EEVblog #889 - Credit Card RFID/NFC Theft Protection Tested

Video quality	The size	Download

Информация о EEVblog #889 - Credit Card RFID/NFC Theft Protection Tested

Название	:	EEVblog #889 - Credit Card RFID/NFC Theft Protection Tested
Продолжительность	:	17.21
Дата публикации	:
Просмотров	:	128 rb

I don't trust contactless or nfc Dodgy tech at it's worst
Comment from : @CortinasAndClassics

I don't think that I believe your statement that card information can't be stolen, because how would the store's scanner process a payment? My wife's card had not left it's paper sheath since it was issued, and yet it, and every RFID card in her wallet were compromised somehow The old cards without contactless payment were unaffected I call BS on the VISA assertion that this is secure
Comment from : @Davi-did

Plz make small videosur video is informative but Plz make use good visualization and short ones
Comment from : @johnfrancis923

I lost US$40 because I forget this lesson “always cover your credit card in aluminiun foil”
Comment from : @ingenierocristian

In the uk it’s up to £30 but with the virus that is going around it’s now up to £40brEdit : Also it’s called contact less , over here
Comment from : @samuelhulme8347

"Don't wear it on your head, put it in your pocket" lol
Comment from : @BoB4jjjjs

Very interesting!
Comment from : @gearstil

And when you loose it anyone can help themselves to your money Not the smartest idea I'm sticking with the old chip and pinmuch safer
Comment from : @paulevans4334

Guaranteed, I can scan your card through that bag with inexpensive equipment I built and use daily I can read it through all passive shields tested to date, our database of failed shielding pockets, wallets, phone cases, and bags (airport luggage) is at 832 products with only 3 products actually causing significant issues extracting the information required to perform a transaction without visual or physical contact with the card Be more careful about what security products you endorse as probably working, they only work on low power RFID readers Criminals use high powered RFID readers We believe there are a lot of criminals using these making it a HUGE concern with an ever increasing probability that any given individual will be targeted with an attack in a given timeframe We will be probing many major metropolitan cities across the US to discover the reality of how likely someone is to becoming the target of such a scam We will post a site and post out data when we complete our studies We are projecting study completion in November of 2020
Comment from : @binaryglitch64

I have an aluminium wallet lol
Comment from : @hanro5028

Cutting the antenna in your credit card definitely works to prevent NFC fraud
Comment from : @davidbrewer7937

Best video on how NFC works but with wrong title
Comment from : @thanasisathanasi4965

They should use nfc for car entry
Comment from : @bridgendesar

You can expose card by power flashlight and see embedded coil and chip
Comment from : @RomanDvoryadkin

Jackscepticeye?
Comment from : @moog38yearsagoupdated1mont9

You will find that the credit card details can be retrieved If you had pressed the tag information, you would have seen the credit card number
Comment from : @Giorgist

It's pronounced rectum fryer
Comment from : @jerremm

Before freaking out about NFC creditcard technology, lets actually think about what's going on inside those cards 1) You cannot actually read "creditcard data", like on those swipe type (magstripe) cards - there's a chip inside the card that encrypts the PAN and PIN of your card based on charged amount and other stuff That chip actually uses the payment terminal as an intermediary when communicating with a payment system All of the information that goes into the card and out to the payment system is encrypted In other words, until this encryption scheme is not cracked, it can be considered safe 2) Even if you build a device that communicates with a NFC creditcard, that gives you very little You also would need to find an acquirer bank that will accept a transaction from an unauthorized device And believe me, it is tough and expensive business So, I can realy guarantee you, that, if such theft will ever be accomplished, it will probably be one off 3) If you were thinking, that you could make a transaction by "channeling" from an NFC creditcard into a legit payment terminal, well, there is a protection too So, if you were thinking to make a living out of stealing creditcard data from NFC cards - just get a job If you are just an owner - stop freaking out and spending money on silly stuff like that bag in the video
Comment from : @obriska

For those curios: ESD bags does NOT block the signal
Comment from : @MrHack4never

kevin mitnick already made a reader that captures the card data
Comment from : @casewhite5048

From taking screenshots of your lovely scope I'm able to ascertain that your name is Dave brJoking aside I imagine with even just Al foil the eddy currents would produce enough noise to disguise the AM packets, although they are sent after the circuit is charged but at that freq it probably stops the induction to the receiver coil in the first placebrI love how every second week these card are on the news as a "security risk" but never referring to the RFID technology itself Anyhow great video mate
Comment from : @DanielVidz

Not an RF field? That's exactly what this is! That schematic you drew is equivalent to a good old fashioned crystal radio with a loopstick antennabrbrGenerally, any of the antennas with circular elements work by coupling the magnetic (B) field, while dipoles and related things like yagi arrays couple the electric (E) field
Comment from : @PaulSteMarie

You didn't sign your card It's not valid! :D
Comment from : @adamlink9772

"This is NOT a RF system, it works on magnetic fields instead of RF-fields" oO Well, what are RF-systems working on ?brRF-systems are in theory a transformer system - and yes, they are called antennaes
Comment from : @TheSkogemann

"It's a Gianotti brand, for those playing along at home" - 100000 EEVblog bag-aficionados just got what they came for!brIt's a bobby dazzler!
Comment from : @TheSkogemann

I'm sorry Dave, 1356MHz qualifies as RF In fact above 153kHz is the LW band and something around 67kHz is (was?) broadcast for RF clocks in Europe The method of coupling into the receiver is not what decides whether it's RF, that is merely the transmission scheme and antenna coupling Sure most transmission uses the 'E' field and this is predominantly 'M' field but what about AM receivers that have those dinky little ferrite rod antennas? They are really only a coupled transformer, or are they too not radios??
Comment from : @etmax1

I'd rather figure out how to fry the RFID chip in any card I have, as it's a feature I'd NEVER use specifically because it's so insecure brbrPerhaps a disposable camera's xenon flash circuit, but add an air-core inductor in series with the flashtube, and put the card on the coil?brIdea is that it basically makes a tiny EMP every time the flashtube goes off due to the high pulse current Intent is to overload the input of the RFID chip to the point of failurebrbrPutting the card in a microwave for 5 seconds wouldn't work, as it'd also fry the security chip, which I DON'T want to happen
Comment from : @44R0Ndin

Thanks for clearing up the misconception and highlighting the technology
Comment from : @oneofus7828

How about cutting up an anti-static bag (the gray ones, not the pink ones)?br Aluminum foil is VERY fragile, and will not last long
Comment from : @harrkev

hi DavebrActually RF's are magnetic waves so why are you bothering yourself to say its different from a typical RF cable that sends off data in form off some modulation of a RF pulse?
Comment from : @arsk7112

I'd say that the reason people think that putting cards together will protect them is that a lot of implementations don't do anti-collision properly Haven't tested it with Opal, but certainly the MyKi readers in Melbourne don't implement anti-collision, if it sees multiple cards it just gives up So they've probably seen a message like "multiple cards detected, try again" and assumed that that means that the system can't read them if there are multiple cards therebrbrAs far as reading them from a distance, there's an application note, I believe on the TI website which covers building long range antennas for RFID, after a point you end up with something that looks like the anti-theft tag gates in shopsbrbrWhat I'd be more interested in (haven't got around to actually testing it though) is how much of the signal you could passively sniff while a transaction is in progress, because although the system is designed to use magnetic coupling, 135MHz propagates reasonably well so you're going to get some degree of RF leakage
Comment from : @SomeMorganSomewhere

You can turn this feature off at your bank
Comment from : @billbill5443

It'd be cool to see what's being passed between a Nintendo Wii U or 3DS and the Amiibo NFC figures, or between Skylanders and Disney Infinity figures and their respective NFC stands
Comment from : @richfiles

Oh, I have a slight issue with how you are thinking modulating a coil is not a radio? The difference between a transformer and a radio is the radio modulates the electromagnetic field (we call it electromagnetic radiation for a reason) My one transistor AM crystal radio works exactly the same way using the radio signal to provide enough current to run it, admittedly I do ground it rather than ground to the other end of the coil I bet if I tune a heterodyne receiver to 50Hz I'll be able to here a continuous 50Hz radio signal With a powerful enough radio signal one can in fact activate one of these cards
Comment from : @EwanMarshall

All magnetic fields have a electric field, an electro magnetic field is what we call RF So technically wouldn't the transformer magnetic fields be just as much RF as traditional RF and if not please clarify?
Comment from : @DantalionNl

Out of curiosity did this video on a purse make enough income to bpay/b for said purse? :D
Comment from : @ICanDoThatToo2

this didn't appear in my subs
Comment from : @rubusroo68

Is it possible to emulate a NFC tag with the phone? Ie, store a copy of a tag and emulate it?
Comment from : @justahappyfellow

Its not the contactless you want to worry about , its the EMV protocol being broken as shit thats the problem
Comment from : @andljoy

once u have used the app to read your card what's to stop the app squawking all your card details back to whoever wrote the app? This technology is called contactless payment here in the UK BTW
Comment from : @yakacm

Thanks DavebrJust for your information: Skimming like this is already happening in Europe
Comment from : @Vliegendehuiskat

I've had my card wrapped in "AL-foil" for about a month Now I know I'm "mostly" safe Thanks for this video and the knowledge it passes on to the public My bank couldn't even give me a straight answer about this
Comment from : @bigwheelsturning

Also NFC TagInfo by NXP gives lots of data
Comment from : @Elecifun

If you are worried about people stealing your data you could always just disable the RFID functionality I know that my bank has an option online to just turn the feature off The same option is there to disable the magnetic strip What this does is probably just declines any transactions made when using those technologies
Comment from : @rolaroli

Dave Cad classic :D Also, this technology is very similar to the QI standard for wireless charging for phones & tablets Instead of sending the credit card data, the device sends information to the pad such as how much current to supply and when to stop by modulating the load on the phone's internal charging coils
Comment from : @neardood1

Mrs EEVBlog's bag TAKE IT APART !!
Comment from : @derek7808

My card got cloned while I was buying aluminium foil to protect my card from being cloned
Comment from : @burkezillar

I feel like a simple solution to these cards would be a resistive sensor or something (such as two metal contacts that you place your finger over) and without your finger on them, the card doesn't talk
Comment from : @iamdarkyoshi

More sophisticated than a charcoal rubbing of a pocket to determine the contents
Comment from : @deadfreightwest5956

i wonder if you can make an rf id protected duck tape wallet using that foil
Comment from : @bland9876

The fun thing to do is have a larger coil in the purse that also picks up this magnetic field and outputs random noise in the RFID bands The best part is that under normal conditions it does nothing, only when you're being scanned by some thief
Comment from : @BobDiaz123

I use my iphone to do the equivalent of the tap n go, but the iphone apple pay has extra layers of protection Like it needs my thumbprint to work, and if I lose the iphone or it gets stolen(which would result in basically the card was also lost or stolen) I can just simply shutdown the phone with Find My Iphone and not worry about itbrbrSo now, all I carry is my iphone with me, all the credit cards stay at home
Comment from : @memadmax69

I know of someone who used to chat with their victim They worked in a shop with a card reader that they would put the card in and hand to the customer They would get in to a surprised sorta reaction, put the card down on their touchless payment machine and and get an easy £30 Somehow it was also untraceable
Comment from : @shadowguidr7042

Oh wow That number isn't quite that hard to read I'm not malicious though :)
Comment from : @shadowguidr7042

In the UK it's just 'touchless payment' and limited to £30 afaik
Comment from : @shadowguidr7042

mslashdotorg/story/312437
Comment from : @friedrichsinofzik5969

For those of you playing along at home, the answers are:br4649 3455 1201 4809br10/18brAin't that right Dave ;)
Comment from : @EscapeMCP

You are the bear grylls of electronics
Comment from : @jbuddyman

I don't know about Australia but many places in the US they have RFID tags in the cars for toll roads, the readers are over the road at least 16 feet in the air, they can record me passing even at 75mph now i doubt the protocols are the same but i'm fairly sure the tech is larger antenna and more power obviously, but since your not a criminal and not equipped with these toys I wouldn't discount the criminal elements ability to procure such devices
Comment from : @kirknelson156

You keep saying something like AAAH FOIL, it took a while before I realized that you were saying ALLLL FOIL So I assume you are saying ALUMINIUM FOIL or for the Yanks ALUMINUM FOIL
Comment from : @brit1066

Thats the REAL PERFECT way to really explain those "RFID" cards! Perfect, and UnderstandablebrIndeed, It is a Inductively coupled system
Comment from : @NeovoGeesink

Such a shield works while the card is in it Remove the card to use with the RFID scanner at checkout and a black hat behind you in the checkout line doesn't even need to transmit anything to pick up the signal
Comment from : @hanelyp1

So if i find a card in Australia and if your NOT a nice person you can take a chance and buy up to $100 AUS dollars that seems a bit crap
Comment from : @Rob1972Gem

Guess I better make a tinfoil hat for my wallet
Comment from : @robertkilbourne323

Does the alignment between the transceiver and the card matter?
Comment from : @08Ultrasonic

Love that DaveCAD works beautifully even on small screens
Comment from : @emuboy85

So when is somebody going to make a shoplifting RFID/NFC theft protection handbag with the lining over the main compartment?
Comment from : @foobargorch

could you use some gadgets in your lab to generate a more powerful transmitter? That would have been interesting And to test the max distance with the phone's power and plot it out
Comment from : @bobbym3155

If there is loose money laying around some criminals WILL find a way to pick them up
Comment from : @johndue2366

How to tear PCI-DSS apart in 17 minutes xD
Comment from : @random_content_generator

it is stelth technology bag )
Comment from : @3JIbIDEHbv2

we JUST got chip and pin to be widespread in america i got my first one recently br10 more years we might get this RFID :P
Comment from : @OneBiOzZ

I wanted to totally disable the RFID function of my card The answer was simple A small notch in the bottom edge of the card, just a few mm, breaks the coil and stops it working
Comment from : @peterjansen5498

can the 847kHz get through the foil?
Comment from : @konic40

4:00br"DaveCAD"brNo no, that is not CAD (I am, however, amused)
Comment from : @giga-chicken

From what I can tell, the only info that you can get out of these cards is the same info on the front of the card (card number and expiry date) It doesn't give you any of the crypto information needed to create a duplicate card using the modern EMV protocols, and it doesn't give you the CVV number you usually need to make online purchases It might be possible to make a fake magnetic strip card, which may work if your card issuer and the store's card processor still allow magstripe transactions - though if you're in the US, that's likely the case
Comment from : @RobertHancock1

I've made a hat out of aluminium foil so that GCHQ can't see what I'm thinking when I touch myself
Comment from : @west3366

More videos on wireless hocus pocus please This was very informative
Comment from : @hgbugalou

A tap and go skimmer was the first device I built with what I learned on EEVblog It works like a charm and finances all my subsequent projects Thank you dave
Comment from : @thekaiser4333

A friend of mine was on the standards committee for the design of all RFID banking cards and he went through the maths regarding theft and RF levels both to activate the card and the RF from the card and the chance of someone stealing your data is very low Anyway you'll get your money back as it was an unauthorised transaction
Comment from : @glenwoofit

yeah,I guess i would be more converned with the ones they are sticking to the front of gas pumps and at rest stops seems here in Michigan,theives have targeted the main areas they know people in a hurry to travel stop they have already hit up several gas stations and rest stop machines
Comment from : @scottfirman