Contactless bank cards

Ian Mason ukcrypto at
Wed Nov 17 16:18:46 GMT 2010

On 17 Nov 2010, at 12:06, Roland Perry wrote:

> In article
> <729CF33C-8148-4E32-B4D0-555830394C00 at>, Ian  
> Mason
> <ukcrypto at> writes
>>> Surely you'd have to set up some sort of "man in the middle"
>>> between the card and one of the Paywave terminals[1]. Wouldn't that
>>> be a bit tricky in real time?
>> No, search for "MIG in the middle".
> On one hand, are you being ironic?
>         "One case history that unfortunately turns out to be unfounded
>         is the story of the `Mig-in-the-middle' attack, pp 19-20... in
>         September 2001, I learned from a former employee of the South
>         African Communications Security Agency that the story is
>         apocryphal."
> On the other... I'm seeking to understand what sort of technology you
> could surrupticiously invoke near someone's wallet, and also near a
> paywave terminal (and of course in between) which would provide a
> suitably faked conversation that the card could be debited.

The actual "MIG in the middle" attack may or may not be apocryphal  
but the attack method certainly is not.

I'm having difficulty with your difficulty grasping how this is  
possible. With your background I can't see why you haven't  
immediately seen how to do this. You take a briefcase, in it you  
place the front end of contactless card reader, you interface this to  
a suitable radio modem. You stick a corresponding radio modem in a  
box that can be placed in adequate proximity to a paywave terminal.  
You interface to that second radio modem the airside interface of a  
contactless card (or a suitable simulation thereof). You arrange your  
interfacing so that it is transparent except for the tiny delay  
between endpoints. You then walk around a crowded public place like a  
railway station placing your briefcase in adequate proximity to lots  
of shoulder bags/handbags/whatever that probably contain paywave cards.

More information about the ukcrypto mailing list