Announcement

Collapse
No announcement yet.

credit card companies force mythbusters to can RFID episode

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • credit card companies force mythbusters to can RFID episode

    http://www.engadget.com/2008/09/02/m...ard-company-l/

    http://blog.wired.com/sterling/2008/...-watch-my.html

    [media]http://www.youtube.com/watch?v=-St_ltH90Oc[/media]

  • #2
    Re: credit card companies force mythbusters to can RFID episode

    I love this show, I was wondering why they did not revisit that.



    When the power of love overcomes the love of power, the world will know peace. ~ Jimi Hendrix

    And isn't it a bad thing to be deceived about the truth, and a good thing to know what the truth is? For I assume that by knowing the truth you mean knowing things as they really are. ~ Plato

    Comment


    • #3
      Re: credit card companies force mythbusters to can RFID episode

      while its true this isnt breaking news, it is disturbing none the less. I remember reading something similar at hardocp.com several months if not over a year ago about the same thing. But I believe it was more about passports going to rfid and not credit cards, but its the same technology at play. One thing to keep in mind about RFID tags in credit cards or passports, is the range of the RFID tag. You either have to have direct contact between the tag and a reader or be within a few inches. For some of the guys out here with back wrecking, thick wallets, this may not be as much of an issue. For women that carry such items in either purses or very thick receipt laden wallets, the same holds true. But for those that carry just the thinnest of wallets or a money clip carrying a few bills of currency and a credit card or two in a breast pocket or back pocket(god forbid you do this, your a pickpockets dream) using a rfid reader and bumbping into you, one could get the information off your card or passport rather easily.

      just to point to a couple of sources (please insert http : //, I would include them myself but I cant yet post urls)
      news dot zdnet dot com/2100-1009_22-149117 dot html
      www dot wired dot com/politics/security/news/2007/08/epassport

      |TG-IRR|

      Comment


      • #4
        Re: credit card companies force mythbusters to can RFID episode

        Originally posted by Beinseth View Post
        just to point to a couple of sources (please insert http : //, I would include them myself but I cant yet post urls)
        http://news.zdnet.com/2100-1009_22-149117.html

        http://www.wired.com/politics/securi...7/08/epassport
        You should be able to now!
        Become a supporting member!
        Buy a Tactical Duck!
        Take the world's smallest political quiz! "I was touched by His Noodly Appendage."
        TacticalGamer TX LAN/BBQ Veteran:

        Comment


        • #5
          Re: credit card companies force mythbusters to can RFID episode

          Follow-up:

          http://www.engadget.com/2008/09/04/a...-change-his-s/
          In game handle: Steel Scion
          sigpic

          Comment


          • #6
            Re: credit card companies force mythbusters to can RFID episode

            Originally posted by Beinseth View Post
            while its true this isnt breaking news, it is disturbing none the less. I remember reading something similar at hardocp.com several months if not over a year ago about the same thing. But I believe it was more about passports going to rfid and not credit cards, but its the same technology at play. One thing to keep in mind about RFID tags in credit cards or passports, is the range of the RFID tag. You either have to have direct contact between the tag and a reader or be within a few inches.
            This is not necessarily true. In the case of passports, if the passport is even *slightly* open it can be read from quite a long distance away. In fact, I saw this at work two years ago at Black Hat. The shielding in the cover of the US passport works against you unless the passport is FULLY closed.

            As far as credit cards go. There are two basic types of RFID; active and passive. Active RFID is what you see in the vehicle-mounted "speedpass" type toll systems. There is a battery and active amplification in the unit and it can transmit considerable distances. Passive RFID is what you see in credit cards, access control systems, passports, etc. Passive RFID draws power from a magnetic field formed in the antenna coil when it is passed within range of an appropriate reader. Passive RFID *can* be read up to a few feet away with the right equipment.

            I built a rig a year ago for a security job I was doing that consisted of a PDA, RFID reader attachment, and an external coil antenna with a lead long enough for it to run down my sleeve near the palm of my hand. This rig was used to record RFID data off user access cards and then replay the information back to a genuine reader to allow me access into controlled areas of a building. I was getting successful reads from almost 2' away and the rig wasn't tuned as good as it could have been.

            Personally, considering some of the work I have done with bypassing, cloning, and otherwise mucking with RFID, I destroy the RFID tags inside my credit cards with a small home-made EMP generator. HINT: One method of building them requires a simple disposable camera. But beware, they can be DANGEROUS! You're dealing with high voltage that can be potentially lethal as well as a device that can fry any electronic circuitry in very close proximity.
            Diplomacy is the art of saying "good doggie" while looking for a bigger stick.

            Comment


            • #7
              Re: credit card companies force mythbusters to can RFID episode

              Originally posted by Apophis View Post
              This is not necessarily true. In the case of passports, if the passport is even *slightly* open it can be read from quite a long distance away. In fact, I saw this at work two years ago at Black Hat. The shielding in the cover of the US passport works against you unless the passport is FULLY closed.

              As far as credit cards go. There are two basic types of RFID; active and passive. Active RFID is what you see in the vehicle-mounted "speedpass" type toll systems. There is a battery and active amplification in the unit and it can transmit considerable distances. Passive RFID is what you see in credit cards, access control systems, passports, etc. Passive RFID draws power from a magnetic field formed in the antenna coil when it is passed within range of an appropriate reader. Passive RFID *can* be read up to a few feet away with the right equipment.

              I built a rig a year ago for a security job I was doing that consisted of a PDA, RFID reader attachment, and an external coil antenna with a lead long enough for it to run down my sleeve near the palm of my hand. This rig was used to record RFID data off user access cards and then replay the information back to a genuine reader to allow me access into controlled areas of a building. I was getting successful reads from almost 2' away and the rig wasn't tuned as good as it could have been.

              Personally, considering some of the work I have done with bypassing, cloning, and otherwise mucking with RFID, I destroy the RFID tags inside my credit cards with a small home-made EMP generator. HINT: One method of building them requires a simple disposable camera. But beware, they can be DANGEROUS! You're dealing with high voltage that can be potentially lethal as well as a device that can fry any electronic circuitry in very close proximity.
              Guide pls.

              Comment


              • #8
                Re: credit card companies force mythbusters to can RFID episode

                RFID was designed and developed for asset/inventory management. Period. It should have never found its way into any form of credit/money/identity transactions.

                Comment


                • #9
                  Re: credit card companies force mythbusters to can RFID episode

                  Not RFID, but this reminds me of successes at sniffing Bluetooth at over 1 mile:

                  http://www.wired.com/politics/securi.../2004/08/64463
                  http://gizmodo.com/archives/bluesnip...its-019037.php

                  Check out the photos there of the BlueSniper Rifle.
                  Dude, seriously, WHAT handkerchief?

                  snooggums' density principal: "The more dense a population, the more dense a population."

                  Iliana: "You're a great friend but if we're ever chased by zombies I'm tripping you."

                  Comment


                  • #10
                    Re: credit card companies force mythbusters to can RFID episode

                    Originally posted by Apophis View Post
                    I destroy the RFID tags inside my credit cards with a small home-made EMP generator. HINT: One method of building them requires a simple disposable camera. But beware, they can be DANGEROUS! You're dealing with high voltage that can be potentially lethal as well as a device that can fry any electronic circuitry in very close proximity.
                    Bump for a guide :-p Google told me nothing of this sort.

                    I'm guessing it involves using the flash charge that I used to taze my friends back in high school with :-D.

                    Comment


                    • #11
                      Re: credit card companies force mythbusters to can RFID episode

                      I would like to see a guide or a link to one as well.
                      ~~ Veritas simplex oratio est ~~
                      No matter how far a wizard goes, he will always come back for his hat. --T. Pratchett

                      <---- You know you're getting old when you rely on your forum meta-data to remind you how old you are.

                      Comment


                      • #12
                        Re: credit card companies force mythbusters to can RFID episode

                        seriously you guys couldn't find this using google, I did.

                        http://www.xtremepc.org/forum/showthread.php?p=19882
                        Big-eye101: "A true catman post a day keeps the bad mood away"

                        Please do not take any posts made by Catman seriously. If you begin to take his posts seriously, please seek psychiatric attention.

                        Comment


                        • #13
                          Re: credit card companies force mythbusters to can RFID episode

                          Originally Posted by draeh
                          RFID was designed and developed for asset/inventory management. Period. It should have never found its way into any form of credit/money/identity transactions.
                          Classic mission creep. Remember US SSN original purpose?


                          Comment


                          • #14
                            Re: credit card companies force mythbusters to can RFID episode

                            Originally posted by draeh View Post
                            RFID was designed and developed for asset/inventory management. Period. It should have never found its way into any form of credit/money/identity transactions.
                            What a product is developed for vs. what it evolves into should not be mutually exclusive. Look at silly putty. Hell, look at the PC sitting on your desktop. Computers were not originally developed to sit on your desk at home to allow you to play video games, but they've evolved into that role.

                            The technology exists to secure RFID to prevent this type of tampering. Even if a company doesn't want to invest in next-generation technology, there are ways of at least providing compensating controls over the existing technology to mitigate risk.
                            Diplomacy is the art of saying "good doggie" while looking for a bigger stick.

                            Comment


                            • #15
                              Re: credit card companies force mythbusters to can RFID episode

                              I hope they at least air that episode on the dvd release of the season.

                              Comment

                              Connect

                              Collapse

                              TeamSpeak 3 Server

                              Collapse

                              Advertisement

                              Collapse

                              Twitter Feed

                              Collapse

                              Working...
                              X