EEVblog #889 – Credit Card RFID/NFC Theft Protection Tested

EEVblog #889 – Credit Card RFID/NFC Theft Protection Tested

100 Replies to “EEVblog #889 – Credit Card RFID/NFC Theft Protection Tested”

  1. hi Question so I`m guessing this true of the chip they put in pets and soon humans 🙂 now i get the tin foul on head thing 🙂

  2. you don't have to put it all around, one layer of foil on any side is enough because it detunes the resonant frequency a lot.

  3. Dave, you didn't tear it apart this time! (the handbag) 😛 .. tear the handbag apart, and see what's in it! 😀

  4. Buy one of these.. work perfectly against perverts on the bus with a portable pin-machine.

  5. that's a thief bag in UK to stop the alarms activating. but in UK the skanks use tinfoil lined plastic bags

  6. So… what we have basically just witnessed is that Aluminium Foil Hats can/might actually work….. Bob is my uncle.

  7. yeah,I guess i would be more converned with the ones they are sticking to the front of gas pumps and at rest stops. seems here in Michigan,theives have targeted the main areas they know people in a hurry to travel stop. they have already hit up several gas stations and rest stop machines.

  8. A friend of mine was on the standards committee for the design of all RFID banking cards and he went through the maths regarding theft and RF levels both to activate the card and the RF from the card and the chance of someone stealing your data is very low. Anyway you'll get your money back as it was an unauthorised transaction.

  9. A tap and go skimmer was the first device I built with what I learned on EEVblog. It works like a charm and finances all my subsequent projects. Thank you dave.

  10. I've made a hat out of aluminium foil so that GCHQ can't see what I'm thinking when I touch myself

  11. From what I can tell, the only info that you can get out of these cards is the same info on the front of the card (card number and expiry date). It doesn't give you any of the crypto information needed to create a duplicate card using the modern EMV protocols, and it doesn't give you the CVV number you usually need to make online purchases. It might be possible to make a fake magnetic strip card, which may work if your card issuer and the store's card processor still allow magstripe transactions – though if you're in the US, that's likely the case.

  12. The black tape started out good but the man-handling of the card throughout the video made the numbers legible at the end!! Like an old Astro label.

  13. I wanted to totally disable the RFID function of my card. The answer was simple. A small notch in the bottom edge of the card, just a few mm, breaks the coil and stops it working.

  14. we JUST got chip and pin to be widespread in america … i got my first one recently
    10 more years we might get this RFID 😛

  15. could you use some gadgets in your lab to generate a more powerful transmitter? That would have been interesting. And to test the max distance with the phone's power and plot it out

  16. So when is somebody going to make a shoplifting RFID/NFC theft protection handbag with the lining over the main compartment?

  17. So if i find a card in Australia and if your NOT a nice person you can take a chance and buy up to $100 AUS dollars that seems a bit crap

  18. Now when you contactlessly purchase your tinfoil hat, you get a free shielded wallet too!

  19. Such a shield works while the card is in it. Remove the card to use with the RFID scanner at checkout and a black hat behind you in the checkout line doesn't even need to transmit anything to pick up the signal.

  20. Thats the REAL PERFECT way to really explain those "RFID" cards! Perfect, and Understandable.
    Indeed, It is a Inductively coupled system.

  21. You keep saying something like AAAH FOIL, it took a while before I realized that you were saying ALLLL FOIL. So I assume you are saying ALUMINIUM FOIL or for the Yanks ALUMINUM FOIL.

  22. I would like to see Dave take a look at the rfid Guardbunny created by Kristin Paget. First featured at schmoocon 2012 and later went openhardware and got an article on Hack a day.

  23. I don't know about Australia but many places in the US they have RFID tags in the cars for toll roads, the readers are over the road at least 16 feet in the air, they can record me passing even at 75mph. now i doubt the protocols are the same but i'm fairly sure the tech is. larger antenna and more power obviously, but since your not a criminal and not equipped with these toys I wouldn't discount the criminal elements ability to procure such devices.

  24. The ISO14443 standard calls for readers to have a minimum of 1.5A/m output. ISO15693 calls for 2.0 A/m. if anyone's interested. ISO10373 is concerned with the measurements of the readers.
    Your phone will be producing around 1.0A/m at 13.56MHz. the ISO14443A ID1 credentials can sometimes read somewhere around 0.3 to 0.4A/m depending upon the amount of processing involved. Actually you'll find that most cards won't be read over about 15cm with a reader producing 4A/m as the magnetic field just isn't strong enough. You won't find anything portable over 4A/m as you start needing a beefy RF amp
    It is quite possible for these cards to be read from this distance but like Dave said, it doesn't mean they can actually set the transactions up.

  25. I know of someone who used to chat with their victim. They worked in a shop with a card reader that they would put the card in and hand to the customer. They would get in to a surprised sorta reaction, put the card down on their touchless payment machine and and get an easy £30. Somehow it was also untraceable.

  26. I use my iphone to do the equivalent of the tap n go, but the iphone apple pay has extra layers of protection. Like it needs my thumbprint to work, and if I lose the iphone or it gets stolen(which would result in basically the card was also lost or stolen) I can just simply shutdown the phone with Find My Iphone and not worry about it.

    So now, all I carry is my iphone with me, all the credit cards stay at home.

  27. The fun thing to do is have a larger coil in the purse that also picks up this magnetic field and outputs random noise in the RFID bands. The best part is that under normal conditions it does nothing, only when you're being scanned by some thief.

  28. I feel like a simple solution to these cards would be a resistive sensor or something (such as two metal contacts that you place your finger over) and without your finger on them, the card doesn't talk.

  29. Dave Cad… classic 😀 Also, this technology is very similar to the QI standard for wireless charging for phones & tablets. Instead of sending the credit card data, the device sends information to the pad such as how much current to supply and when to stop by modulating the load on the phone's internal charging coils.

  30. If you are worried about people stealing your data you could always just disable the RFID functionality. I know that my bank has an option online to just turn the feature off. The same option is there to disable the magnetic strip. What this does is probably just declines any transactions made when using those technologies.

  31. I've had my card wrapped in "AL-foil" for about a month. Now I know I'm "mostly" safe. Thanks for this video and the knowledge it passes on to the public. My bank couldn't even give me a straight answer about this.

  32. you could just snap off or cut out a little piece where the coil goes through and be done with the whole rfid shit. I don't care if I spend 2 minutes standing in a queue and 5 seconds paying or standing 2 minutes in a queue and spend 20 seconds paying if the price for that is that anyone can use my card or the captured data to pay without entering a pin or even do as much as give a signature.
    Which fuckhead came up with that stupid idea anyway? I work in retail and 99.9% of our customers don't use it anyway.

  33. once u have used the app to read your card what's to stop the app squawking all your card details back to whoever wrote the app? This technology is called contactless payment here in the UK BTW.

  34. Its not the contactless you want to worry about , its the EMV protocol being broken as shit thats the problem.

  35. Tip: Last NFC transactions history is stored directly in most Visa cards. There are applications to read them also.

    This video focuses a lot on scanning aspect, but scan is useless without SE response. So the only way to actually steal money is to perform MitM attack with HCE endpoint to emulate SE.

    As for biometric passports – data is encrypted and key is generated from passport number, date of birth and date of expiration.
    That's why you have this
    section in them. It's for machine to run a dumb OCR to get required info for generating decryption key and then decode data. So scan alone is also useless.

  36. All magnetic fields have a electric field, an electro magnetic field is what we call RF. So technically wouldn't the transformer magnetic fields be just as much RF as traditional RF and if not please clarify?

  37. Oh, I have a slight issue with how you are thinking modulating a coil is not a radio? The difference between a transformer and a radio is the radio modulates the electromagnetic field (we call it electromagnetic radiation for a reason). My one transistor AM crystal radio works exactly the same way using the radio signal to provide enough current to run it, admittedly I do ground it rather than ground to the other end of the coil. I bet if I tune a heterodyne receiver to 50Hz I'll be able to here a continuous 50Hz radio signal. With a powerful enough radio signal one can in fact activate one of these cards.

  38. It'd be cool to see what's being passed between a Nintendo Wii U or 3DS and the Amiibo NFC figures, or between Skylanders and Disney Infinity figures and their respective NFC stands.

  39. I'd say that the reason people think that putting cards together will protect them is that a lot of implementations don't do anti-collision properly. Haven't tested it with Opal, but certainly the MyKi readers in Melbourne don't implement anti-collision, if it sees multiple cards it just gives up. So they've probably seen a message like "multiple cards detected, try again" and assumed that that means that the system can't read them if there are multiple cards there.

    As far as reading them from a distance, there's an application note, I believe on the TI website which covers building long range antennas for RFID, after a point you end up with something that looks like the anti-theft tag gates in shops.

    What I'd be more interested in (haven't got around to actually testing it though) is how much of the signal you could passively sniff while a transaction is in progress, because although the system is designed to use magnetic coupling, 13.5MHz propagates reasonably well so you're going to get some degree of RF leakage.

  40. hi Dave
    Actually RF's are magnetic waves so why are you bothering yourself to say its different from a typical RF cable that sends off data in form off some modulation of a RF pulse?

  41. How about cutting up an anti-static bag (the gray ones, not the pink ones)?
     Aluminum foil is VERY fragile, and will not last long.

  42. It was my understanding that RFID referred to card containing actual RF chips which also contained a coil. So when you slid your card through a magnetic field (think hotel room key) the RF chip would be able to send a code in a single RF burst, which was then read by the receiver. Is this technology also employed? Why is this not used in credit cards?

    Awesome video Dave!

  43. @eevblog RFID is still using rf. You say it uses a magnetic field when it is electromagnetic. Just because it is passive doesn't mean it's not using radio waves .

  44. I'd rather figure out how to fry the RFID chip in any card I have, as it's a feature I'd NEVER use specifically because it's so insecure.

    Perhaps a disposable camera's xenon flash circuit, but add an air-core inductor in series with the flashtube, and put the card on the coil?
    Idea is that it basically makes a tiny EMP every time the flashtube goes off due to the high pulse current. Intent is to overload the input of the RFID chip to the point of failure.

    Putting the card in a microwave for 5 seconds wouldn't work, as it'd also fry the security chip, which I DON'T want to happen.

  45. Hello +EEVBlog, the NFC TagInfo is a great software, but not suitable for credit cards or bank cards. Please take a look at (not advertisement here) JackLess which is designed for payment cards and can relevant data:

  46. They're still all un-encrypted. There's no way that it would work if it was. Think about it, if you encrypt the data, when you go to the Point of Sale, how will the reader interpret the data? It would have to take the encrypted data, decrypt it to process the transaction, and send it to the bank for verification. If it was encrypted, how would you determine any of the bank info? How would you securely transmit the private key to decrypt the card data? You'd have to pass sensitive un-encrypted info to protect the encrypted data, which is a fallacy as at that point the encryption is useless.

    Let's throw that out the window, and suggest it just uses weak encryption with a hardcoded password at POS. Then whats the point of that? I'm sure the keys are somewhere

  47. I'm sorry Dave, 13.56MHz qualifies as RF. In fact above 153kHz is the LW band and something around 67kHz is (was?) broadcast for RF clocks in Europe. The method of coupling into the receiver is not what decides whether it's RF, that is merely the transmission scheme and antenna coupling. Sure most transmission uses the 'E' field and this is predominantly 'M' field but what about AM receivers that have those dinky little ferrite rod antennas? They are really only a coupled transformer, or are they too not radios??

  48. "It's a Gianotti brand, for those playing along at home…" – 100.000 EEVblog bag-aficionados just got what they came for!
    It's a bobby dazzler!

  49. "This is NOT a RF system, it works on magnetic fields instead of RF-fields" o.O Well, what are RF-systems working on ?
    RF-systems are in theory a transformer system – and yes, they are called antennaes.

  50. Not an RF field? That's exactly what this is! That schematic you drew is equivalent to a good old fashioned crystal radio with a loopstick antenna.

    Generally, any of the antennas with circular elements work by coupling the magnetic (B) field, while dipoles and related things like yagi arrays couple the electric (E) field.

  51. From taking screenshots of your lovely scope I'm able to ascertain that your name is Dave..
    Joking aside I imagine with even just Al foil the eddy currents would produce enough noise to disguise the AM packets, although they are sent after the circuit is charged but at that freq it probably stops the induction to the receiver coil in the first place..
    I love how every second week these card are on the news as a "security risk" but never referring to the RFID technology itself. Anyhow great video mate..

  52. If they are using PKI then I would guess the risk to be a Man in the Middle attack. If the data to the card includes a time stamp then a replay attack should be difficult.

  53. Before freaking out about NFC creditcard technology, lets actually think about what's going on inside those cards. 1) You cannot actually read "creditcard data", like on those swipe type (magstripe) cards – there's a chip inside the card that encrypts the PAN and PIN of your card based on charged amount and other stuff. That chip actually uses the payment terminal as an intermediary when communicating with a payment system. All of the information that goes into the card and out to the payment system is encrypted. In other words, until this encryption scheme is not cracked, it can be considered safe. 2) Even if you build a device that communicates with a NFC creditcard, that gives you very little. You also would need to find an acquirer bank that will accept a transaction from an unauthorized device. And believe me, it is tough and expensive business. So, I can realy guarantee you, that, if such theft will ever be accomplished, it will probably be one off. 3) If you were thinking, that you could make a transaction by "channeling" from an NFC creditcard into a legit payment terminal, well, there is a protection too. So, if you were thinking to make a living out of stealing creditcard data from NFC cards – just get a job. If you are just an owner – stop freaking out and spending money on silly stuff like that bag in the video.

  54. i know that (at least SOME) Rfid readers can read multiple things at the same time, as the library where I live use RFID in the books, and on the self-service machine you can stack the books and it reads them fine

  55. You will find that the credit card details can be retrieved. If you had pressed the tag information, you would have seen the credit card number.

  56. A perfect solution to stop these cards being read without the owners permission would be to embed a photo diode into the body of the card that only allows the circuit within the card to activate when it is in ambient light (ie out of a persons wallet) then when it is in the wallet / bag, it would be unreadable.

  57. i thought that there has never been a case of someone scanning cards for RFID and that it would take a heavy duty one that would be hot and impractical if used from a distance, I could be wrong

  58. Hey EEVblog, I might not be absolutely correct but it seems RF communication works with the same principle as RFID cause you are still using the same electromagnetic field for TX and RX except that the distance has to be very closed for reception. The current that is oscillating in RF antenna induce the same magnetic field for long distance transmission, and at the destination end you surely do need the antenna where the same signal will be induce except that mechanism for reception is different, but basically the medium is still the same. Thanks for pointing this out.

  59. Good Lord! It works. Just two layers of aluminum foil inserted in my wallet and NFC can't read anything. Thank you very much for that advice!

  60. I remember in the 90 all the public phone use that chip for cards with credits. And we use a eprom with the software to emulate and call free.

Leave a Reply

Your email address will not be published. Required fields are marked *