Contactless bank cards
ukcrypto at sourcetagged.ian.co.uk
Thu Nov 18 16:05:18 GMT 2010
On 18 Nov 2010, at 14:51, Ian Batten wrote:
>> If we want to put this into perspective with some real world
>> results there's a paper here <http://www.eng.tau.ac.il/~yash/kw-
>> usenix06/index.html> where a reading range of 25 cm was achieved
>> with USD 110 worth of hardware. This paper is 4 years old and may
>> not even represent the state of the art at the time.
> Perhaps not. But did you notice the slight flaw in using this
> surreptitiously? It's in section 2.4: ``A necessary condition for
> an increased range is a larger antenna. Theoretical analysis
> ([Lee03]) shows that for a desired range, r, the optimal antenna
> diameter is <kw-usenix06-forhtml-img2.gif> r. We wanted to
> demonstrate a reading range of 25-30 cm.''
> They used a 39cm diameter copper tube loop to get 25cm. Assuming
> that for the attack we're talking about a metre would be a more
> credible range, you're not going to be inconspicuous with a metre-
> plus diameter copper loop tucked under your shirt. Especially as
> the paper says "We built the loop antenna from 5/16 inch cooking
> gas copper tube", and even then it wasn't rigid enough: "The tube
> is tied to a solid non flexible wooden tablet, in order to maintain
> its shape and to avoid inductance changes under mechanical
> deformation forces."
Granted. Note however that this type of antenna does not have to be a
circle; rectangles, even long thin ones, work too.
However, even in circular form it would easily fit the "Entrance £5"
scenario posited by Nick (I think) where it could be concealed in a
premise's entrance, or disguised as one of the loop antenna used in
shop entrances for theft prevention, which we all walk past and
ignore every day. In practice, I think this is probably a greater
threat than purse surfing or whatever moniker we come up with for it.
More information about the ukcrypto