Contactless bank cards

Ian Mason ukcrypto at sourcetagged.ian.co.uk
Fri Nov 19 03:08:37 GMT 2010 

On 18 Nov 2010, at 17:33, Roland Perry wrote:

> In article  
> <AANLkTi=p6hTpGuKBRUzMOpbGTXOBZvfLbETSE5dg6SxA at mail.gmail.com>,  
> Cybergibbons <cybergibbons at gmail.com> writes
>> On 18 November 2010 10:19, Roland Perry  
>> <lists at internetpolicyagency.com> wrote:
>>>> Using something far more simple and ditching USB keeps the  
>>>> latency low
>>>> and predictable.
>>>
>>> If this is a proposal for an attack in random persons in the same  
>>> shop as
>>> the crooks [you need one behind the till, and another out  
>>> scouting for
>>> cards] (I think that's how it was supposed to play out) then  
>>> you'd need
>>> something a bit more physically elegant than a laptop to be  
>>> pressing up
>>> against the victims. So you'd suggest some sort of custom  
>>> hardware built
>>> around the chips you mention, and with a fairly high bandwidth RF  
>>> connection
>>> between them?
>>
>> No need for high bandwidth really, it's just when you put a PC and  
>> USB
>> in the way, it's very unpredictable. I can set up a link with low
>> enough latency between two ChipCon SoC systems, and they cost less
>> than £10 each.
>
> So we know how much bandwidth, the article quoted earlier simply  
> said "fast".
>
>> There's no need for massive read distances either. The Touchatag
>> reader I have hear can work with a Oyster card from about 45mm away.
>
> That range isn't consistent with anything quoted so far. Is the  
> Oyster card special (not representative) or has your reader been  
> tweaked?
>
>> People can pickpocket wallets, they can easily get a small reader
>> close enough.
>
> So we should all equip ourselves with a pair of interfering cards?

Yes! There was a seminal article (which I can't quickly find a  
citation for) which posited, and produced, a card which was designed  
to collide with any RFID card.

To explain, RFID cards are supposed to do 'bit by bit' collision; if  
two cards are in the field of a reader they are supposed to co- 
operate, if one forces a 'one' when the other tries to force a 'zero'  
one of them gives way, thus two cards can be in the same RF field but  
only one of them gets read. If you play against the rules you can  
foul the field and ensure that no card is readable.


Ian

More information about the ukcrypto mailing list