Saturday, 28 November 2020

EEVblog #889 – Credit Card RFID/NFC Theft Protection Tested

EEVblog #889 – Credit Card RFID/NFC Theft Protection Tested
28 Aug

Hey! You certainly associate modern payment cards, like this one with a built-in RFID chip, or, as we say in Australia, "tap and go" In other countries they can talk about it differently (in Poland: contactless / non-contact cards)

There is really an identification system operating on radio frequencies and RFID system And no, this is not the element This is a security chip, something with a PIN number What we're talking about is somewhere else on the card It occurs under various names, It can be Visa PayWave or MasterCard PayPass, or various other names, depending on the provider

But they all work in the same RFID technology You can simply use the payment card in such a way that that you just "touch and go", as the name suggests You just touch the reader with the card, just like that If you have a reader, you can do so You hold for one or two seconds and you have already paid for the transaction Up to 100 dollars, at least in Australia (in Poland the limits are usually much lower) You do not have to enter your PIN number you do not have to insert the card, you do not have to drag it anywhere, nothing like that You touch and go

Beautiful! But it is not so that you can not attach to security And it interested me, because because Mrs EEVBlog has a new purse The Gianotti brand, for those interested And it was in the set Look! "RFID blocking technology" "To help you protect your payment cards against identity theft, Y & K Sandler now uses data locking technology

"(Most cards do not store unencrypted data anymore, probably the earliest ones did) "This bag or backpack is hidden (most cards do not store unencrypted data anymore, probably the earliest ones did) protective RFID material (passports also contain RFID chips) inside the payment card pocket, (passports also contain RFID chips) which blocks the operation of illegal scanners (passports also contain RFID chips) and helps protect against theft of data and identity " Fantastic! But does it really work? Let's see! Let's talk briefly about the RFID technology we have here In fact, there is a coil all around the card, which, contrary to popular beliefs, does not play the role of an antenna This is not a radio system The term RFID is somewhat misleading here

(although the frequency is of course radio) It really works like a transformer (although the frequency is of course radio) How do you look at another card (though the frequency is of course radio) We really see a coil here (although the frequency is of course radio) Look! He goes around here The right layout must be built somewhere inside, I'm not sure where he sits Does not matter You can see that there are several windings leading around Exactly – it works like a transformer, just like that Let's go to DaveCAD

This is the receiving part It can be a phone, as we will do today, it can be a real device in a supermarket or on a bus, to which you can bring the card closer and make a payment, or it can be a skimming device, with which someone can go near you and if it's close enough, can, in fact, potentially get the details of your card and make a transaction with your card They can not really get information from your card (it's supposed to be encrypted, but there are different systems) but they can make a real transaction, (it's supposed to be encrypted, but there are different systems) as I said, up to $ 100 (in Australia) (apparently it's encrypted, but there are different systems) In any case, it is a receiver (apparently it's encrypted, but there are different systems) The receiver generates a constant sine wave with a frequency of 13 MHz, or rather a sine-wave package of 13

56 MHz This is a transformer-based system The coil inside the payment card it is a transformer secondary winding So even though it's called RFID, because the radio is used in some other variants, it really is a normal transformer based on magnetic field And the layout inside the payment card it is powered from this coil

So if the coils get close enough, (there is a small rectifier inside, here it is all very simplified) that's how it works The coil supplies energy to power the integrated circuit And the system controls the transistor, which modulates the load on the secondary side And thanks to the action of the transformer, the magnetic field, we obtain modulation on the primary side (in the reader) The card is sent, as we will see in a moment, data packet 13

56 MHz, and now, if the chip is fine, the protocols match, and everything else, the circuit with the transistor will load this coil, and modulation will appear In the case of the ISO14443 protocol, which we are talking about here, which is used in this type of modern payment cards, the amplitude modulation and the frequency of 8475 kHz will be used And then the reader can read the data Communication and transmission of information is possible

Easy But the important thing here is that it is not a radio system These are not antennas, it's a transformer, works on the principle of a magnetic field, not electromagnetic So I'm taking a modern smartphone, and I use it, here's the NFC reader, it has the NFC function 13

56 MHz There are different frequencies for different RFID systems, but payment cards use 1356 MHz and modern smartphones too At least I do not associate any smartphone that would support other frequencies In any case, we can use it This is the app from Research Lab Hagenberg, a free application for reading data from these cards

We can save your tag Now reads the tag in a literal moment

New tag detected and we already have it We read all the information from the card

Of course, I can not withdraw money from them, because I do not have the possibility to make transactions but criminals, potentially, can I will not go into the details of the tag, I could share some information from the card, but you can download binary data (hex dump) from the card, and everything at all And they do not have to touch each other, they may be some distance from each other, but the distance is limited due to losses on the transformer Because it's quite a bad transformer, with the air core So this is the concept of these bags, you can also buy such wallets, with this RFID protection technology, and does it work? I do not necessarily doubt it, it's not really hard to get something like that, but, as I say, this is not a Faraday cage problem, it's not a radio this is a magnetic field

So ideally what we need is so-called mu-metal, which really is a screen for the magnetic field Take something like this, for example, cast aluminum housing, something like this is used to protect electronics from electromagnetic interference, right? This is, of course, very effective on the electromagnetic field, but not quite on the magnetic field The problem with the magnetic field is in this that cast aluminum, aluminum foil, or anything like that, works decently at high frequencies, but at low frequencies, low frequency magnetic fields, it does not stop the magnetic field so effectively The good news is that these cards operate on the 13

56 MHz frequency, and cast aluminum or foil should be checked at such high frequencies Despite the fact that at low frequencies even something so thick it would be good for anything when it comes to shielding magnetic fields So instead of having fun, let's try it! Put the card in the outer compartment of the bag, and Scanned Please, no problem This bag does not work, when it comes to the outer pocket But Nobody says that he has to do it If we come back and read what's written in fine print, the protective material is only in the payment card slot! Only in the card pocket! So the rest of the bag, if you have a card in your wallet, inside the bag, but not in the payment card slot, you do not have any protection at all When you look inside this bag, it looks somehow magnetic, but how do you put the card into any compartment in here, or, as we have seen, to the outer pocket, then he does absolutely nothing, in addition to obtaining additional losses on the transformer by increasing the physical distance The card must be placed right here

AND I'm not sure if you hear it but to the touch this part is different As if some metal foil if something like that was in this pocket So let's put in a card there, okay? And let's try to read it Please, outside the bag, exactly like that

and, as you can see, it does not scan at all So it works! And it is not very surprising, there is no magic in it, but how do I put it in this other compartment, here, and I will try to read it, easily goes through many layers of the bag without any problem So it works only if you put it in this particular compartment

So it will protect you from a small, simple phone, but what if criminals have some super high power transmitter / receiver, who can create a stronger magnetic field and read the data? How effective can it be? So we can actually check it, make quantitative measurements, using a probe to measure a near magnetic field In English "H-probe", because it is a magnetic field, it's not an electric field probe, only to the magnetic field You've already seen it in earlier movies The magnetic field, because you can see the coil We can plug it in between the card and the phone, collect the magnetic field and we'll see everything on the oscilloscope! Beautiful! And you do not have to buy these expensive super-bags or wallets at all, you can just use aluminum foil

A popular trick you can see on the Internet So let's check if we can read the tag now We can not! Even one layer of aluminum foil it's more than needed! If I pull it out now, reads without any problems! So even a single layer of aluminum foil enough to suppress it, even though the magnetic field, as you will see in a moment, it really goes through this foil But it suppresses the signal enough to create a data reading problem And there is a myth here that if you have two payment cards in your wallet, in close proximity or rear-facing each other, they will either be reduced or disrupt each other and you will not be able to read the data

And you will be completely safe You do not need absolutely any shielding So this is not entirely true because the ISO14443 standard, which defines the protocol and everything that has to do with this RFID technology, it really is to prevent collisions as part of the protocol for both Type A and Type B cards So, thankfully, perhaps It can make me an idiot No, we have it, a new tag detected

So you can hit the point where they actually interfere with each other, and it's a problem but you can still do it Have you seen We could really

Please We can read this without any problem So that's no protection

Myth overthrown So let's use our probe for the magnetic field, which has a frequency response from kilohertz to a few gigahertz, so it should read 1356 MHz without any problem Let's put it here in the back and we'll see that, when you turn on the NFC in your phone, he is reading all the time It sends these packages periodically, just like that, trying to wake up the card, whatever is nearby, to send a code to start it, and look for a returning modulation

And when we use "single shot capture" and look at the details, you'll see that it's basically it is, 1355 13

56 MHz! This is our carrier, and it has a sinusoidal waveform So, put the card behind the phone And let's see what's happening

when I place it there You should see modulation! Let's try to capture it And I'll see that it's still in a high state now, until the card is in range If we take her back, it's like that I wrote some data here and you see that before the trigger point (here is our 1356 MHz) in fact, the level drops to zero

This is what our receiver really does, or in this case, a transmitter And we have data of different types How do we look here and look, we'll see that this is the return data, returning from the card itself And this is amplitude modulated data We can look here It is simply amplitude modulated So really this signal is modulated by the payment card, which turns on the transistor, which in turn loads the coil, and modulates data, at what frequency? Measure the! Using the cursors, we can read 14746 kHz! Exactly what was supposed to be the frequency of modulation Because the ISO standard is exactly what it is Now, how do you look at the distance between the card and the phone, just like that, on the oscilloscope I have 200 mV per plot, we will be able to see the difference in amplitudes, Now they are distant from each other, the distance is relatively large, we can see something now

The amplitude is obviously low, but even for such a distance It's not enough to connect to the card, but if we had a reader with more power, you know how a criminal is you have radio devices with more power, how is it going to read other people's cards, this can also be done over a longer distance Now let's try with foil

Now I am on 10 mV per plot Absolute value, just a comparison with 200 mV per plot I can catch something But of course, when I take away the foil readings go out of scale We have it Now I have a card in a screened pocket I'm sticking a probe there and we check

We are still catching something at 50 mV per plot, but but the signal is very weak You need to have a transmitter with much more power, to create a much stronger magnetic field, than this phone can generate, to deal with it

I suppose So it's not 100% safe, but I think that should be enough I think that this type of screened bags and wallets they will fulfill their role And if you wonder what about the aluminum housing, this is how it looks at 2 mV per plot Have we caught anything? No, I moved something

It will be quite effective As expected But the magnetic field is not 100% With the intensity of the field we're talking about here, with RFID technology at this frequency, it works I want to check if we can make it growing magnetic field when we approach it

I'll capture it with "single shot capture" I do not think we have big chances It makes sense Please, we're starting here, you can see that getting bigger and bigger, but the cards were not close enough to actually send data For the protocol to work, the NFC module would get along with the card until it gets closer to a very short distance, an inch or something I hope it was interesting

Do you believe it or not? that you are at risk walking with no public view payment cards in the wallet, the chances are minimal, that someone would be able to rob you, but they do not have to pass right next to you, they can put it eg in the door frame, so that if you go through, you'll get everything, they can just conjugate magnetic fields as you pass, and there are many other ways But they must carry out the transaction, it is not that the money just disappears magically from your account It must be a transaction So it's not 100% safe technology, but we confirmed that these bags and probably also wallets they probably have aluminum foil there And aluminum foil actually works quite well here, even one layer of foil it will protect your cards pretty well

So if you have paranoia at this point, do not put it on your head, just put it in your wallet See you next time! Hey! It's Teardown Tuesday again! This time we have something a little different, Brauna electric toothbrush You've seen it put on the charger, wireless energy transmission for charging the internal battery! We will choose inside and watch it! Not only what's inside the brush, but also inside the chargers! Look! This might be interesting Mom, the level falls, and how do you take another one, falls again, but really

« »

Related Articles