Contactless bank cards
Cybergibbons
cybergibbons at gmail.com
Thu Nov 18 16:23:33 GMT 2010
On 18 November 2010 10:19, Roland Perry <lists at internetpolicyagency.com> wrote:
>> Using something far more simple and ditching USB keeps the latency low
>> and predictable.
>
> If this is a proposal for an attack in random persons in the same shop as
> the crooks [you need one behind the till, and another out scouting for
> cards] (I think that's how it was supposed to play out) then you'd need
> something a bit more physically elegant than a laptop to be pressing up
> against the victims. So you'd suggest some sort of custom hardware built
> around the chips you mention, and with a fairly high bandwidth RF connection
> between them?
No need for high bandwidth really, it's just when you put a PC and USB
in the way, it's very unpredictable. I can set up a link with low
enough latency between two ChipCon SoC systems, and they cost less
than £10 each.
I can relay a card using two readily available readers speaking to a
third with a PC in the middle.
Joining the two together is all that needs to be done - I don't think
this is at all outside the realms of possibility.
There's no need for massive read distances either. The Touchatag
reader I have hear can work with a Oyster card from about 45mm away.
People can pickpocket wallets, they can easily get a small reader
close enough.
--
Andrew
More information about the ukcrypto
mailing list