General > General Technical Chat
Credit Card, Bank Card NFC. The most useless function every invented
Berni:
--- Quote from: austfox on March 05, 2022, 09:46:20 am ---I realise NFC via phones are active, and hence can have a 'rolling code', but wouldn't a passive card always have the same code?
--- End quote ---
Even if the NFC card is emitting sending a fixed sequence you still need electronics to create the sequence and send it back. So you need digital logic and circuitry to extract power from the NFC field anyway. Once you have that you can power any sufficiently low power digital circuitry. So this way you can have pretty much all of the functionality of a gold contact smart card chip, just that the communication method is different.
A lot of people also don't know that these SmartCards used in bank cards, satelite TV cards, cellular SIM cards are all a common interface and contain tiny microcontrollers with firmware inside. This rarely does anything more than store data and do a bit of cryptography, but some SIM cards from certain carriers do actually have software functionality built in (phones typically used to show this as the "SIM Menu" where the items on the menu are actually "functions" inside the SIM firmware)
PlainName:
--- Quote ---Try using your favorite search engine to look for "defcon nfc hacking". It turned up stuff as far back as 2013.
--- End quote ---
Or, since you're the one pushing this stuff, you could just supply a link to the exact thing you're talking about, saving potentially hours of finding many of the wrong thing.
There is an actual link somewhere, isn't there?
SL4P:
Easy solution, my NFC cards are only linked to accounts that have my ‘transaction funds’ typically less than $300-300 at a time.
SMH, but I won’t die because of it.
m98:
To everyone trying to mutilate their card, you can most likely just deauthorise NFC payments in your online banking/bank app. If it's on your smartphone, you can even simply turn NFC on and off as you need.
Relay attacks, as risky as they are for a criminal because payment service providers virtually x-ray their clients, are also soon going to become impossible by distance-bounding protocols.
tooki:
--- Quote from: austfox on March 05, 2022, 09:46:20 am ---
--- Quote from: BradC on March 03, 2022, 09:10:18 am ---
--- Quote from: SmallCog on March 02, 2022, 03:08:22 am ---The device "skims" the card and can be used once only due to a "rolling code" (it's a bit more complex). Any transaction in Australia >= $100 requires a PIN. So the skim can be used once for a transaction < $100 and only if the card holder hasn't used the card between the skim and the attempt.
--- End quote ---
--- End quote ---
I realise NFC via phones are active, and hence can have a 'rolling code', but wouldn't a passive card always have the same code?
--- End quote ---
The thing people don’t know about the chips (both of them, for electrical and NFC) is that they aren’t little memory cards, they’re actually cryptographic processors. So it’s not simply a matter of replaying a transaction.
But indeed, Apple Pay is apparently even more secure than the card’s own NFC (according to various sources, including the head of security at a credit union I spoke to). (I don’t know anything about Samsung Pay so I can’t comment on its relative security.)
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version