!!! DISCLAIMER !!! The following demonstration is for educational purposes only.
This web site (www.cyberabe.com) DOES NOT promote or encourage any illegal activities.
Have you ever paid using your Phone, your Watch or just tapping your Credit Card on a POS (Point Of Sale)? Your Phone, Watch or Credit Card are sending specific radio frequencies to the POS in order to process the transaction. What is RFID? RFID stands for Radio Frequency IDentification and is the process by which items are uniquely identified using radio waves. RFID system includes a tag, reader and an antenna. Radio waves can be Active or Passive. The Passive ones are divided into three frequency ranges: Low Frequency (LF) 125-134kHz, High Frequency (HF) 13.56 MHz and Ultra High Frequency (UHF) 856 MHz to 960 MHz. Sometimes the term NFC (Near Field Communication) is misinterpreted when we talk about RFID. NFC is a device in the family of Radio Frequency and is designed to be a secure form of data exchange. Your Phone, Watch and Credit Card (with an EMV chip) are considered NFC devices.
There are some security issues with NFC in cases of eavesdropping or amplification attacks. Eavesdropping is a network layer attack that focuses on capturing small packets from the network transmitted by other computers. It reads the data content in search of any type of information. Hackers can use special equipment to intercept the radio signals that are sent between an NFC card and an NFC-enabled device. Once the signals have been intercepted, the hackers can gain access to the data stored on the card. In some cases, hackers may also be able to remotely activate the card's radio signal in order to establish a connection with an NFC-enabled device without having to be in close proximity. Most of the NFC devices are using Passive High frequencies radio waves which makes them vulnerable to those wanting to intercept them. A person with malicious intent can access those frequencies within 1 meter or about 3 feet.
Don't be alarmed, one of the security features of NFC is that the device needs to be a max of 5 centimeters or about 2 inches from the POS reader. This prevents the transmission from being available to nearby people with malicious intent. For Credit Cards, I recommend to store them in special RFID blocking sleeves. If you are concerned about contactless technology you can always block this feature by calling your bank or going into a branch. For Phones or Watches it is always great to have a two-factor authentication process for authorizing credit card transfers so that you can better avoid public and open Wi-Fi hotspots.
Now you can build your own RFID Reader and writer for about $45 dollars. What do you need? 1. Arduino Uno Rev3 ($28.50), 2.RFID-RC522 ($7.99) with white card and key ring, 3. Multicolored wire Female to Female ($7.99) 4. Download Arduino IDE available for Linux, Microsoft Windows and Apple OS X. This is the schematic to properly connect your Arduino with the RFID-RC522. Once connected open your Arduino IDE, click on Tools >> Manage Libraries... and type "rc522" in the search bar and install the library "MFRC522" by GitHubCommunity (in my case it is already installed).
After this close Library Manager and click on File >> Examples >> MFRC522 >> DumpInfo to open the example sketch. Make sure the RST_PIN is on 9 and SS_PIN is on 10. If you have a different Arduino like Nano or Leonardo please follow the instruction under "Typical pin layout used:” and more pin layouts for other boards can be found here: https://github.com/miguelbalboa/rfid#pin-layout.
Compile and upload the sketch to Arduino but first make sure that the port selected is the right one. After compiling and uploading, it is now the moment of truth! Click on the right corner on the magnified lens icon and pass the card or token on your RFID-RC522 module (keep the card for about 6 seconds so it reads all the 16 sectors that multiply for 4 blocks of 16 Bytes, each give you a total of 1024 Bytes / 1KB of memory). It's a very nice project that helps you understand how Radio Frequency works.