Top
« USB to DMX Laser Hacking at Hackerbot Labs | Main | Sudo Make Me A Sandwich Robot »
Saturday
Feb282009

Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips

Right as soon as you watch this video, go get some pliers or a vise grip and find the little bump on your paypass credit cards. Smoosh it with the pliers or vise grip and test it next time you are at a place where they have remote Paypass RFID readers. Testing is important so that you know the vulnerable RFID tag is smooshed like a bug and you won't be vulnerable to someone swiping the info off your credit card remotely. Got other ideas for destroying the RFID chip? Leave them in the comments!

Follow me on twitter for updates and subscribe to me in iTunes/breTunes to get all my videos, like this MP4, automagically.

References (74)

References allow you to track sources for this article, as well as articles that were written in response to this article.
  • Response
    Choose when the digital info on your chipped passport and credit/ID cards is 'on' or 'off' by making a pouch or wallet that contains radio wave shielding materials.
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Response: dealdash
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Response: potty training
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Response: best vpn providers
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Response: visit my home page
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Response: similar website
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Response: mo5tlf.com
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Response: Full Statement
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Response: same day loans
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Response: web design service
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Response: lead generation
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Response: penny stocks
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    get best seo marketing anywhere
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    smith786
  • Response
    alina77
  • Response
    Anurag
  • Response
    Response: Memorial day 2014
    spineseo
  • Response
    Response: computer glasses
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Response: fathers day 2014
    rihan
  • Response
    Response: Handelen in Opties
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Response: 301 nuke review
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Response: rbse result
  • Response
  • Response
  • Response
  • Response
    ariyan
  • Response
    Response: commodity robot
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    adam02
  • Response
    Response: utah seo company
    Many bloggers, particularly those engaged in participatory journalism, differentiate themselves from the mainstream media, while others are members of that media working through a different channel
  • Response
    Response: moveables
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Response: darmowa nawigacja
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Response: goal55
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Response: ZQuiet Commercial
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Response: madbid.com
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Erik paul
  • Response
    Response: nytimes.com
    The cost of credit is the additional amount, over and above the amount borrowed, that the borrower has to pay. It includes interest, arrangement fees and any other charges.
  • Response
    Response: dealdash
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Response: madbid.com
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Response: GU10 led bulbs
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Response: harga vimax asli
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Response: harga vimax asli
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Response: CSCS Mock Test
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips
  • Response
    Bre Pettis | I Make Things - Bre Pettis Blog - Protect Yourself From Remote RFID Theft on Paypass Credit Cards By Using Pliers or Vise Grips

Reader Comments (16)

Knowing that the tech is embedded in the card is important, but opting out of using PayPass with vise grips is only one option. I rather like the fact that when I go into my local drug store I can just way the card over the reader, I do not have to hand it to the kid at the cashier and I do not have to sign. However, I also have two thin sheet of brass in my wallet which line the pocket that I slide my PayPass card back into once I've made my purchase.

What would be the optimal method to get rid of a magnetic strip on my credit card?
Since I mostly pay using the onboard chip, I don't want my card to be usable just by someone learning and imitating my signature.

Feb 28 | Unregistered Commentermartian

I'm pretty sure that putting the card in the microwave would destroy the arphid but what would happen to the magnetic strip... there's only one way to find out!

Feb 28 | Unregistered Commenterjeremie

My Canadian PayPass card doesn't have the bump. Different kind of RF circuit maybe?

Feb 28 | Unregistered CommenterMichael

You can get rid of the magstrip by scraping it off with a razor. If you don't like the way it looks, redraw the black back on with a sharpie marker :) putting it into a bulk audio tape eraser "might" work.

Feb 28 | Unregistered Commenterkyoorius

Doktor von Slatt's idea is best. Why destroy the functionality for yourself if there is a way to safeguard it's misuse without going that far?

Mar 1 | Unregistered Commenterpaul

microwave 3 seconds
tho I'd opt for shielding it, and using it, ala von Slatt.

wow... hadn't seen paypasses before...
and wow 2... microwaving credit cards? :D

I like the shielding idea, but the brass sheet idea is to bulky. What about making a for your card, or a wallet liner, from aluminized mylar? Like the potato chip bag stuff. Toss you cell phone into a chip bag and close it up. Now call it.... Nuthin', right?

Good instructables.com article here on several approaches to dealing with rfid. Note the advice not to mess with your passport, it's a federal felony.

Mar 2 | Unregistered Commenterdgrc

I need a hammer - a hammer - a hammer - a hammer
To hammer them down!

Mar 9 | Unregistered Commenterxa4

Do you know anything about paypass at all? Certain information can be read cleartext, such as your name and account number - that part is true. However, the information is practically useless - the account number is not the same as the one on the contact interface, and can only be used for contactless transactions. Considering that transactions require RSA for authorization, the information is useless (unless you know the card's private key, and good luck extracting that off the EEPROM). So what's the point of this incredibly ill-informed article?

Mar 10 | Unregistered CommenterMatt

Interesting if you don't want the functionality, but you just know it's gonna come up again.

I'm with Jake von slatt on this - as a matter of fact, I usually carry around a wallet made out of stainless steel mesh (ductile 304, baby ;D). The basic upshot is complete scrambling of radio frequency transmissions through the wallet, RFID included.

I've tried it out with my RFID security pass from work - absolutely nothing, even when butted right up to the receiver. Sweet.

Mar 10 | Unregistered CommenterFletch

@Matt umm, do _you_ know anything about paypass? Almost every card uses the exact same account number as what is printed on the card. The only exception is amex. The next generation cards use something called cvc3 or dcvv, which dynamicly changes the three digit code based on the incrementing ATR (automatic transaction record). RSA is not used in any form of contactless payment system using paypass/EMV.

Mar 11 | Unregistered Commenter3ricj

@3ricj: Um, you know this how? I've just written an mchip/paypass implementation about to go onto tens of millions of cards. Have you read the specs? I would refer you to the "MChip specifications for credit and debit", section 5.1, appropriately entitled "Public Key Cryptography". Admittedly, far too many issuing banks are not using proper PKI (DDA), and in my opinion should be shot.

PS: ATR is "Answer to reset" - you're thinking of the ATC (Application Transaction Counter)

Mar 17 | Unregistered CommenterMatt

PPS: It's up to the issuing bank to choose the account number that goes on the contactless interface. If they put your real account number on it, change banks and tell them why. EMV best practices recommend strongly against putting the name or account number on the contactless interface because they know how uppity people get about it.

Mar 17 | Unregistered CommenterMatt

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
All HTML will be escaped. Hyperlinks will be created for URLs automatically.