How to pay for stuff without even knowing

[FluffyMcDeath]

Remember cash? All that fiddling about with change and having to think ahead to make sure you got enough out at the bank for what you needed to buy over the next few days? No? OK, maybe you aren't that old. But then we got ATMs so we could take out cash whenever we wanted it so we didn't have to wait for bank hours.

Then there are the credit cards - you could have all the convenience of "credit" t any time which is a lot like money - so much like it that is actually a form of money but it is a form of money that is owned by someone else and you have to pay them to use it. Still, for the convenience it was great and all you had to do was sign your name.

Well, seems that your signature became too insecure. Anyone could scrawl any old line on the slip and it was likely to get accepted (and not all merchants could be bothered with the signature stuff) so along comes the PIN (just like your ATM card). Now you could put your card in the reader and so long as you knew what your PIN was you were set. Other people who found or stole your card wouldn't know your PIN so they couldn't spend your credit.

Now we have gone one more step in technology and your credit card can be read just by tapping it against the reader. I had my first experience of doing this at a fast food place the other day. I tapped the reader and without any further intervention the deal was done. No signature, no PIN, nothing. Now you can pay for things without even knowing you had paid for things.

I toyed for a while about the idea of just tapping strangers pockets with the reader instead of paying from my own card. I wonder if I could get away with it. I probably could and I suspect that there are people who would not have the qualms I have.

BTW - I have an app for my phone that can read RFIDs and credit cards and library books have both worked for me. I haven't tried any new passports yet because I haven't seen any.

But I have also seen apps that seem to be able to do credit card transactions. How long before there is an app that can do transactions by NFC on your phone? It's probably out there already. So what's to stop people charging your card right through your wallet? Not too much as far as I can see except making sure, now more than ever, that you check every line of your bill.

 

[Glaucus]

I must be one of the last to be using an old school credit card without a chip. Which is fine as I get to practice my signature (and I need practice as my penmanship is terrible). I also like to think that because I'm such a small minority and that some times the clerks forget to get my signature that maybe one day I'll get something for free. Not so lucky yet...

Anyway, what's the range of RFID? I'd imagine that the credit cards have a transmitter with a particularly short range. So I guess you could go around slapping your phone onto people's pants or even purses. Doable but also may attract the wrong kind of attention.

 

[cecilia]

RFID is short range...like inches

NFC is what the those new, cool smart phones have. and you have to have the phones REAL close and have the screen unlocked

Samsung just changed the details on their NFC so that Samsung 3, Note2 will not work with Samsung S4 phones or the newer Tiles

 

[FluffyMcDeath]

Anyway, what's the range of RFID?

It depends on the devices involved. My phone can only read my credit card within 1/2 inch but it s possible to create readers that can operate over greater range. My phone needs to be within 1/2 inch of my library book's chip to read it, but the scanner at the library door is walk through. Those readers can also read credit cards.

In the article the customer cards were getting scanned much further from the reader than anyone thought they would.

 

[faethor]

I'd think busy cities, community outings, etc. will be places that credit card theft will be ripe. I'd think a RFID card reader theft device could be made fairly small, easily hid. Even if one can't get a foot away just 'accidentally' bump into someone's back pocket. In ye olden days one could pick the pocket and remove the wallet, often without the victim knowing. In the electronic world, it'll be even easier.

 

[ilwrath]

I'd think busy cities, community outings, etc. will be places that credit card theft will be ripe. I'd think a RFID card reader theft device could be made fairly small, easily hid. Even if one can't get a foot away just 'accidentally' bump into someone's back pocket. In ye olden days one could pick the pocket and remove the wallet, often without the victim knowing. In the electronic world, it'll be even easier.

For sure, right? Any place that is crowded would be easy pickin's. A busy store in an upscale mall would be a prime place accidentally bump into a few people without raising a single suspicion.

There are already RF protecting sleeves on the market. I would be interested in seeing a good roundup on how well they work against stronger readers.

I haven't tried any, yet, as the only RFID cards I've obtained so far are door access. The credit card variants don't seem to be very popular yet in the US.

 

[cecilia]

btw, if you are interested here's Things to scan with your NFC Phone

 

[faethor]

For sure, right? Any place that is crowded would be easy pickin's. A busy store in an upscale mall would be a prime place accidentally bump into a few people without raising a single suspicion.

This gives me a Halloween idea. Gut and replace the innards of a wand. Dress up as a TSA Agent and ...

There are already RF protecting sleeves on the market. I would be interested in seeing a good roundup on how well they work against stronger readers.

I haven't tried it yet but supposedly a thin piece of metal placed over the RFID chip then struck will smash them, rending them useless. For example, use a hacksaw blade or tip of flat screwdriver and strike with a hammer. If you're one to never want to use RFID, might as well render it useless.

I bet stealing Fluffy's aluminum foil hat, tearing off a bit, and wrapping the card inside would work.

 

[Glaucus]

I bet stealing Fluffy's aluminum foil hat, tearing off a bit, and wrapping the card inside would work.

It might but I don't think he'd appreciate you spreading that little secret around until he's perfected his credit card stealing Android app that he'll never release on Google Play.

 

[FluffyMcDeath]

It might but I don't think he'd appreciate you spreading that little secret around until he's perfected his credit card stealing Android app that he'll never release on Google Play.

Well, I know a little bit of thin aluminum really degrades the signal quite a lot. I bought a cell phone cover that had a bit of brushed aluminum on the back and for a while I thought that my NFC didn't work. I ended up ripping the aluminum off and now my battery life and reception are also better.

When I bought it was because it looked OK and I assumed that I maybe didn't understand cell phone RF and the manufacturers knew what they were doing.

 

[FluffyMcDeath]

I've only had my card for a month but they seem to have been around for a while and I'm not alone in thinking they might be a dumb idea but other people have been a bit more sophisticated and ambitious in testing the idea out.

 

[Glaucus]

When I bought it was because it looked OK and I assumed that I maybe didn't understand cell phone RF and the manufacturers knew what they were doing.

It seems to be a common mistake. I think marketing or the designers sometimes trump the egnineers. My ASUS TF201 has an all aluminum back cover. Looks great, feels great, totally sucks for signal strength. To compensate they added two powerful wifi antennas on the back which gives it an average wifi signal quality. However, they didn't do that with the gps module and the tablet has never been able to lock on to the gps signals. At least ASUS was nice enough to acknowledge that by shipping to all the TF201 customers a free gps dongle, which is of course, wrapped in plastic. The TF300 and TF700 have a mostly plastic back cover. Lesson learned I guess.

 

[Glaucus]

Fluffy, here's another feature to add to your RFID hacking app:

After burglaries, mystery car unlocking device has police stumped

It seems the thieves used some device to unlock locked cars with the press of a button. Police say they are stumped, but one theory is they used an RFID repeater on steroids to send a powerful signal to the RFID key inside the house and then to repeat it towards the car - which then thinks the key is inside the car. Now I'm kinda happy that my Murano doesn't have that feature!

 

[ilwrath]

[...]to send a powerful signal to the RFID key inside the house[...]

I don't see how you'd get enough power to do that. That is a freakin' serious distance, and likely through multiple walls. Color me HIGHLY SKEPTICAL until I see someone get a reader that works for more than a handful of feet without obstructions.

If they are using the RFID attack method, I'd find it much more likely that someone figured out a clever way to limit the keyspace of the RFID tags used, and devised a small brute-force hacker.

Only other thing I can think of is you might be able to induction charge the solenoid that unlocks the door. But I'd think that as soon as you open the passenger door without an all clear on the alarm, it would activate, right?

 

[FluffyMcDeath]

I doubt that they are getting the key from the house. One of the guys is trying cars on the street. Maybe he's just checking for unlocked vehicles, maybe he's using his gadget. They don't seem to take any time to check for vehicle identification or get the VIN so it's not like they have a way for deriving keys from that sort of info. Because they are trying street vehicles I don't think they rely on a nearby key. They wait after they get their hands on the door. Maybe they do a manual check to see if they need to use the gadget but even so the delay seems a bit long.

It does look a bit more brute force, but it may be a small key set. It may be that some master keys have leaked out so it would be a very small key space. I suppose it also might be possible to gather local keys by setting up a scanner somewhere and then just using the keys you collect and trying them all in neighbourhood locks.

--

Now that I've read the article I'm not so sure. Perhaps there is some bad maths in the key technology, something up with the encryption or the key rolling algorithm that makes things far more predictable than the fob designers thought.

 

[Glaucus]

Only other thing I can think of is you might be able to induction charge the solenoid that unlocks the door. But I'd think that as soon as you open the passenger door without an all clear on the alarm, it would activate, right?

Generally, that's how it works. The alarm is in fact reading the dome light switch. Open the door turns on the dome light and that tips off the alarm that something is wrong. That's aftermarket alarms, factory ones can probably get readings directly from the door itself which doesn't really make it any easier. Anyway, the dome light goes on BEFORE they open the door, which tells me the alarm (or whatever) has 1) unlocked the door and 2) turned on the dome courtesy lights. They're talking straight to the "brains" there.

From what I know of brute force attacks is that they take time. These guys took under a second to unlock it. Security by entropy is time stamped, but I doubt it's that bad.

A weakness in a particular security system would make sense but that would most likely affect certain vehicles of a particular manufacturer, possibly a particular model and vintage. These guys are trying it on anything with 4 wheels.

As for the distance for an RFID, well, just how far do you think it is? In modern day homes the garage is in the front or the side due to people's hate-on for back lanes (I love back lanes and think having a garage in the front is tres-stupid, but that's just me). Anyway, so the cars are parked on the driveway and the front door is right next to them. Most people probably leave their keys by that very same door. Distance to car? Probably less than 5 meters. And modern homes like to place a lot of glass either in the door or around it, plus the front of the house tends to have huge windows as well. So the reality is the distance isn't that huge and the obstructions are few. Would an RFID attack work all the time? Nope, but for the time it would take, trying it on every car on a block shortly after midnight might be rewarding enough that you could still make the bar before last call.