Forums Forums Wirral Information Law And Your Rights : New way of STEALING...

The mass introduction of this type of card will make that even harder.

RFID's ability to be read from a distance, no matter how short, must be very tempting to those with the knowledge and the technology.

So what your saying is that we can all get stung without even knowing It? Very worrying!

They used guest memberships to get in.

surprisingly they started sell ing better padlocks. Yes... Selling!

When my card was "done" in Shanghai it never left my sight. I made sure of that. I presume the card reader machine had been "fixed" to copy details.

Snod

The RFID cards will be the next big scam, you just force the card to send you data (and you can carry the equipment to do that in your bag or your pocket) then just walk down the street past as many people as possible, anyone with this type of card will ping it's details and now you have them, straight out of your pocket or handbag without ever losing your card.

These details can't be used over the phone and generally they are for low value (under £15 - £20) transaction, but a few of them a day soon adds up, and if you can get them so easily why use the same card twice, no one would notice one extra rogue transaction, and even if they did there would be nothing to link it to the other cards that would be used other than you both happened to be walking down the same street at the same time.

I'm a bit fussy over cards, I don't have a credit card, and most of my debit cards are prepay, I keep small amounts on them for when I'm out shopping and just transfer any larger amount I need via internet banking just before I pay for it. it may seem a bit of hassle but I use my cards on the net all day long, and copying them is no use to anyone because the balances tend only to have credit on them for very short period, and the chances of being used in that time are slim.

Have to agree though, don't let your card out of your sight, watch where it is swiped (if they swipe it through two readers saying one is for "security" you need to check) and if you're using it somewhere new or you're suspicious of get a prepaid one.

Or pay cash

Presumably the RFID cards work on the normal security practice of responding with a code depending upon a given key. Its response will be no good for another billion or so transactions.

Car alarms work this way as do most security devices that could be scanned.

I've had an RFID card for a while but never ventured to using it as yet.

Sort of, but not quite, the actual cards aren't true RFID as we understand them, but actually have a rewriteable area of their chip to store data useage.

The RFID chips in normal security applications are a fixed data stream with a triggered response and are read only, however the banks realised that many people wouldn't understand the difference or would be more reluctant to use the card if they thought it was storing data about their small transactions (which of course it does).

The industry is in a bit of a mess with these at the moment, they haven't yet fixed an industry standard for the range, most work on 10cm (ISO/IEC 14443) but many want 50cm (ISO/IEC 15693) however they do accept that this would make data hacking easier as the cryptographic algorithm is vulnerable on these devices (obviously I wont go into how to do it on an open forum, but it is possible) and I also believe that "chip swaps" will become a new problem if people have unrestricted access to your card for a few minutes, and that no one will notice the swap for a while as they'll just think that the card has "failed" (failure rates on these cards are quite high, think about being in your wallet and what you do to it, microcomputers, and that's what they are, aren't meant to be abused like that).

I do think that they are a good idea, but I also think that they've just opened up a whole new way to be ripped off.

Oh yes, and your RFID, if you've never used it, how do you know the chip is still there, it's about half the size of a grain of sand so you'd hardly miss it and just waving it over the machine is enough to get a Big Mac meal charged to it (if this does happen, it's not me).

Turns out I've got two RFID cards, I've had one for 2 years and the other for just less than a year. Both cards have cracked, I just guessed the RFID bit was built into the usual chip, not separate, that still works on both.

Going to look it up now

When RFID passports first came out didn't the guys at defcon build a simple scanner and drive around scanning people as a proof of concept? Then a few years later they were cloning RFID travel cards?

RFID has a long way to go before it's secure I think =/ There's numerous stories about how easy they are to reverse engineer and tamper with.

Well be warned now some types of padlock especially those used on personal lockers are MASTERKEYED so take your own.