How safe is contactless payment? || How does RFID & NFC work? || EB#40

As it's know in the security industry, the S in RFID is for Safety.

mountainpass

I frequently pick up peoples discarded public transit passes, or wristbands from concerts, they contain mifare ultralight tags which can be reprogrammed to perform various tasks on NFC-enabled phones. For example I taped one to my night stand and programmed my phone to enable Do Not Disturb when its detected. Super handy and people just leave them everywhere.

stevediraddo

Your channel has grown alot since I started watching a few years ago. Great work, as always! Your videos are always well made and detailed.

Noksus

Worked in industry with this technology the big thing I took away from it was that cards don't have a rolling transaction number, your phone does thus each transaction on your phone can only be used once per transaction and not duplicated.

SlyerFox

I remember a few years back at work, having to implement the MIFARE DESFire NFC card's instruction set. Was quite interesting to see how advanced they can technically be.

MrZenzio

I follow this Chanel for round 3 years now and the quality of the videos is always incredible high! Thank you for all the time, money and passion you put in our free education ❤️

moritzlaszlo

The short range is not because of the "high frequency", it's because that chips use capacitive coupling. At work I had to do with UHF tags at 868 MHz which have a much higher range because they are using inductive coupling. But please don't ask me for details, I just had to control the reader :)

jago

Didn't mythbusters get in trouble for trying to cover this topic?

UselessDuckCompany

Come on Scott, this is oversimplified. You usually create content with precise info and much more details. Keep up the standard :-)

herczegzsolt

NFC relay attacks are still a thing which can be done against many card variants. You can buy these garage door readers which allow for long distance (like a few feet) reading; I am not sure how to hack one of these things such that a proxmark can use the antenna instead, but it should be possible.

MrGillb

So, this is actually a fun topic, as stated, the nfc cards have chips, though, these chips can come in 2 variants, dumb chips, and smart ones. Bank cards actually use the smart ones which can execute code themselves.


When a card comes in contact with a compliant terminal (lets say a train ticket machine) your bank card will communicate and generate a one-time-use token to authorize the payment.
these payments are often bundled together and then send to your bank for processing, but that's another topic.



In essence this means that even if you could capture the data, the token would be different each time, and because only your bank knows how your card encrypts said token, it'll make finding people who try to pass on those fake codes trivial.


Additionally, these transactions need to be approved by your bank, and this needs to be done on-line, essentially:
1) the transaction + authorization token is send to your bank
2) your bank checks if the token is valid
3) your bank checks the transaction itself and may flag it if it spots something wrong with it (done by complex algorithms)
4) your bank checks the receiving party


This system is by no means perfect, if a person were to steal your card, they could make a few transactions before you'd block if for instance.
BUT, its a lot better than the old mag strip system, where all the data was on the strip, rather than cryptographic ally stored on the card

Nry_Chan

Great video my friend... Nice format!! It allows people that aren't too technical to somewhat understand the tech they use everyday, and the people that are tech savvy can look up the IEEE standards to acquire more information...

I had a professor in college that taught this way.. He called it "The Big Picture".. It allowed us to start thinking about the subject before we fully understood the science behind it.. That way, we weren't 'blindly' learning and it sparked our interest.

AntiNeoFeudalist

both bank (ATM) cards and SIM cards are using same standard and actually are (at very least) similar inside, if not identical
those are not just memories
those are full blown computers inside (granted very embedded, but still computers)
they never give access to what is inside, but rather are used to sing, decrypt and encrypt data

WizardNumberNext

Please make a Video with muscle sensors!

ederedr

Could you make a video about DIY or BUY BMS with balance charging? As always, great video m8!

surfacta

This is amazing timing. I discovered NFC tools TODAY and I ordered RFID reader yesterday for a project me and a couple of friends are commiting to.

I am a little bit dissapointed you didn't cover the difference between the different RFID readers. Please cover this in another video!

AlbiinoBlacksheep

Woah, I would have never thought to "loop" a probe like that.

BartoszBanachewicz

at work i use a handheld rfid machine to scan rfid tags for inventory control, it takes about 10 seconds to scan 200 items and works about 20-30 feet away. none of my current debit/credit cards use rfid now, and only one did before but didn't last long it seems.

aaaaaaaaaassssssssdf

You can also carry two nfc payment cards right up against each other in your wallet, which will confuse the reader.

EkelundDK

The quality of your videos have really raised in the last year or so. WOW...

jenssejerchristiansen