The contents, information, videos on this website deal with RFID/NFC technology in connection with cards, passports, ID cards, keys, telephones.

The RFID/NFC applications as well as the RFID/NFC risks and corresponding protection possibilities against unnoticed, contactless data theft by radio (RFID/NFC) are shown.

Differences between different so-called RFID/NFC protection products are also objectively treated and documented by videos.

RFID/NFC-PROTECTION PRODUCTS
IN Paper office stationery AND SMALL LEATHER GOODS MARKET

What is RFID / NFC


RFID/NFC explanatory video by Golden Head / Steinmann Group (german version)
 

The abbreviation RFID means Radio-Frequency Identification (German: Radiofrequenz-Identifikation = communication by electromagnetic waves = radio).

 

Similar to NFC, this is an international transmission standard for contactless data exchange via radio. The NFC technology was developed on the basis of RFID, so there are many similarities, but also some important differences.

How does RFID?

work?
In order to transmit data via RFID, so-called RFID transponders (also called chips, tags) are required. A distinction is made between active and passive transponders.

  • Passive transponders contain the data to be transmitted. However, they do not have their own energy source and therefore cannot start an RFID connection on their own.
  • Active transponders contain an energy source which supplies the transponder with energy. This provides the chip with enough energy to transmit its data.

The transponders are read out (and written to) by means of RFID readers or writers. The antenna of these devices sends the energy as electromagnetic waves to the transponder. The passive transponder uses the received energy to supply its chip with energy and to transmit the data. The active transponder, on the other hand, transmits either permanently or on request by the reader.

The design of individual transponders also differs greatly. Thus, not all models communicate via the same radio frequency or with the same transmission protocol, so that the range of data transmission differs depending on the type.

What are the differences between RFID and NFC?

NFC is a specification of RFID technology and differs in some points:

An NFC connection communicates over shorter distances than RFID (with RFID up to 100 meters and more).

NFC also allows bidirectional connections between two devices and not only between a transponder and a read/write device. For example, two NFC-enabled smartphones can exchange data via an NFC connection.

Finally, NFC transmitters always communicate via the same radio frequency. This means that the different NFC chips do not differ so much in terms of their characteristics and range.

RFID/NFC risks:

Radio links (RFID/NFC) can be established legally, but also illegally. RFID/NFC radio hackers can steal and/or manipulate the data stored on the RFID/NFC chips unnoticed, contactless, from greater distances, by radio.

RFID/NFC protection products against data theft via radio:

Some frequencies are very easy to shield. Others are very difficult, such as the low frequency range (e.g. 125kHz, 135 kHz), which is used in ID, payment, access (commercial, private), automotive (keyless systems).

Products are often referred to as RFID protection products, RFID blockers, etc., although only one or a few frequencies are shielded. However, a comprehensive, general protection against radio hackers on all frequencies is suggested. If this is the case, it can be misleading. Buyers of such protection products suspect maximum protection against radio hackers, but the opposite is the case.

Maximum security against radio hackers for all RFID/NFC frequencies cards, passports, ID cards, keys is provided by the specially developed material Cryptalloy, which is integrated by many well-known, market-leading companies in their storage products for cards, passports, ID cards, keys.

Examples of companies here.

Video Golden Head / Steinmann Gruppe (german version)

Veloflex (german version)

RFID/NFC refers to the transmission of data by radio using a corresponding radio reader.

The data stored on an RFID/NFC/radio chip can be spied out legally, but also illegally, by means of radio and greater distances. This opens up undreamt-of possibilities for data thieves.
Radio chips (RFID/NFC) are used in many hundreds of millions (Germany approx. 200 million) of contactless cards, passports, ID cards, keys and telephones. Frequently, the owners do not know that these are equipped with RFID/NFC chips and can thus be attacked by radio hackers.

Radio chips (RFID/NFC) are in:

  • EC-, credit-, giro-, bank cards, additional payment cards
  • ID cards (EC card format), passports (since 2005), other ID cards
  • Access cards, employee cards, member cards, hotel cards, blood donation cards
  • University and library cards
  • Public transport tickets
  • Electronic key cards for buildings and garages (private/commercial)
  • Car key (keyless) for car/truck/motorbike
  • Stop locks
  • Smartphones, mobile phones

The cards, passports, IDs, keys and telephones listed above work on various
RFID/NFC radio frequencies.

Examples of RFID/NFC frequencies:

  • Low frequency: 20 kHz, 50 kHz, 100 kHz, 125 kHz, 134 kHz, 250 kHz, 375 kHz, 500 kHz, 625 kHz, 750 kHz, 875 kHz
  • High frequency: 13.56 MHz
  • VHF band: 433 MHz
  • Ultra high frequency (UHF): 868 MHz, 915 MHz
  • Microwave: 1.8 GHz, 2.4 GHz, 3 GHz, 4 Ghz, 5.8 GHz

 

 

The wave symbol (or similar) identifies contactless EC, credit, bank, payment cards with RFID/NFC/radio chip.

The identity card with
RFID/NFC/radio chip has no symbol.
ALL ID cards (BRD) in EC card format have an RFID/NFC/radio chip.

ALL passports (worldwide) with this symbol have an RFID/NFC/radio chip:

Many smartphones have an integrated NFC/radio chip. These chips can also be attacked by radio.
Radio attacks can also be carried out with NFC-enabled smartphones.

Access and key cards can also be attacked by radio.
Radio key/keyless systems can also be attacked by radio hackers (RSA attack).

WARNING!
Not all cards, passports, ID cards, keys and telephones with RFID/NFC/radio chips have identification.

There is a danger of radio hackers:

  • Loss of cash
  • Unnotic creation of behavior/motion profiles
  • PKW/LKW/Motorcycle theft
  • Data/identity theft by radio
  • cloning of identities/documents
  • unauthorized access to private and commercial premises/garages
  • Electromagnetic destruction of the chips/cards (EMP)
Many suppliers of RFID/NFC/radio protection products work with these product arguments: Recommended questions and comments:
Protects your credit and bank cards (or other selected cards, ID cards, keys, passports) from data theft by radio. Which credit and bank cards etc. are protected? What about other cards, passports, IDs and keys? See enumeration (other page).
Protects most cards from data theft by radio. Then up to 49.99% of the cards may not be protected.
Protects on the frequency 13.56 MHz (or other selected frequency ranges). The customer often does not know on which frequencies his cards, passports, ID cards or keys are working. What about the millions of documents that work on other frequencies? See frequency bars and enumeration.
Protects 99,99% (or other percentages) from data theft by radio. How are these percentages calculated?
The quality of shielding attenuation (RFID/NFC/radio protection) in the area of contactless reading of data by radio is usually expressed in decibels (dB), not as a percentage.
One db or only one percent decimal place can mean dramatic differences in the RFID/NFC attenuation quality.
Blocks RFID/NFC/radio signals. Which signals, frequencies are blocked? What shielding effectiveness (db) is achieved?
We have a certificate/certificate, a seal regarding RFID/NFC protection. Assumed official test/certificates, seals usually confirm a certain RFID/NFC shielding attenuation, but not the maximum protection against data theft via radio (RFID/NFC).

There will always be a correspondingly weak RFID/NFC reader or lax test procedure to be found, where even an insufficient RFID/NFC protection product supposedly provides protection against radio hacker attacks (similar to the measurements of exhaust gas values).

Our RFID/NFC protection is enough. What is sufficient? This should be defined. Are all cards, passports, ID cards and keys protected on all radio frequencies?

Vulnerable: cards, passports, IDs, keys, telephones

Identification and data theft by radio (RFID/NFC) have arrived in society

Documents with so-called contactless function (RFID/NFC), keys, telephones with radio chips (RFID/NFC) are in circulation billions of times worldwide (Germany approx. 200 million). These include EC cards, credit cards, payment cards, identity cards, passports, private and commercial access cards. Mobile phones and keys (radio/keyless) are also equipped with these RFID/NFC chips.

Rating of “Certificates”, “Seals” and “Testats” regarding RFID/NFC protection

  • Overly official seals often only confirm a certain Reduction of “radio traffic” but no maximum effective RFID/NFC protection against radio hackers.
  • Unfortunately, there are no real official differentiation/attenuation standards for RFID/NFC protection yet.
  • Also, demonstrations / tests are often performed with very weak readers or lax test procedures.
  • Therefore, alleged RFID/NFC protection products and related materials may also have official seals/certifications that provide insufficient protection against RFID/NFC attacks.

As to our knowledge there are no legal standards regarding so-called RFID/NFC protection products, there can probably be no official certificates. The English “Certificate” is often used. “Certificate” can also only mean a certificate.

To the best of our knowledge, the relevant certificates merely confirm that there is a certain degree of shielding attenuation. However, this does not necessarily mean that maximum protection against RFID/NFC radio hackers is guaranteed.

In order to obtain this information from an appropriate test certificate, the test procedure, the devices used and the achieved shielding attenuation values (in decibels) must be related.

There will probably always be a correspondingly lax test procedure, where even a product with inadequate RFID/NFC protection quality will be certified as having adequate protection capability.

Here is an example of a serious, transparent measurement report by Professor Dipl.- Ing. Pauli/German armed forces university munich on RFID shielding effectiveness. measurement report.pdf

Development and testing laboratory* for electromagnetic wave shielding (including RFID/NFC protection)

RFID/NFC protection products are tested for maximum RFID/NFC protection and certified if necessary.

The most complex laboratory physical test series are carried out in the “RFID/NFC laboratory” of Kryptronic Technologies according to the latest test methods, findings and guidelines for RFID/NFC protection.

* by Kryptronic Technologies, Munich (developer and manufacturer of CRYPTALLOYĀ®)

Original image of an oscilloscope:

The flatter the curve, the better the shielding attenuation. No residual signal can be measured for CRYPTALLOYĀ®. Other materials do not achieve maximum shielding attenuation.

Comparison of RFID/NFC protective materials used

This video from Galileo/Pro7 shows the RFID/NFC technology and risks, the data theft by radio (RFID/NFC), each a statement from Mastercard & Kryptronic Technologies , the protection possibilities against RFID/NFC hackers, the RFID/NFC shielding effects of aluminium and Cryptalloy (german version).

This video from WDR shows the car keyless technology and risks, the car theft by radio (RFID/NFC) (germany version).

This video shows the RFID/NFC protection effects and corresponding differences of different cases, blocker cards, which are offered as RFID/NFC protection products:

This video shows the RFID/NFC protection effects and corresponding differences of various small leather goods products offered as RFID/NFC protection products:

Endangered: Car (car, truck, motorcycle)

Also the renowned, independent >/span> Chaos Computer Club (CCC) has addressed this topic. Find a corresponding report here.

The Although the most importantn Findings from thism Report sb>ind:

  • With components for about Euro 90 you can build radio hacker equipment.
  • The keyless systems usually work in the frequency combination 433 MHz or 868 MHz (UHF) and 125kHz (LF).
  • The CCC has now determined that intercepting the 125kHz frequency signals is sufficient to hack a car by radio.

With the key cases, card cases, purses, simple metal sheet boxes, RFID/NFC blocker cards etc. tested by us so far, only products with and made of CryptalloyĀ® provided maximum, effective RFID/NFC protection in the attempt to shield the important low frequencies (in particular 125kHz) .

With the other products tested, the user assumes maximum safety from radio hackers, that the opposite is the case. So the identical problem, as known from cards, passports, ID cards.

The following video is a report from ZDF (TerraX) (german version), which also explains the theft of a car by radio:

 

The following link leads to a video in which the functions of a keyless system are simulated

Also, in addition to the KeySafe “Silverstone” (with integrated Cryptalloy materials), various supposed protective cases will be shown which are intended to ward off radio attacks.

We think the videos speak for themselves:


Even if a corresponding RFID key protection case blocks the radio contact directly at the car, this does not necessarily mean that the case also repels strong radio hacker attacks.

There will always be a correspondingly weak reader/test procedure where even the weakest shielding products/materials provide shielding.

This applies to keys, cards, passports, ID cards, telephones with RFID/NFC function.

The authors

The RFID NFC Security Competence team consists of data protection experts, physicists, chemists, metallurgists, computer scientists and economists.

The members of the competence team deal with the field of radio frequency identification/near field communication (RFID/NFC = identification by electromagnetic waves = radio) and the shielding of electromagnetic waves, which is also called RFID/NFC protection, for many years, up to two decades.

RFID/NFC technology now affects almost every legally competent person in Germany, since cards, passports, ID cards, keys and telephones are equipped with RFID/NFC chips. Since we repeatedly find out that hardly any person or company has really been informed about the benefits and risks of this everyday technology, which has in the meantime penetrated society, this information page was created from an objective point of view. This page is intended for private individuals, but also for companies who come into contact with RFID/NFC technology and/or corresponding RFID/NFC protection products.

The competence team will be happy to answer your questions.