Range extending RFID in your credit card

Discussion in 'Electronics & Electrics' started by Foliage, Feb 14, 2015.

  1. Foliage

    Foliage Member

    Joined:
    Jan 22, 2002
    Messages:
    32,058
    Location:
    Sleepwithyourdadelaide
    I just had a thought today, what is stopping someone building a range extender that effectively boosts the range of an RFID chip, eg by effectively repeating the signal of a POS CC reader to a card in someone elses pocket?

    The reason I'm curious is this bypasses all of encryption and you don't need to copy or crack anything, all you need to do is effectively build an RFID repeater. Copying cards remotely is quite difficult now due to the token systems they use so they are safe in this regard, but I can't see any way to defeat a range extender.

    Obviously such a repeater would be huge due to the power requirements, but it isn't infeasible to fit it in a backpack. Is there any good reason why criminals haven't done things like this?
     
    Last edited: Feb 14, 2015
  2. v81

    v81 Member

    Joined:
    Jan 31, 2005
    Messages:
    636
    Location:
    SE Vic
    There is a security vid regarding remote (several meter range) reading credit cards.
    It has been proven and works.
    I'll have another look for it and post a link if i find it.

    ::edit::
    wrong video
     
    Last edited: Feb 14, 2015
  3. v81

    v81 Member

    Joined:
    Jan 31, 2005
    Messages:
    636
    Location:
    SE Vic
    Sorry, this is the one...
     
  4. @rt

    @rt Member

    Joined:
    Nov 30, 2005
    Messages:
    2,319
    There was a lecture on YouTube where they gave away metallic card pockets to
    every attendee after demonstrating a bunch of security holes in things.
     
  5. OP
    OP
    Foliage

    Foliage Member

    Joined:
    Jan 22, 2002
    Messages:
    32,058
    Location:
    Sleepwithyourdadelaide
    I will have to watch the video above, it was my understanding that the latest encryption made it very difficult to crack these but it sounds like I was wrong.
     
  6. Luke212

    Luke212 Member

    Joined:
    Feb 26, 2003
    Messages:
    9,451
    Location:
    Sydney
    anything over $100 requires a pin. it would have to happen a few times before i would give much of a damn.

    also that vid doesnt work?
     
  7. OP
    OP
    Foliage

    Foliage Member

    Joined:
    Jan 22, 2002
    Messages:
    32,058
    Location:
    Sleepwithyourdadelaide
    Even with the $100 limitation you could easily steal several thousands a day if it worked though.
     
  8. Luke212

    Luke212 Member

    Joined:
    Feb 26, 2003
    Messages:
    9,451
    Location:
    Sydney
    well, the big problem (albeit i havent watched the vids) is wouldnt you need to have an active paywave vendor account to deposit the funds? you would definitely be found out if thats the case.
     
  9. RobRoySyd

    RobRoySyd Member

    Joined:
    Jan 24, 2008
    Messages:
    7,943
    Location:
    Sydney
    You could clone someone's card and use that to buy goods. Problem is you could only do that over a limited geographic area or you'll trigger an alarm in the bank's system.
     
  10. Luke212

    Luke212 Member

    Joined:
    Feb 26, 2003
    Messages:
    9,451
    Location:
    Sydney
    so it is just a single complete signature being broadcast. that is interesting. i see the problem.
     
  11. OP
    OP
    Foliage

    Foliage Member

    Joined:
    Jan 22, 2002
    Messages:
    32,058
    Location:
    Sleepwithyourdadelaide
    Range extender means you steal a different card every single time as they have to be within 2 meters of you, eg your avoid that problem. You just got to 10 different shops and buy $100 worth with whoever is unlucky enough to be standing next to you.
     
  12. OP
    OP
    Foliage

    Foliage Member

    Joined:
    Jan 22, 2002
    Messages:
    32,058
    Location:
    Sleepwithyourdadelaide
    That isn't what is happening, there is complex non repeatable hand shaking going on, just still don't understand how a card can be copied without physical access to it, I don't think it is possible to clone it over rfid.
     
  13. luke o

    luke o Member

    Joined:
    Jun 15, 2003
    Messages:
    3,482
    Location:
    WA
    You can buy RFID chips and readers off eBay and use them for home automation projects etc.

    RFID isn't just one standard, there are dozens and dozens of protocols out there. The main thing that stops it all just falling apart is encryption.

    On Android there are a RFID reader apps (TagInfo), if you have a smart phone with NFC you can have fun reading all the cards you own. I have a Note 4, it works a treat. I can tap any card to my phone and read everything about it.

    For example the IC Manufacturer, like Infineon, Card OS Type Gemalto TOP, Application Information Global Platform card manager present, Label Mastercard... and a dozen other bits and pieces. Most of it a giant encrypted blob. Essentially a key transaction system like PGP, only the private key isn't kept anywhere on the card and a serious of encrypted challenges/handshakes stop you even reading the public key.

    I wanted to clone my cards but it just isn't possible yet. It doesn't matter if you build a big long range card reader and read everyone's cards you can't replicate the handshake, you can't send the right bits at the right time, therefore the data is useless to you.
     
  14. Renza

    Renza Member

    Joined:
    Dec 1, 2004
    Messages:
    4,661
    Location:
    Melbourne
    I believe the OPs idea is to boost/repeat the signal of the contactless reader itself and use someone elses card at the point of sale, not saving it for future use.
     
  15. Luke212

    Luke212 Member

    Joined:
    Feb 26, 2003
    Messages:
    9,451
    Location:
    Sydney
    right, and my point was that if you have a reader, you also need a paywave vendor account to transfer the money. so its traceable by authorities.

    so long as there is the ability to handshake (and i am surprised that these little chips can do this. might be a good read. how do they get their power, is there a processor, etc... ), you will never be able to use the signal you pick up to mimic the card in future transactions. its like SSL on your browser. even if you intercept someones SSL transmission, you cant use it for anything useful.
     
    Last edited: Feb 18, 2015
  16. @rt

    @rt Member

    Joined:
    Nov 30, 2005
    Messages:
    2,319
    The card software doesn’t always have to be read, there is equally useful
    information in the software talking to the card (wherever that exists geographically).

    Timing might matter.. you might not have time to receive and retransmit any packet before the reply is useless,
    and if you try to repeat live on the same freq, how do you simultaneously rx & tx with the repeater?
     
  17. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    11,683
    Location:
    Canberra
    You might want to do some research. the RFID chips range from the very dumb - just returning their unique ID number. Through to chips that can process asymmetric encryption - do the public/private handshakes we're talking about for paywave cards. And various levels of 'smart' (and cost/security) in between.


    They get their power from the 'reader' over the radio waves. It's not much, but enough to do some pretty complex work, not quickly - why it takes a second or two for a paywave transaction to work.
     
  18. OP
    OP
    Foliage

    Foliage Member

    Joined:
    Jan 22, 2002
    Messages:
    32,058
    Location:
    Sleepwithyourdadelaide
    You seem confused, I'm not suggesting you steal the card you simply range extend it and steal a different card every single time, eg whoever is standing next to you, as soon as they walk more than a few meters away you can no longer use their card.

    The devices are passive and get their power from the reader, that is why range extending is difficult as you essentially need a huge coil in your backpack.

    You don't need to be a vender as you walk into coles, buy $100 worth of stuff, turn on your range extender and let the card swipe machine bill whoever is closest. What I'm asking is why hasn't this been done, it seems like a big flaw and one that is close to impossible to protect against.
     
    Last edited: Feb 18, 2015
  19. @rt

    @rt Member

    Joined:
    Nov 30, 2005
    Messages:
    2,319
    You also look like a sap if you swipe your dummy card and no-one is close enough,
    or if two cards are within range of the extender.
    but I still don’t understand how you get to receive from the POS unit and transmit to a card at once.
     
  20. Luke212

    Luke212 Member

    Joined:
    Feb 26, 2003
    Messages:
    9,451
    Location:
    Sydney
    ok so it comes time for you to pay. they switch on the paywave reader. how do you communicate with the reader? do you have a modified card with a wire that runs up your arm to your backpack? :lol: or is it just a piece of plastic that looks like a card, and the backpack communicates with the reader?

    reader => dummy card => wire => backpack => someone elses card

    then how does the data get back from the other persons card back to the backpack => wire => dummy card => reader
     
    Last edited: Feb 18, 2015

Share This Page