Here is an open solution that uses the scanner's own power against it. No batteries. Love it!
http://hackaday.com/2016/02/18/guardbunny-active-rfid-protection-going-open-hardware/
Here is an open solution that uses the scanner's own power against it. No batteries. Love it!
http://hackaday.com/2016/02/18/guardbunny-active-rfid-protection-going-open-hardware/
Still a massively over-engineered solution. You just need al-foil
How does the aluminium foil work? Does it need to be a shorted turn? Or don't we really know?
Dave has repeatably said that they need to perform a transaction simply scanning the card won't help them (paraphrasing), however this is entirely incorrect.
You can actually read the credit card number, the expiry date, and a bunch of recent transactions from the card.
Try using an app like this on your phone - https://github.com/devnied/EMV-NFC-Paycard-Enrollment .
Might not sound like enough but you note Dave tapes up the credit card number and expiry so you can't read it, and there's no way you'd post a photo of your card online.
Combine that number, expiry, with the transactions, and a little social engineering - it doesn't take much - and you can convince a phone monkey you need a password reset.
As I understand it, early generation cards gave the card number and name, but newer ones are encrypted?
I've a card issued early this year, the name isn't exposed but the number, expiry, brand (ie, the retailer that I got it through, not just "mastercard") 10 recent transactions (date, time and amount) are all available.
Edit. I don't mean to sound like a paranoid nut, but people have to be aware that there's not only enough information exposed to complete a manual transaction
but that there's enough to start someone down the path of identity theft and I think Dave might have left people feeling a little more secure than they are in reality (having said that, attacks are still amazingly rare considering how many of these cards are in existence.)
Ok, I tried three cards with another app and I got the card number and expiry date. No name. Only one gave a transaction history and card issuer, they other two didn't.
Probably a bit hard without the CVV these days?
And there is likely a reason it's rare, likely because it's not as easy or profitable as you think.
Still a massively over-engineered solution. You just need al-foil
QuoteEdit. I don't mean to sound like a paranoid nut, but people have to be aware that there's not only enough information exposed to complete a manual transaction
Probably a bit hard without the CVV these days?
Concerning the risk : There is a serious security risk. It will get exploited in a short time, don't worry. Or do worry
"L 536" looks like it may be STM8L-series device, their first line is marked as "L xxx". But I can't find which one exactly.
Edit: Although, if there are no exceptions, then the part would be STM8L536, which does not exist.
Concerning the risk : There is a serious security risk. It will get exploited in a short time, don't worry. Or do worry
RFID cards have been around a long time now (like a decade), they are not new. Contactless skimming fraud is pretty minimal after all this time. There must be a reason for this.