Can a contactless bank card be cloned onto an implantable RFID?

edited February 2015 in RFID/NFC
Hey all. Something on my mind. Does anyone know what kind of chips are used in contactless bank cards? Could one be cloned onto an implantable chip? 

Seems like it would be an easier route to having a magic-pay-for-my-groceries hand swipe than extracting the chip - which would destroy my bank card :(
Tagged:

Comments

  • Assuming your bank card is passive (not familiar with contactless card here in Texas ;) ) I would imagine it's an encrypted tag, rather complicating matters. I'd get in touch with @amal
  • Saal is pretty much correct on this. Unlike regular tags used for identification, banking uses chips with crypto features. And on top of that, those chips usually have a whole lot of features to make them temper resistant.
    So cloning it appears to be very unlikely. If anything you'd have to extract the chip, connect it to a new more implant-friendly receiver coil and seal that. If you are unfortunate, the chip may be able to detect the change in coil properties and refuse to work.
  • There was a project a while back where some people took a london tube pass, acetoned the heck out of it to destroy the plastic coating, then relooped the wire along with the chip in a ring shape and then set it in arylic or something of that nature.


    you could do the same thing with pdms and then have someone implant it into you, as @Saal suggested. or just wear a ring. when money is involved, i would much rather have to remove a ring when getting mugged than a ring finger...
  • Ah, but the ring is visible. How many muggers are gonna ask for your hand or your life? I like the idea, I just see a lot of issues with getting it to work, as ThomasEgi explained.
  • I think that getting it to work would be fairly easy. If you follow that link, that guys rings weren't super slick. i mean, they are cool, but obviously home made.

    go to your bank and ask them to send you those little keychain size tap credit cards. get two or more so you can experiment taking them apart. 

    Of course, as an early adopter, no one is going to ask to cut off you hand because the implant is less visible and unexpected. Rings are also fairly ubiquitous and innocuous and just a well unexpected. However, with usage becoming more common, (or if you get online and post a youtube video about how your left hand is your bank card) a simple rfid scanner would show the presence of the implant (or ring. in fact, i don't know way more muggers don't use these to swipe down marks for hidden cards etc...).  at that point, it becomes a question of: if someone is willing to point a gun at you for your wallet, why would they be against waving a cleaver or bolt cutters at you? I mean, these are things that criminals do now. Just as motivation techniques. You would basically be encouraging the practice in the long run.

    it's important to think about these long term ramifications. the problems with hiding things in your body is that these things are now in your body and if someone wants them, then need to remove them. it's all well and good to consider something safer because it is under your skin. and it is, in regards to you losing it, or having it pick pocketed. however, the side effects are that if someone wants to take your money, they will. and if you made it hard for them by stuffing it in your hand, it's going to be hard on your hand in the long run. 

    or what if the police want it as evidence. there was a story just recently about a man whose prosthetic leg was confiscated for months.

    if a criminal wants your device, they will come and take it. if the cops want your device, they will come and take it. no one cares about the pokedex that got implanted to take your glucose measures or whatever, even if you could basically smack it out. but money, they will care about that. this is a basic tenant of reality.
  • It is actually super easy to steal RFID credit cards:
    http://www.forbes.com/sites/andygreenberg/2012/01/30/hackers-demo-shows-how-easily-credit-cards-can-be-read-through-clothes-and-wallets/

    $350 of equipment is all it takes...Glad none of my cards are RFID...
  • stealing from, and cloning, are two entirely different things.
  • @glims - @ThomasEgi is correct about the chips being used in payment systems... what started out here in the US as a simple application running on a DESFire chip has morphed into a special chip that follows the EMV standard. The chip-and-pin solution in the EU is also different for debit and bank cards. It is still a bit of chaos out there for wireless payments, and you cannot simply copy or clone the payment data to a new tag... enabling such a thing would be bad for card holders.

    The problem with implanting payment card chips themselves is that they expire, so yes you could chop up a card and get the chip and implant it, but in 2 years it's gotta come out again once it expires. But, if you're into that kind of thing, then sure that might work :)
  • @glims - heh, I think it was my video on YouTube that the ds72 crew used as a guide to extract that Oyster card. Ahead of my time, I was...

    Thanks all for details of the cards - I hadn't considered tamper resistance. Barclays make RFID stickers ("paytag") which might be a safer thing to extract from than a full credit card.

    Think the worried about crims cutting off your hand are a bit overblown - much easier (and less dangerous for all concerned) to just skim cards.
  • I'm just gonna say that historically, having body parts removed to facilitate crime has a long and robust history. You just know that if bank card in hands was a thing back in Serbia when Željko Ražnatović was stomping around fucking with people, there would have been bags of hands...

    To be fair, if one never has enough money to steal, like myself, it stops being an issue. I pity the person who decides to steal my identity. I have the best security ever. Toxicity ;)

  • image
    For those of us who don't mind a biennial removal: Max Yampolskiy has been experimenting with PayPass bankcards and London Railway card implants since November. He prefers the former as it can be used for both purposes.
  • Ahhhh!!! Max has done what I always wanted to do. Looks exactly as I imagined it, too. 
  • Where would you implant that beast?
  • and what material did it get embedded into.. and where did he get the material from? Links? Contact data?
  • image

    It's medical-grade silicone. Max(im) specialises in designing custom 3D implants, serious body mods and suspensions. 
    This particular implant was made for Lukas Zpira but I don't know whether it was ever installed or not. Back of hand seems the most likely spot.
    Had heard some rumours that Max's silicone wasn't up to par but have since talked to several high-calibre piercers; all of whom have raved about his work. Am ordering a 3D design from him and also contemplating whether to get my own PayPass implant.
    You can find him (and these photos) on Facebook. He's based in Moscow.
  • One of my major concerns implanting RFID in silicone was the sterilisation issue - autoclaving it might well bake the chip, and AFAIK silicone shouldn't be alcohol sterilised as it will absorb the alcohol and leech it back into your skin. Still, no way to know for sure except to go out and try...


  • Chips aren't that fragile when it comes to temperatures. Storage temperatures of 150°C are not uncommon. Chips usually are reflow soldered so they have to tolerate elevated temperatures for a couple of minutes. So putting them into a 130°C environment for like 3 minutes should be no problem.
    To further give you an idea, some electronic chips are moisture sensitive, if they are exposed to uncontrolled conditions during storage they are baked dry prior to soldering. This process is done at 125°C and takes 24 to 72 hours.
  • I doubt that's an issue in the case of Max's creation: He used the same silicone that he makes his 3D implants from.
    According to the late (great) Shannon Larratt: "He and the artists that use his implants have been installing them for a bit over three years now if memory serves, giving them a convincing track record of safety and biocompatibility." 
    And, much like ThomasEgi, I was under the impression that many RFID chips can be autoclaved these days.

  • I have an RFID chip here! I have an autoclave! let's find out! @amal is coming by later, he can test for functionality. brb....
  • update: the chip itself seems structurally sound and that matches up with the literature. However, the substrate did not fair so well. So, you can autoclave as long as you have a substrate that can be autoclaved.

    you can ethanol soak silicon, just make sure to do a di water wash before you implant.
  • for completely sealed implants, HDPE might be an option. It can be easily processed since it is a thermoplast, but it can survive autoclaving
  • Good advice and great insight, thank you everyone. am chatting to Max right now, he's got some interesting stuff going on...
  • @ThomasEgi i have successfully cloned my debit Visa card RFIDg/NFC tag and am able to tap with my RFID ring

  • @SeeGreatness said:
    @ThomasEgi i have successfully cloned my debit Visa card RFIDg/NFC tag and am able to tap with my RFID ring

    How and on what sort of chip?

Sign In or Register to comment.