Hi You no doubt familiar with modern credit cards like this one that have an RFID chip embedded in the more tap and go as it's called here in Australia might be called different things in other countries actually contain a radio frequency identification device and RFID chip in them. And no, it's not this thing here, that's the secure chip and pin thing. It's actually embedded elsewhere in the card and it goes under various Sat names. Could be Visa payWave or it could be MasterCard PayPass or various other names depending on which provider you've got, but they all work on the same RFID technology.

We can just use your credit card like this just to tap and go. As the name suggests, you just tap it onto a reader like this. If you've got a reader, you can just go like that BAM hold it there for a second or two and you've instantly paid for your transaction in. Australia At least it's up to $100 No need to enter your PIN number, no need to insert your card, no need to swipe it on the back or anything like that tap and go.

Beautiful! But it's not without its security concerns and my interest in this came about because Mrs.. a Eevblog got a new handbag here. It's a Giannotti brand for those playing along at home and it came with this look: RFID blocking technology to assist you in protecting your credit cards against identity theft. Sandler now uses data blocking technology.

Concealed within this bag or backpack is an Rfid protective fabric inside the credit card section that helps block illegal scanning devices and assists the prevention of data and identity theft. Fantastic, But does it actually work? Let's test it. now. let's just talk briefly about the RFID technology in here.

There's actually a coil all the way around the card in here that actually does, not, contrary to popular belief, act as an antenna. Because this is not an RF based system, it's the term RFID is a little bit deceptive. In this case. it actually works like a transformer and if we have a look at another card here, we can actually see the coil inside there.

Check it out. It'll go around like that. The chip will be embedded in there somewhere, not exactly sure where it is matter. You can see that there's a couple of turns going around in there somewhere, and what it's doing is acting as a transformer like this.

Let's go to Dave CAD So this is the receiver part of it here. This could be the phone like we're going to use today. It could be a legitimate device at the supermarket or on the bus that you want to tap and go and pay with. Or it can be a scamming skimming device that people can walk by you and actually once if they get close enough then they can actually potentially get your card details and actually do a transaction on your card.

They can't actually get your credit card information, but they can do an actual transaction. As I said. up to the value of $100 Anyway, this is the receiver like this and the receiver generates a constant 13 or packets of thirteen point five, six megahertz sine wave, and it's a transformer coupled system. The coil inside the credit card actually forms the secondary of a transformer here.

So even though it's called RFID because it RF is used in some other variants of it, it's actually a magnetic field. a traditional transformer coupled like this, and the chip inside your credit card here actually gets power from this coil. So once you get these two, they're close enough. There's a little our rectifier in there.

This is grossly simplified, but hey, this is basically how it works. It generates our power for the chip and then the chip can drive a transistor, which then can modulate the load on the secondary side and that will reflect back due to transformer action. The magnetic fields. You can actually get the modulation on here and it'll send as we'll see in a minute it'll send like a packet of 13.5 six megahertz data like this.

and then if this chip, if the protocol is right and everything matches up, then this will use a transistor to put a load across the coil and modulate it. And for the I so one, triple four, three protocol which we're talking about here which is used in these types of modern credit cards, then it's going to modulate that amplitude modulated at a frequency of four Hundred and Forty Seven Point Five Kilohertz and then the reader can read back that data and they can communicate and transfer information. Easy. But the important thing to note here is this is not an RF system.

These are not antennas. This is a transformer. It works on magnetic fields instead of an RF field. So in, take a modern smartphone and use this as an NFC reader.

they got NFC capability built-in Thirteen Point Five Six Megahertz. There are different frequencies for different RFID systems, but the credit cards use Thirteen Point Five Six and that's what the modern smart phones do at least I'm not aware of any smart phones that do the other frequencies, but we can use this. It's just an app from my research lab Hagin burgers just to free up. You can get to what read the information from these cards so we can put our tag in there and it's just reading tag.

doesn't take a minute. New tag detected and we've ended. We've got it. We've read all the information that we can from this card.

of course I can't get the money from it because I don't have the ability to do transactions, but hey, criminals can potentially do this. so I won't go into the tag information. It might reveal something about my card here. but anyway, it's you.

Know you can get like the hex, dump data out of the card and everything else and you don't actually have to have them touching and you can actually have them a distance apart. but there is a limit to how far you can have them apart due to the transformer action losses because it's a pretty poor transformer. It's an ear cord, so the idea behind these are bags you can buy and you can get wallets as well with this RFID protection technology and does it work well? I Actually don't necessarily doubt it because it's not hugely hard to actually shield against this. But as I said, it's not a Faraday cage issue.

it's not an RF issue. It's a magnetic field issue. So you know ideally you'd want our what's called new metal which actually our shields out magnetic fields. Now take something like this side: I Cast Aluminium Box for example.

You're used to using these to shield your electronics and stuff from our Am I right now. These are quite effective at RF and of course, but for magnetic fields not so much. But really, the problem is with magnetic fields. Die cast aluminium like this, or our foil or anything else.

Um, really is. You know, pretty decent at high-frequency art stuff. but at low frequency low-frequency magnetic fields like down in the Kilohertz and things like that, these aren't really effective against magnetic fields. But the good news is is that these things operate at thirteen point five, six megahertz.

So something like this diecast box force of airfoil is going to work a treat at those high frequencies, even though at low frequencies, even something this thick would actually be pretty useless at shielded magnetic fields. So let's not muck around. let's try it. Let's get our credit card inside the outer sleeve of this bag and scanned it.

There we go. No problems whatsoever. This bag does not work in the outer pocket, but it doesn't claim to if we go back and read the fine print. There's a protective fabric inside the credit card section, so only the credit card section.

so the rest of the bag. If you've got this card inside your wallet, inside the bag is not specifically inside the credit card section and you're not protected at all and you'll see inside this bag. it looks kind of like magnetic II But if you put your credit card inside any part of this inside here or this outer pocket as we saw, then it does absolutely nothing apart from a physical distance thing getting extra losses in the transformer. You've got to actually put the card inside here and I'm not sure if you can hear that, but it feels different.

It feels like there's some metal foil or something inside this section. So let's whack our card in there, shall we? And we'll try and read it here. We go for the outside of the bag like this, and you'll see that it doesn't scan at all. so it works.

and that's not terribly. You know, surprising there's nothing magical about this. But look if I put inside this other pocket over here and try and read it. Bingo! It's going through multiple layers.

no problems of this bag and right through there. so it only works if you put it inside the section like this. so that might protect you against a Wimpy little phone like this. But what if are the criminal? Have some you know, super high power transmitter / receiver that can you know generate a bigger magnetic field and read data back.

Well how effective might this be? Well, we can actually do it. Gets some our quantitative measurements with a near field. H Probe: These are called because it's a magnetic field. This is not an electric field probe.

it's a magnetic field. You've seen this in my videos before. It's a dead giveaway to magnetic field because you can see the coil there and we can actually stick this in between the credit card and here and we can pick up the magnetic field and we'll be able to see it on the scope. Beauty.

And of course you don't need to buy one of these fancy pantsy expensive shield in handbags or wallets or whatever. You can just use our foil like this and this is a common trick you see on the Internet so let's see if we can read that tag under there. No, we can't. Just a single layer of alpha or like that is more than enough if I take that away now.

Bingo. Will read it. No problems whatsoever. So just a single layer of our foil is enough to attenuate that.

even though the magnetic field as I show you in a minute is actually still getting through there, it attenuates it enough to actually cause a problem. And there is a bit of a myth going around that if you have two credit cards in your wallet in close proximity or back-to-back like this that they'll cancel out and they'll get you know conflict and you won't be able to read the data out of it and you'll be completely safe. You don't need any magnetic shielding whatsoever. Well, that's not really true because the ISO standard one, triple Four three which are determines the protocol and everything to do with this RFID technology actually has an anti collision thing as part of the protocol for both Type A and Type B cards.

so we can, hopefully it might. it could make an edit. it's going to make a fool out of midnight. There we go.

A new tag detected. Okay, so you can actually get a point where they sort of do interfere with each other. It causes a problem, but you can still. You can still do it.

You saw we could. Actually, There we go. We can get it to read that no problem. So that really isn't protected.

That myth-busting Okay, so let's use our H field Probe, which goes from you know, basically Kilohertz up to several gigahertz. so it should easily be able to read our Thirteen Point Five Six Megahertz. Let's put that on the back here and we'll see that when you've got our NFC enabled on your phone, it's reading all the time, periodically, actually sending out these packets like this, trying to wake up the card that's in any card that's in proximity to it, and then looking, sending out a code to enable it. And they're looking for modulation coming back.

And if we single-shot capture that and go in here, you'll see that this is basically Bingo. Whoop, There it is. Thirteen Point Five Five, Thirteen Point Five, Six Megahertz. That's our carrier frequency and it's sinusoidal.

All right. So let's put our card behind our phone here and watch what happens when I put it in there. Bingo. You should have seen some modulation there, so let's see if we can capture that and you'll notice that it's actually continually stayed on now that that card is in the field if we take it away.

BAM It goes back like that. Now, if captured some data here, and you can see that before this trigger point. Here, here's our Thirteen Point Five Six Megahertz. It's actually the look.

It actually goes down to zero. This is the receiver or in this case, the transmitter actually doing that. and we've got different types of data. If we go over here and have a look, we can see.

this is the return data coming from the card itself, and this is the amplitude modulated data. We can go in here and have a squiz at that. There it is. It's just amplitude modulated, so that is the credit card actually modulating that, turning on the transistor, loading down the coil, and modulating that data back at what frequency? Well, let's measure it.

And Bingo! Using our X cursors there, we can get eight Hundred and Forty seven, Point Four, Six Kilohertz. That's exactly what I said. The modulation frequency was before, so yep, the ISO standard is exactly as it says. Now, if we have a look at the distance between the card, the phone like this, then we can actually I'm I not 200 millivolts per division be able to see the amplitude difference.

I'll go down like this. I've got that, and a fair distance away will we be able to get something? Yep, and it's lower amplitude of course, but even at that sort of distance, you know there's still something there. It's not enough to actually connect to the card, but hey, if you had a more powerful reader, you know if you're a criminal, you had a more powerful reader. You're trying to skim cards and things like that.

You can do it at a greater distance. Okay, so let's try the alfoil now. Okay, so I'm down at ten millivolts per division. The absolute value doesn't matter.

it's just relative to 200 millivolts per division we were at before. And yeah, I'm able to, you know, get something. But if I take away the alfoil of course, then whammo. We're completely off scale.

Now there we go. Alright, so I've got my credit card inside the shielded thing I'll whack my probe in there and we'll give that a ball. Yeah, we're still getting something at 50 millivolts per division, but you know it's it's really right down there. You'd have to have a super-powerful you know, transmitter side to, actually, you know, generating a much larger magnetic field than this one's capable of to actually get that I suspect.

but it's probably not a hundred percent secure. But you know I think it's going to be good enough I think these sorts of shielded handbags and wallets will actually do what they claim. And if you're wondering about the die cast alloy box, then yep, that's it. Two millivolts per division.

There's just oh, did we get something? No, that was just me mucking around. Yeah, that's going to be pretty effective I should expect, but are not 100% effective against magnetic fields. But in the case of the amount of field we're talking about with the RFID here at that frequency, then yeah, these things do work. Okay, just for kicks.

I'm going to see if we can capture the increase in magnetic field as we get closer. so I'll single-shot capture that and I'll bring it in. Don't like our chances, but oh yeah, that's quite reasonable. There we go.

We started here. We could see it getting bigger and bigger, but it wasn't close enough to actually capture the dot like you know to sink and do the protocol and talk to the card and get the data before it got. you know, fairly close, like an inch away or something like that. So there you go.

I Hope you found that interesting. And whether or not you believe that you know you're really a threat just walking around with your unexposed credit cards in your wallet and things like that. and the odds are ridiculously low that somebody's going to skim you or something like that. But you know they don't necessarily have to walk through you.

They could set it up in a doorframe, for example. Yes, you walk through, they can get you because you can couple the magnetic field like that as you walk through. and there's many other ways to do it. but they have to do a transaction.

It's not like the money just magically vanishes from your account. You know it's got to be a transaction and things like that. So yet not a hundred percent secure technology. But hey, confirmed are these bags and presumably the wallets.

They've probably just got our foil in them anyway. And our phone does quite a reasonable job. Just a single layer of our foil can actually protect you. Cards Pretty good.

So yes, you're paranoid about these things. Don't wear it on your head, just stick it in your wallet. Catch you next time. Hi! It's Teddy on Tuesday Again, it's a little bit different.

It's why is Broad Electric Toothbrushes you've seen them. It's it's on one of these charges Wireless our power transfer to charge the internal battery. We crack it open and check it out. Not only what's inside here, but what's inside the charger as well.

Let's take a look. Could be interesting. There you go. It drops down, and if you remove another one, it drops down again.

But actually, it's.