Contactless bank cards

Ian Mason ukcrypto at
Thu Nov 18 16:05:18 GMT 2010

On 18 Nov 2010, at 14:51, Ian Batten wrote:

>> If we want to put this into perspective with some real world  
>> results there's a paper here < 
>> usenix06/index.html> where a reading range of 25 cm was achieved  
>> with USD 110 worth of hardware. This paper is 4 years old and may  
>> not even represent the state of the art at the time.
> Perhaps not.  But did you notice the slight flaw in using this  
> surreptitiously?  It's in section 2.4:  ``A necessary condition for  
> an increased range is a larger antenna. Theoretical analysis  
> ([Lee03]) shows that for a desired range, r, the optimal antenna  
> diameter is <kw-usenix06-forhtml-img2.gif> r. We wanted to  
> demonstrate a reading range of 25-30 cm.''
> They used a 39cm diameter copper tube loop to get 25cm.  Assuming  
> that for the attack we're talking about a metre would be a more  
> credible range, you're not going to be inconspicuous with a metre- 
> plus diameter copper loop tucked under your shirt.  Especially as  
> the paper says "We built the loop antenna from 5/16 inch cooking  
> gas copper tube", and even then it wasn't rigid enough: "The tube  
> is tied to a solid non flexible wooden tablet, in order to maintain  
> its shape and to avoid inductance changes under mechanical  
> deformation forces."
> ian

Granted. Note however that this type of antenna does not have to be a  
circle; rectangles, even long thin ones, work too.

However, even in circular form it would easily fit the "Entrance £5"  
scenario posited by Nick (I think) where it could be concealed in a  
premise's entrance, or disguised as one of the loop antenna used in  
shop entrances for theft prevention, which we all walk past and  
ignore every day. In practice, I think this is probably a greater  
threat than purse surfing or whatever moniker we come up with for it.

T'other Ian

More information about the ukcrypto mailing list