Wireless Pickpocketing: Portmanteau Answer

[Tony Naggs]

Ian Batten wrote:
>* My Suica card is the same as an Oyster, using equivalent if not
>identical technology.  It's contactless, it'll work through a wallet but
>not much further.  It does Oyster type jobs, but the ecosystem of shops
>that will take it for small value transactions is much larger, and extends

The range for Oyster or similar card readers is around 5cm, this can
be doubled, or so, with fine tuning AND where there are no other card
readers nearby.  The readers will be unreliable if they are picking up
the RF carrier generated by other readers.

In Japan the Felicia contactless technology is included in some mobile
phones from DoCoMo.  These phones include a 'wallet' application that
can view the transaction history of debits & top-ups.


>This is the question, which I don't think we ever got to the bottom of, of
>if you can read an RFID tag from an extended distance by using an aerial
>with some forward gain (to get power out to the device you're querying)

As far as I understand the antenna size needs to be quite large (e.g.
1m) to get a range measured in metres.  In a scenario where people are
moving (e.g. station concourse) you would probably have difficulty
maintain communication with specific card.

It would also be is easy to detect the carrier from the RFID equipment.

Whilst I believe the RFID cards used for this kind of application
generally use proprietary technlogies I also understand that they use
cryptographic protocols.  I don't know how strong the crypto is.

>and some receive gain (to pull the low-powered omni response up out of the
>noise floor).  If that became possible, the fixes aren't hard for those
>that are worried about it.  And one can easily imagine a card that only
>works when squeezed slightly...

A metal case, such as one used for carrying business cards would be a
pretty good protection.


Regards,
Tony