General > General Technical Chat

Credit Card, Bank Card NFC. The most useless function every invented

<< < (10/26) > >>

edtyler:
Sorry, but you are wrong. Cards can be "skimmed" from a relatively long distance. See the presentations at Defcon 2018 and 2019.

The chip feature is relatively more secure and requires physical contact, which will always be more intentional.

ataradov:
Can you name specific presentations?

All I can find are passive relay attacks to extend the range. But ultimately the connection must terminate at the bank.

edtyler:
Replying to both folks that asked for links.

Try using your favorite search engine to look for "defcon nfc hacking". It turned up stuff as far back as 2013. The proxy more is quite interesting, but the presentation I saw in 2019, if I recall correctly, was on a dish type antenna with high gain and a very narrow beamwidth used to activate a specific target.

Of course, there is more to this than simply stimulating the card to provide information. One needs a payment terminal that can be used to submit the fraudulent transactions.

However, simply waving one's hands and saying it "has never been done" does little to prove one's point.

As I said in another reply, if you don't like NFC, drill a small (4mm or so) hole through the card, breaking the antenna trace and the NFC function is disabled forever. If you like NFC and feel there is no problem, good for you.

I agree with the original poster - NFC offers ZERO value to me and pose an additional, unnecessary security risk. An even greater risk is putting all of this stuff on your mobile phone. I hope you never go to Defcon, because i suspect you will be on the "Wall of Sheep" or worse in less than an hour.

Halcyon:

--- Quote from: edtyler on March 05, 2022, 02:19:03 am ---Defcon in 2018 and 2019 had several presentations where NFC cards were read from a distance of > 5 meters.

Are you suggesting that no one would ever attempt to steal money from a gullible hipster carrying NFC enabled cards?

Fortunately, the solution is easy. Simply drill a hole through the card, breaking the NFC antenna and rendering the "feature" inoperative.

--- End quote ---

Reading cards in a lab environment is one thing. Stealing card details to the point where you can use it for payment is entirely different. In Australia, almost all cards have NFC (that's over 50 million debit and credit cards in circulation), yet instances of fraud are lower than they have ever been. It goes to show that the technology is secure and stealing someone's details, especially in public and without being noticed just isn't feasible.

In my profession, part of my job is actually examining electronic devices in instances where card skimming devices have been used. In the last 10 years, I think I've seen maybe 3 or 4 of them and all of them have been designed for use with magnetic cards only. I'm not suggesting that it can't happen, but it would be akin to going to the effort of breaking into a Government building to steal a pen, why the hell would anybody bother? The risk and complexity involved is extremely high for something that has little to no reward.

ataradov:
All you will find are relay attacks. This does extend the range, but assumes that you have a terminal on the other side. You can talk to the card all you want, but you can't perform transactions without having that terminal liked to the bank account. You can risk doing so, and may be find some dodgy bank that won't report you immediately, but the risk is way too high.

But if anyone wants to drill their cards - do it, I don't really care.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod