you would find that, at larger distances, some terms of the equations calculate to very, very small values, and you would, rightly, question whether there was any purpose to all that extra number crunching.
+Proximity Mine Both Maxwell's and quantum electrodynamics make this clear. You can not separate the magnetic and electric field components. NFC is a classical, Maxwellian theory. NFC says that there are aspects of the electromagnetic field that fall off at 1/r and aspects that fall off at 1/r squared. Far field theory simplifies the math by ignoring the components that fall off as 1/r squared. In quantum mechanics it gets wilder, with "real" and "virtual" photons. These are poor choices of names. All the photons are real. The "virtual" ones participate in interactions that are quite real, but counterintuitive. As in the Maxwellian version, the contributions of "virtual" photons fall off as 1/ r squared.
Thanks for covering some of this Dave. It would be interesting to see more testing, experimentation, and methods of protection and disabling cards in the future. It was too bad that Mythbusters were never able to air their findings due to threats possible lawsuits even relate to talking about it. They are pretty tight lipped about it all to this day.
Mythbusters actually get banned by discovery channel's investors from testing NFC card security, that is now insecure these cards is, saddly, all banks now only issue NFC cards, HUGE mistake IMO
yes I hear a reported of that. they say that when was filming a lot of visa lowers come. and they decide not to air that episode
My bank recently gave me a new card that does not have the NFC technology. It still has the magnetic strip and the new thing on it is a chip.
They've got plenty to deal with before they get to NFC... watch?v=VdlKtexIUU8
Not true just got a new card from my bank a month or so ago. No chip and no NFC. U S A! U S A! lol
Thats the REAL PERFECT way to really explain those "RFID" cards! Perfect, and Understandable.
Indeed, It is a Inductively coupled system.
Not an RF field? That's exactly what this is! That schematic you drew is equivalent to a good old fashioned crystal radio with a loopstick antenna.
Generally, any of the antennas with circular elements work by coupling the magnetic (B) field, while dipoles and related things like yagi arrays couple the electric (E) field.
Thanks for this comment... I was wondering about the statement at 1:50, and was going to ask: what’s the difference? I thought antennas we’re basically just strangely shaped (as compared to the coils we’re used to when talking about them as) inductors... though magnetic versus electric coupling definitely sounds like a difference... still, Dave, if you see this, I’d love to hear more about what you see as the differences. (Feel free to point me in the direction of existing videos, of course...)
Tip: Last NFC transactions history is stored directly in most Visa cards. There are applications to read them also.
This video focuses a lot on scanning aspect, but scan is useless without SE response. So the only way to actually steal money is to perform MitM attack with HCE endpoint to emulate SE.
As for biometric passports - data is encrypted and key is generated from passport number, date of birth and date of expiration.
That's why you have this
I wanted to totally disable the RFID function of my card. The answer was simple. A small notch in the bottom edge of the card, just a few mm, breaks the coil and stops it working.
Thanks for clearing up the misconception and highlighting the technology.
The fun thing to do is have a larger coil in the purse that also picks up this magnetic field and outputs random noise in the RFID bands. The best part is that under normal conditions it does nothing, only when you're being scanned by some thief.
If you want to disable your payWave or PayPass chip, simply cut the side of the card where the wire loops around the card. You don't need to cut much, only to rupture the loop.
A friend of mine was on the standards committee for the design of all RFID banking cards and he went through the maths regarding theft and RF levels both to activate the card and the RF from the card and the chance of someone stealing your data is very low. Anyway you'll get your money back as it was an unauthorised transaction.
I'd say that the reason people think that putting cards together will protect them is that a lot of implementations don't do anti-collision properly. Haven't tested it with Opal, but certainly the MyKi readers in Melbourne don't implement anti-collision, if it sees multiple cards it just gives up. So they've probably seen a message like "multiple cards detected, try again" and assumed that that means that the system can't read them if there are multiple cards there.
As far as reading them from a distance, there's an application note, I believe on the TI website which covers building long range antennas for RFID, after a point you end up with something that looks like the anti-theft tag gates in shops.
What I'd be more interested in (haven't got around to actually testing it though) is how much of the signal you could passively sniff while a transaction is in progress, because although the system is designed to use magnetic coupling, 13.5MHz propagates reasonably well so you're going to get some degree of RF leakage.
Good Lord! It works. Just two layers of aluminum foil inserted in my wallet and NFC can't read anything. Thank you very much for that advice!
Dave Cad... classic :D Also, this technology is very similar to the QI standard for wireless charging for phones & tablets. Instead of sending the credit card data, the device sends information to the pad such as how much current to supply and when to stop by modulating the load on the phone's internal charging coils.
People have seen skimmers walking the London Tube with handheld Point of Sale devices. Here in the UK the limit is a much more manageable £30. Still spend a few hours walking about London crowds and you could make a decent living. Electronically pickpocketing £30 quid a time.
There is no hope of this working. The owner of the pos device would never receive the money. The financial rules that apply are far too strict. Sounds like a "plausible" myth to me.
I'm sure every real business would pay good money to find out ho to get your cash quickly from the ACH.
Creating foil card sleeves seems like a much more practical solution than buying entire accessories to solve the problem.
Indeed.
I'd like to propose two fixes you might want to add before releasing it: 1) It is actually the same chip as the one seen from the outside, not a separate one (Google images "paywave x-ray"), and this way they can also have the same data shared (e.g. some cards count your contactless transactions and allow only X in a row). 2) They are not just data storage like your usual tag, but the are actively negotiating with the terminal and cryptographically sign transactions. The data you can read out from it alone will not help you much (you do get CC number and expiration date, but not name or CVC2 - it's worse to have your card captured by a security camera than having it scanned). To make a transaction, you would need to go around with a terminal, or relay the communication via the Internet to another phone at a rogue merchant's place, and since merchants must be registered, this makes it a lot harder for criminals.
Yes, it's not easy, but it's possible and has been done. Risk is pretty low though.
With the TI RFID Development kit TRF7970A I managed to read more than 10 cards at the same time. However I have seen tags that use the 125 kHz system for building access control interfer with the theft protection of a Fiat Punto. It took my friend at work several weeks to figure out what was going on and why his car didn't start sometimes. That was before 2006 though.
Yes, my 125KHz lab access cards don't work with two in my wallet.
If you are worried about people stealing your data you could always just disable the RFID functionality. I know that my bank has an option online to just turn the feature off. The same option is there to disable the magnetic strip. What this does is probably just declines any transactions made when using those technologies.
Actually, the modulation is ~106KHz. (13.56MHz / 128). It only goes to 847.5KHZ (13.56MHz / 16) after the PPS handshake between the PICC (card) and PCD (reader). The card has to say, "I support these baud rates" during the RATS command, then the reader has to choose the baud rate to use with the PPS command.
Otherwise, spot on, mate! I didn't know you did RFID stuff.
To clarify: the message that the chip sends to authorise a transaction and prove that it isn't a clone (the cryptogram) is protected by strong cryptography, but information that is also present on the front of the card or on the magstripe, such as the card number, is always transmitted in the clear. So it's possible to skim a card and use the card number to shop online or something, but, in principle, it's not possible to physically clone a skimmed card. In practice, this isn't always true, mainly due to American banks that don't bother checking the cryptogram.
+Francois Molinier nope, the cryptogram is the response part of a challenge-response protocol. it's a digital signature of the transaction details and a nonce, so a MITM won't work as these will be different for a different transaction. this is all moot anyway since the card will give you the number if you ask for it, and that's all you really need to make a transaction
if people are so concerned, and they don't care to use the touch and go of the card, then I would just say they should exacto the coil and break the circuit.
Hole punch. Break a single wire and the coil is useless, and a small hole doesn't hurt it's normal use.
+theLuigiFan0007 Can confirm. I did this with my uni ID card by accident XD.
The ISO14443 standard calls for readers to have a minimum of 1.5A/m output. ISO15693 calls for 2.0 A/m. if anyone's interested. ISO10373 is concerned with the measurements of the readers.
Your phone will be producing around 1.0A/m at 13.56MHz. the ISO14443A ID1 credentials can sometimes read somewhere around 0.3 to 0.4A/m depending upon the amount of processing involved. Actually you'll find that most cards won't be read over about 15cm with a reader producing 4A/m as the magnetic field just isn't strong enough. You won't find anything portable over 4A/m as you start needing a beefy RF amp
It is quite possible for these cards to be read from this distance but like Dave said, it doesn't mean they can actually set the transactions up.
The convenience outweighs the risk apart from when it interferes with my bus pass!
in the USA, I don't think banks issue cards with the RFID chip anymore. As a matter of fact, I remember all my cards being replaced without the RFID symbol. They only contain the chip.
More sophisticated than a charcoal rubbing of a pocket to determine the contents.
why do i find 'Dave CAD' funny with the smiley face in the D? i do not know but it made me laugh (3:10)
For years now, on my circuit diagrams, I've put a little DaveCAD smiley in the corner, just cuz it makes me chuckle ;)
You can get a commercial DaveCAD license from EEVblog so you can use it on the back of more then one envelope lol
heh, yup. Perhaps I should have clarified that these are drawings I was making for myself alone in my room :P.
You are using an unauthorised version of Dave CAD.
smelly box "Lets go to DaveCAD" Always gets me
you don't have to put it all around, one layer of foil on any side is enough because it detunes the resonant frequency a lot.
Oh, I have a slight issue with how you are thinking modulating a coil is not a radio? The difference between a transformer and a radio is the radio modulates the electromagnetic field (we call it electromagnetic radiation for a reason). My one transistor AM crystal radio works exactly the same way using the radio signal to provide enough current to run it, admittedly I do ground it rather than ground to the other end of the coil. I bet if I tune a heterodyne receiver to 50Hz I'll be able to here a continuous 50Hz radio signal. With a powerful enough radio signal one can in fact activate one of these cards.
And when you loose it anyone can help themselves to your money. Not the smartest idea. I'm sticking with the old chip and pin.....much safer
"This is NOT a RF system, it works on magnetic fields instead of RF-fields" o.O Well, what are RF-systems working on ?
RF-systems are in theory a transformer system - and yes, they are called antennaes.
SnopFop - TheSkogemann rf (and other EM waves) are composed of electric and magnetic fields, but a pure magnetic field acts differently than an EM wave. That's why transformers and rf antenna/receiver systems follow different equations.
RF systems are NOT transformer systems. Transformers have magnetic coupling across the coils, RF systems do not couple between antennas. If you put a load on the secondary coil of a transformer, that creates a major load on the primary. If you turn on your radio in your car, that doesn't load the broadcast station at all. They have no clue if you are listening or not except with surveys.
RF systems use electro-magnetic radiation, not just magnetic fields. Transformers use magnetic fields and don't give a crap about electric fields.
You will find that the credit card details can be retrieved. If you had pressed the tag information, you would have seen the credit card number.
Considering my CC number was stolen 3 times out of the local shopping center I work out of. The issue was traced back to people hanging out in the food court/common areas on laptops with what 'looks' like a normal antenna hanging out a USB port. How I took care of this scam was about the simplest thing in the world. I just walked into my bank and requested a CC/Debit card WITHOUT the pay wave feature. They make them in the chip reading variety as well. As both my bank cards have chip readers, and NO pay wave nonsense. Never be afraid to ask or request one. Most banks do have these available and will gladly order it in for a customer. The other scam that was exposed, the readers on gas/petrol pumps. Seems the bulk of the companies continue to use the same KEY to open the access panels! (And the serial ID sticker tabs are a joke! One was ripped off a pump I went to use. The clerk didn't check the system for a 'hack'. Just slapped a new serial sticker over the torn one) So never use 'pay at the pump' and request a no pay wave card. And you'll be in slightly better shape.
Another thing to consider: How flippen LAZY is society when they can't be bothered to swipe or insert a card? Do they want to look like David Copperfield doing a magic "Wave the card trick" each time they purchase an item? Just insert or swipe the card already.
>> "How flippen LAZY is society when they can't be bothered to swipe or insert a card?" I have wondered the same thing. It is just the latest novelty feature. Most people are clueless and banks are still crooks. An alternative to requesting a new card without this feature is to cut or puncture a single antenna coil trace or find the tiny bump where the components exist and give it a slight tap with a hammer to crush them.
You're not signed up to any porn sites by any chance are you?
Consider yourself lucky. I told my CC company that I didn't want a card with the RFID/NFC based system. They told me that they don't make any cards without this new technology. I was told not to worry. They would reimburse me for any fraudulent activity on the card. It amazes me that a CC company would rather fix CC fraud after the fact than try to prevent it up front. I wouldn't be surprised if their accepting fraudulent uses of CC's is part of the reason for high merchant fees and high interest rates to CC users.
No need to sign up. LOL. Actually I sent news stories about people in public areas using laptops to steal CC numbers and information. The local center didn't do squat even when faced with evidence.
People love gimmicks. And they think "Hey, it's so cool that all I need to do is wave my 'magic card' to pay for something. Now we have Google and Apple pay....paypal pay.... Things are going plastic in a huge way.
Such a shield works while the card is in it. Remove the card to use with the RFID scanner at checkout and a black hat behind you in the checkout line doesn't even need to transmit anything to pick up the signal.
I have an idea or two about a protection features that can be added to these cards. How about if the chip in the card only starts working if it detects the electrical resistance from your fingers on the card? That way the only way the card can work, is if you are holding it. Otherwise it's only going to activate the coil if it is within a 13.56MHz magnetic field but there isn't going to be any data exchange.
Something like a metallic grid on the card that should read somewhere between say 10 and 50 koms in order to start the chip. Or have specific finger locations that you need to hold the card at, in order for it to work.
And there is even a simpler way to do it, just put a dome switch in the card that should be pressed in order to connect the coil to the electronics inside. Needless to say that it's location must be a bit deeper in the card in order to prevent the button getting pressed while in your purse or pocket. That way you can only activate the card if you are holding at a specific location and apply some relatively significant pressure.
"Don't wear it on your head, put it in your pocket" lol.
I know of someone who used to chat with their victim. They worked in a shop with a card reader that they would put the card in and hand to the customer. They would get in to a surprised sorta reaction, put the card down on their touchless payment machine and and get an easy £30. Somehow it was also untraceable.
I don't think that I believe your statement that card information can't be stolen, because how would the store's scanner process a payment? My wife's card had not left it's paper sheath since it was issued, and yet it, and every RFID card in her wallet were compromised somehow. The old cards without contactless payment were unaffected. I call BS on the VISA assertion that this is secure.
This is why no-one with any technical knowledge should call them 'RFID' cards. These are all NFC(Or near-field-commutation) cards.
Dave gets half a break as he's using layman's terms for ease of explanation, but searching for 'NFC' reader and 'RFID' reader gets quite different results.
Many public transport cards use the same tech, so they make for great test cards if you don't want your credit card shown on air. :) And if you want a somewhat overpriced(due to postage outside of us) way to see what tech a reader uses: dangerousthings.com/shop/rfid-diagnostic-tool/
Yes, true. The term RFID seems to pervade the industry though, although in regards to phones it's usually NFC.
BTW, The ISO 1443 standard itself uses the term RFID
That I didn't know! Shame on the ISO standards!
Also, as far as I know, these 'shields' act as much like a shorted turn as magnetic shielding, taking the energy the card requires and turning it into heat. A 'loop' of aluminium sheet works as a great shield, but one with a break in it(Still overlapping, but insulated) doesn't. For photos: goo.gl/photos/nWY5YPL9KhZabgFP9
I believe the more conductive the material the better it works in this application. I wish I had a piece of ferrite large enough to test this further.
The standard is correct. Maxwell is correct. "NFC is secure" is wrong.
In the UK at least, banks are entirely responsible for any fraudulent transactions using the NFC component. Whereas using the chip and pin method, responsibility falls with the card holder automatically unless they can prove otherwise.
Thanks Dave.
Just for your information: Skimming like this is already happening in Europe.
In the nineteenth century mankind learned thanks to Maxwell how a changing magnetic field creates a changing electric field and a changing electric field creates a changing magnetic field (together known as "electromagnetic radiation", also known as RF radiation when changing fast enough). In 2016, mankind learned that Maxwell (and before him, Faraday and Lenz) were all wrong. "RF" in "RFID" totally doesn't stand for "radio frequency"...
Really Freaking Idiotic Device. ;) That about sums up the implementation of the technology in the various cards most of us carry around in purses and wallets.
Such videos keeps me believing what my students tends to do all this years. You could be perfectly good electrical engineer without a basic understanding of physical phenomena underlying a device operation.
"NFC works on magnetic field", "aluminum foil magnetic shielding" sound like F in grad school physics class ;]
Yes, and there is this concept for near field vs far field. Do you refer to and treat transformer coils as antenna?
Imho you should refer to magnetic and electric dipoles. There are a few weird effects in the near-field which disappear in the far field, like the two wave components (magnetic/electric) don't have orthogonal polarization and the radiation pattern in the near-field doesn't look like what "most" people now from textbooks. But in this case the antenna just couples to the magnetic part of the electromagnetic radiation.
Dave keeps going on about how it's "not an antenna", and that it uses magnetic coupling not "RF fields", but aren't they essentially the same thing, just longer distances?
Like all EM waves are composed of Electric and magnetic fields right, so what makes this different?
Look up "Near and far field". In the near field, E-Field (electric) or H-Field (magnetic) can dominate.
In the far field, there is a fixed ratio of E- and H-Field which is given by the impedance of air, which is about 377 Ohm.
In this application, the H-Field dominates, meaning the impedance is much lower then the air impedance of
377 Ohm. For a radio broad cast transmitter you would aim at matching impedances of transmitter and antenna to increase efficiency.
My thoughts exactly. Let's take a FM radio broadcast station for example... It is a BIG primary and the receivers are all secondaries in a big imaginary transformer... Magnetic coupling being the magic phrase here.
+sarowie thanks for the jumping off point.
Does this mean the phone is still generating a small far-field RF signal at its MHz carrier frequency when searching for a nearby tag and could u pick that up on a spectrum analyser?
Yeah, I'm starting to feel like he just does these things on purpose.
Saying controversial things like "it's not an antenna", or that "current flows through capacitors".
Then he watches the comment numbers mount and the view count climb. Great business model.
It's an antenna in the near field.
Great vid and explanation Dave, but could you please also show how you do the measurements, I know most people will argue that the video will take too long, but it can be interesting to learn more about more complex measurements sometimes :)
So you trade the inconvenience of swiping your card for the inconvenience of wrapping and unwrapping your card in tin foil. (Yes, I know it's not tin.)
Informative video Dave. Well done.
Hey EEVblog, I might not be absolutely correct but it seems RF communication works with the same principle as RFID cause you are still using the same electromagnetic field for TX and RX except that the distance has to be very closed for reception. The current that is oscillating in RF antenna induce the same magnetic field for long distance transmission, and at the destination end you surely do need the antenna where the same signal will be induce except that mechanism for reception is different, but basically the medium is still the same. Thanks for pointing this out.
lol the black tape reminded me of the scraped off ICs, And you thought all along those foil cone hats in the 80's was all for just laughs.
A perfect solution to stop these cards being read without the owners permission would be to embed a photo diode into the body of the card that only allows the circuit within the card to activate when it is in ambient light (ie out of a persons wallet) then when it is in the wallet / bag, it would be unreadable.
thanks for sharing your cc# on the scope lol
He also shared it in the reflection of the tape over the numbers near the end.
Also NFC TagInfo by NXP gives lots of data.
I don't know about Australia but many places in the US they have RFID tags in the cars for toll roads, the readers are over the road at least 16 feet in the air, they can record me passing even at 75mph. now i doubt the protocols are the same but i'm fairly sure the tech is. larger antenna and more power obviously, but since your not a criminal and not equipped with these toys I wouldn't discount the criminal elements ability to procure such devices.
Mrs EEVBlog's bag... TAKE IT APART !!
For those curios: ESD bags does NOT block the signal
In England it's called "contactless" and it's a maximum of £30. When my card breakers, I always make sure that it's NOT contactless.
It's not hard to stick your card in n put your pin in.
This is also why I'd never want a keyless car as the key puts out a signal, which can be picked up and within less than a min, your £10,000's car is no where to be seen.
This is why I'll ALWAYS want a keyed car.
Or an up to date finger print which measures if it's got a pulse. Which is no different to the thing you stick on your finger to check your BPM and oxygen levels.
I'm not sure who comes up with these stupid, backwards, dick head ideas. But they need to be $h0t.
It's true and cars have been hacked, but they are getting safer. There still are cars out there that are vulnerable to various attacks, but the probability of someone actually hijacking and decrypting your code is tiny. You might say that you don't wanna take any chances, but take a look at how easy it is to pick a car lock anyway. No method is 100% secure. Same goes for the card. It could have an authentication feature which would make it pretty much unswipeable, unless some thief takes your data home and starts bruteforcing it, and even then it might just take years. I'm not sure if such a feature is actually implemented, but it should be.
You didn't sign your card. It's not valid! :D
It was my understanding that RFID referred to card containing actual RF chips which also contained a coil. So when you slid your card through a magnetic field (think hotel room key) the RF chip would be able to send a code in a single RF burst, which was then read by the receiver. Is this technology also employed? Why is this not used in credit cards?
Awesome video Dave!
From what I can tell, the only info that you can get out of these cards is the same info on the front of the card (card number and expiry date). It doesn't give you any of the crypto information needed to create a duplicate card using the modern EMV protocols, and it doesn't give you the CVV number you usually need to make online purchases. It might be possible to make a fake magnetic strip card, which may work if your card issuer and the store's card processor still allow magstripe transactions - though if you're in the US, that's likely the case.
To the end the sticky tape sticks more and more against your card and the risen numbers.. you show the card from various angles and with lighting from different sides...
bad people could try to read the numbers. CRC could even help them to guess...
yes, I know there are still things missing like the security code from the back, but I would have used a thicker tape, blurring the outlines of the numbers more.
They rise the numbers in Australian debit cards?! On debit cards in switzerland and germany, the number is just printed. Same with prepaid credit cards. This even true for prepaid credit cards (which are additionally marked with "online use only"). I have only seen risen numbers on true credit cards.
+sarowie There are also risen numbers on some prepaid cards, as a "feature" to make the cardholder feel less cheap. (Bullshit of course)
*****
The marketing departments of banks seem silly to me. As a costumer, I care for functionally and prices. Maybe I care for the card "not looking like an ugly unprofessional mess", but thats about it. At least in europe, sells personal does not care what type of card you are holding as long as the machine says that the transaction was successful.
Those risen numbers only remind me of the old paper transaction system that copied the card details mechanical on to paper. As I grew up in Switzerland, I feel any system other then Chip and Pin as antique and outdated - I hate it, that in Germany I have to hand over my card and sign a slip of paper. Let alone when they take my card and scan the mag-strip. So not having risen numbers feels better for me.
I have a German debit card with risen numbers (issued this year), so it is a Swiss thing or depends on the Bank.
Maybe they do it because that's what older people expect, it doesn't really hurt and - maybe - you can use it in some less developed countries, that do still use paper transfer... but I Don't know if those exist.
Schwuuuuup
Maybe my definition of "risen" varies from yours. On my debit card, the number is ever so slightly risen - there one layer of sticky tape should be enough to make the number unreadable on camera. But on a credit card, the number is really embossed.
Best video on how NFC works but with wrong title
Just put the card in an aluminumized envelope, just like you'd do with those toll transponders.
I'd have thought that putting the card inside of an aluminum box would shield it because the box should act as a shorted turn in the transformer.
yeah,I guess i would be more converned with the ones they are sticking to the front of gas pumps and at rest stops. seems here in Michigan,theives have targeted the main areas they know people in a hurry to travel stop. they have already hit up several gas stations and rest stop machines.
Funny story, my father had one of the early types and I knew the risks and downloaded a card reader app and said "watch this" pinged his card and it displayed the number and everything then I said "is this your card" he replied "yes, that's not good" so the mobile phone app demo that you did I also used to prove that they were easy to read
Been using metallic Christmas foil wrapping paper in my wallet to protect my credit cards. Thank you for the video ! tjl
Beats the paint-drying Lab Re-arranging vid Dave :)
Seriously, was insightful. Actually quite simple how it works in terms of coms. But surely the card is read only, so if you could capture the traffic and decode it, one could emulate it? Or perhaps there is some sort of 'key' on board, like SSL
In Portugal the code is asked every 60€ of purchases and if a single transaction is more than 20€.
I would like to see Dave take a look at the rfid Guardbunny created by Kristin Paget. First featured at schmoocon 2012 and later went openhardware and got an article on Hack a day.
* it's the same chip that does both functions in all cases
* none of it is encrypted, whichever provider you have
* with a sufficiently high powered emitter / large gain antenna, you can read the card at a good distance of several meters if not more
Given a good antenna and equipment there is still a range limit from RF noise, but that could be quite a range.
Have you seen the jamming cards that deliberately jam the RFID frequencies when they detect a field? I've seen a bunch of these on the market (eg: armourcard, which is an Aus company - they sell them at JB). Would be interesting to see whether they're any good using the testing setup you used there. Interesting story is that I see them on the counter near the EFTPOS pinpads, and every time i get a failed card read at JB (and had to insert the card instead) one of these display stands is pretty much next to the pinpad. Tends to lend credibility to the product, but really silly placement by JB!
Yeah! Test this!
Didn't know about these, and JB Hi-Fi, hmm I could just go pick one up.
EEVblog Last I saw I *think* they were $50ish AUD or something, so not very cheap. Price may have changed tho. If need be i might be able to send you the one I have.
Hey Dave, how about a video on those little security chips. Those look pretty neat to me.
Bummer... I downloaded that program on my phone and tried it with a couple of cards I have not really knowing if they were NFC cards or not. None of them are. Even my passport card I have doesn't. Now I can't play around with it. Oh well. Good video though with a good explanation of how this actually works and NOT "RFID" like the news media would tell you it is.
In the UK it's just 'touchless payment' and limited to £30 afaik.
I remember in the 90 all the public phone use that chip for cards with credits. And we use a eprom with the software to emulate and call free.
It'd be cool to see what's being passed between a Nintendo Wii U or 3DS and the Amiibo NFC figures, or between Skylanders and Disney Infinity figures and their respective NFC stands.
You keep saying something like AAAH FOIL, it took a while before I realized that you were saying ALLLL FOIL. So I assume you are saying ALUMINIUM FOIL or for the Yanks ALUMINUM FOIL.
Correct
If you try and use two cards at once with an eftpos reader it won't work, it tells you to present one card at a time. Which is probably why people think having two cards in your wallet protects you. Actually, I thought that. But I can see now that it only would protect you against one of the least sophisticated types of attack.
But that's just a feature of the point of sale system. A hacker would simply use every/any card in the field.
Hagenberg goes EEVBlog ;-)
I'm sorry Dave, 13.56MHz qualifies as RF. In fact above 153kHz is the LW band and something around 67kHz is (was?) broadcast for RF clocks in Europe. The method of coupling into the receiver is not what decides whether it's RF, that is merely the transmission scheme and antenna coupling. Sure most transmission uses the 'E' field and this is predominantly 'M' field but what about AM receivers that have those dinky little ferrite rod antennas? They are really only a coupled transformer, or are they too not radios??
was hoping someone called him on this. his repeated statements its not rf were almost as bad as a phd level astronomy prof I once had telling the class that a microwave oven runs on inferred. Also im not sure on this but I dont think shielding is as hard as he claims, all you need is a para magnetic material. like the foil he then pulled out. If he had thought of it as rf and knew antena theory he would have been able to explain a lot more functional info about why the read range is short with a 22 meter wave length and devices that size (esp the card antenna) and the reader probably has less than enough room for a 4th wave unless its the model for parking garages as well
In the 13 MHz area we are (primarily) talking of inductively coupled systems where the necessary energy is provided by the magnetic field of the reader. Figure 1 depicts the very basic principle of an inductive coupled RFID system, which can be summarized as follows [3] [4]: For inductive coupled systems the underlying antennas are represented by coils of a defined size. It is well known that a coupling system of two coils can be replaced equivalently by a transformer. The connection between these two coils is given by the magnetic field (B) and the underlying value to describe this connection is the mutual inductance (M) and/or the coupling factor (k).
www.eurasip.org/Proceedings/Ext/RFID2007/pdf/s1p4.pdf
Man, it's almost like Dave knew what he was talking about!
Cutting the antenna in your credit card definitely works to prevent NFC fraud....
Here abouts in Ontario Canada, people call it "arrfid" as a single spoken word. The cards don't take a lot of flexing, heat or use before failure. Any three of those cause them chips to fail, and I find my cards have a max six months functionality before I am getting a new one (one card replacement lasted six weeks). My bank allows stores to set the spend limit up to 100 dollars, but the bank only allows 50 consecutive transactions. But, that is when everything is in working order, and the general fail rate is about 40%. Mostly because stores need to continually update security and they don't and their scanners stop working. More interesting question to ask. My bank manager told me recently that there is word in the banks that the mag strip is going to be phased out soon has anyone else hear this is a thing on the way?
"Not valid unless signed"
Nice to see I'm not the only one who doesn't sign their cards. Zero point in doing it.
Signatures are not valid any more in Australia, officially phased out.
Well yeah, still says the card isn't valid without it though.
I can never even get the ink to stay on there anyway. Not sure what sort of marker / pen it's expecting me to use :(
It's a throw-back since before they changed the rules recently. I guess they couldn't be bothered changing their card stock.
Here in the United States, there are some Agencies/companies that will not accept a unsigned card for certain transactions, like the US postal service when purchasing money orders. Although I do not see the point in it, since they normally hand you a pen, and tell you to sign your card. How does this prove that you are who you say you are, it only proves that you may have forged someone else's signature. and by the way, None of my credit cards have the RFID symbol on them. in the US, credit card companies and banks are getting away from the RFID cards. Replacing them with the newer list vulnerable cards. but they still don't require a pin number.
I'd rather figure out how to fry the RFID chip in any card I have, as it's a feature I'd NEVER use specifically because it's so insecure.
Perhaps a disposable camera's xenon flash circuit, but add an air-core inductor in series with the flashtube, and put the card on the coil?
Idea is that it basically makes a tiny EMP every time the flashtube goes off due to the high pulse current. Intent is to overload the input of the RFID chip to the point of failure.
Putting the card in a microwave for 5 seconds wouldn't work, as it'd also fry the security chip, which I DON'T want to happen.
44R0Ndin not to mention scramble the mag stripe.
44R0Ndin Unfortunately, I think it's the same chip as the contact interface. Vendors of programmable chip cards with RFID and contact support (for stuff like corporate security) generally work like that, and it's the same companies supplying the credit card companies.
All magnetic fields have a electric field, an electro magnetic field is what we call RF. So technically wouldn't the transformer magnetic fields be just as much RF as traditional RF and if not please clarify?
I must ad to this that the magnetic and electric field do not have to be proportional and as such a magnetic field is much stronger in transformers then the electric field.
I think you are correct. This system is an example of "Near-field magnetic induction communication" (see Wikipedia). The electric field is largely suppressed by the absence of a proper antenna, so the magnetic field is unable to transmit much energy into free space. Hence the transmission range is deliberately restricted to a few meters.
yes, modulating a coil is a radio.
hi Dave
Actually RF's are magnetic waves so why are you bothering yourself to say its different from a typical RF cable that sends off data in form off some modulation of a RF pulse?
If there is loose money laying around some criminals WILL find a way to pick them up.
I haven't tried taking it apart so I don't know what tech the Tesla key uses, but other metal keys in my pocket sometimes interfere with the car's ability to read the key. That's over a much longer distance though.
Cut the handbag open and search that protective layer!
Question: Even if you had a super powerful transmitter, one capable of transmitting through the shielding sufficiently enough to activate the card, wouldnt it still not work because the card needs to then transmit back?
I suspect if you could get enough energy into the chip to make it transit through a good layer of shielding you would burn out the chip.
This is correct: The card, but the card won't be able to modulate it's answer onto the stronger magnetic field in a protocol complient way. This is done by design of the technology to limit the usable range to a few cm.
Do the cards have over-voltage protection for the coil?
The card doesn't transmit, it communicates by varying the load. A guy at school made a reader that can communicate with ISO 14443 cards over a couple of meters as part of his dissertation, so it might be possible. It's not as much about power as it is about sensitivity.
Those anti-theft systems at stores use an electromagnetic field, right? Would love to see a hack that turns them into a giant skimmer that could be wheeled up to any store front.
RFID debit cards are so convenient. Wish they were safer.
"It's a Gianotti brand, for those playing along at home..." - 100.000 EEVblog bag-aficionados just got what they came for!
It's a bobby dazzler!
How about cutting up an anti-static bag (the gray ones, not the pink ones)?
Aluminum foil is VERY fragile, and will not last long.