[LINK] RFI: PayWave/PayPass Contactless Chip Cards

[TKoltai]

> -----Original Message-----
> From: link-bounces at mailman.anu.edu.au 
> [mailto:link-bounces at mailman.anu.edu.au] On Behalf Of Kim Holburn
> Sent: Wednesday, 11 April 2012 7:49 PM
> To: Link list
> Subject: Re: [LINK] RFI: PayWave/PayPass Contactless Chip Cards
> 
> 
> 
> On 2012/Apr/11, at 4:20 PM, Stephen Wilson wrote:
> > Actually no, it's all in the one chip now.  A single "dual 
> interface"
> > chip talks to the outside world through either the gold 
> plated contacts 
> > you see on the surface, or an antenna buried in the 
> plastic.  Scratching 
> > off the contacts need not affect the wireless channel.  Very 
> > sophisticated smartcards can detect damage to the contacts or other 
> > elements of the electronics and respond by 
> self-destructing, but banks 
> > don't invest in that level of security.
> 
> With some security cards I recently had something to do with 
> recently, the people issuing them were punching a slot in the 
> cards so the users could put a small strap in them.  On some 
> cards the slot broke the aerial and the wireless function 
> stopped working.  I suppose if you could work out where the 
> aerial ran, you could punch a small hole in the card and cut 
> the aerial but wouldn't that void the card?
> 
> -- 
> Kim Holburn
> IT Network & Security Consultant
> T: +61 2 61402408  M: +61 404072753
> mailto:kim at holburn.net  aim://kimholburn
> skype://kholburn - PGP Public Key on request 
> 


Interestingly, the banks seem opposed to any public discussion on the
topic:

Mythbusters: http://www.youtube.com/watch?v=X034R3yzDhw

A  number of consumers have offered solutions for getting rid of the
RFID chip via EMP and hole punch.

Homemade EMP RFID zapper: http://www.youtube.com/watch?v=c0vZigwn09I
I personally think it's a tad radical.

A small faraday shield pocket/envelope made of some 3M material
ameliorates personal security concerns yet, maintains the security
benefits of the RFID presence .


TomK