so,an RFID proof wallet using stainless is TSA passable. I believe I'll be peeling the edge, honing a linear foot, re-gluing and smiling at the nice guard-man. Just to know I can.

excellent.

Is there any more information about where these terminals are available or what to search for on ebay to find them?

You do not need to hack anything. Nokia and others are currently putting RFID readers in cell phones - you can already buy models with this feature in the open market (google for "6131nfc" for example).

All you need is some software.

However, isn't this sniffing just the equivalent of shoulder-surfing? In current credit cards, the card number is in plain sight - in RFID cards, it's still in plain sight (you just need radio-sensitive eyes to see them).

Well people always comment on me using a metal business card case to carry around my credit cards and so forth....guess this a good reason to carry on with this practice.

$8 for the RFID reader is way too low, even for ebay. The price is $30..$50 for the crappiest reader. And if you want a multi-frequency reader to read RFID devices than operate on frequencies other than the most common 125KHz, prepare to spend around $250. It is not a big deal though, since you can pay for it using someone else's credit card. :)

My fiancee just broke her card on accident. When she gets a new one, I'm a gonna dissect the old one, find out where the chip is, and drill a hole in mine to disable it. They shouldn't attach this stuff to us without asking. 90% of the people I know(ditto myself) aren't even savvy enough to use it, so they're obviously just government operatives disguised as bankers who want to track our daily movements via secret spy satellites.

#7: no need to drill. just hit it with a hammer. :)

Anybody have specific part numbers for RFID readers that will read these cards? I call bogus on the $8 price tag.

As shown in the video, you have to get really up close and personal with the card before data can be read.

I have one of these cards, and cursory examination doesn't reveal the location of the chip. I tried putting it in the microwave for 6 seconds, and only succeeded in crazing the foil hologram.

#7 #8 #9

How about a piece of metal duct tape over the chip? Or copper foil and glue? Kind of like a permanent tinfoil hat localized around the chip itself.

No need to disable the chip. The antenna circulates near the rim of the card, and cutting it apart is quite enough to disable it (or putting it in a wallet which has a conductive metal surface). I wish they designed more of these with an on/off -switch.

The majority (if not all) of these cards are based on the ISO-14443 standard; which in it's -1 layer defines the physical dimensions of the card. Here's a picture of how such a card looks from the inside.

http://www.inlaybest.cn/tx1.jpg

You can get yourself an Oyster card or a Charliecard and cut it apart - they're based on the same RF technology, so the antenna should be pretty much the same. Or you can just buy a blank MIFARE card from almost anywhere. They're readily available, as are reader components.

These are really cool toys, once you start hacking them. So many awesome things you can build with them...

The chip is usually pretty obvious if you look at the reflection of something on the face of the card. It will be a pea-sized rectangular indentation on the surface.

On my Chase Freedom, it is located in the top half of the "H" in Chase as shown by the yellow square in the below image:
http://i25.tinypic.com/2zrly4g.jpg

I would imagine that the placement doesn't vary too much from card to card.

I work with pablos.

This reader was purchased from an ebay snipe for $0.99 + $7.99 shipping. So it was in fact 9 dollars, not $8 as represented. I will clarify this with pablos tonight. The ebay auction number was 110188198513, but it's not archived by them anymore. Yes, it was sniped. The typical price for these readers is $50 or so. Any readers made by vivotech should work dandy, provided they are not so old. The one in the video is a vivotech 5000.

As others have pointed out - - you can see the tag via looking at the surface of the card with a bright light. It will show up like a small indent, which is mostly square. Hammering in a small finishing nail 5-6 times seems to be the most consistent option - - just a hammer on the card only seems to work some of the time; they are pretty darn durable.

Cheers,
-3ricj

You can stop the RFID signal with wallet from http://www.RFIDBlockr.com I got a passport case from them...it has a copper wire mesh sewn in to the lining...you don't even know it is there.

Thanks,
Jay

Dammit, don't tell everybody. Learned this from my old comp sci prof. we used to scan peoples block buster cards and then use them for free rentals. Ah those were the good ol' days.

@American, this is information that will make you aware of a problem. Nowhere in the article does it explicitly state "do this and have a lot of illegal cash". If "kids" want to find something more they will, curiosity is a good thing. The thing you should be worried about is parents not taking responsibility for their kids actions or upbringing and always try blaming someone else.
Parents are the ones responsible for their kids, not the government, not someone hosting an internet site etc.

Besides, the ones probably doing something illegal with this technology are likely not kids.

The reach of most RFID-tags is within a couple of centimeters, although it dependes on how powerful your reader is. In the case of the Nokia 6131 NFC the reach of ordinary ISO-14443 cards is, from my experience, within 1 cm.
So this might not be a huge issue..

A cheap solution for everyone. Make a duct tape wallet and insert a sheet of aluminum into it when your making it. It's cheap and effective.

i hope that kids will make use of this video to hack credit cards! information like this should not be supressed!

Seriously. Keep these effing chips out of my credit cards, my passport, and my body. Just because we have a technology does not mean that we should force it on people.

RFID implants are next, check it:
http://www.slate.com/id/2109477/

Do all of you have your surplus of tin foil hats or what??? ITS ALL A BIG CONSIRACY!!!

Keep worrying it'll help you live longer!

For a bunch of people that are trying to sound real smart most of you sound like complete idiots, do some research.

Maybe it's just me, but all the videos on Boing Boing TV seem to be on the fritz. I'd really like to see this, too.

What kind of contactless credit card have you read Pablo? EMV ones? I really don't think so, one thing is reading magstripe emulation cards, another is reading EMV...
in any case, good work ;-)

Instead of walking up to you and obviously holding out a sensor, an attacker may just wear his laptop bag and edge into you while you're in line somewhere. Gives a new meaning to "shoulder surfing," doesn't it?

BTW AmEx used to give away card readers to its Blue customers, back when they were trying to push an embedded SIM-type chip instead. But that, at least, required electrical contact with the pins. RFID, well... they can already use it in doorframes in mental hospital wards, etc., to track/prevent movement of patients with RFID bracelets. And TI made a system to track runners in marathons, which works at further distances. So it's a little scary.

what about instead of a laptop, an ipod [or similar] running linux. All the reader needs to do is to be able to send/receive data to somewhere it can be saved/viewed. and how many people get that close to you wearing an ipod, during the day. next thing... simply get the smallest reader as possible then sew it into a pair of gloves or similar. then the victims will never know what's what. of course slapping someones A** might get you into some hot water... or a date. lol.

If you're a restaurant employee, you could do a lot with one of these.

Anonymous (20), if you want to have your remarks taken seriously, put a name on them.

Well I know where this guy has the macbook air from ... ;)

Teresa -- if you're a restaurant employee, you don't need one of these, because you can just copy numbers directly the old-fashioned way.