Simple Hack Puts An RFID Tag Inside Your Mobile Phone

RFID Tag Cell Phone

RFID security systems have become quite common these days. Many corporations now use RFID cards, or badges, in place of physical keys. It’s not hard to understand why. They easily fit inside of a standard wallet, they require no power source, and the keys can be revoked with a few keystrokes. No need to change the locks, no need to collect keys from everyone.

[Shawn] recently set up one of these systems for his own office, but he found that the RFID cards were just a bit too bulky for his liking. He thought it would be really neat if he could just use his cell phone to open the doors, since he always carries it anyways. He tried searching for a cell phone case that contained an RFID tag but wasn’t able to come up with anything at the time. His solution was to do it himself.

[Shawn] first needed to get the RFID tag out of the plastic card without damaging the chip or antenna coil. He knew that acetone can be used to melt away certain types of plastic and rubber, and figured he might as well try it out with the RFID card. He placed the card in a beaker and covered it with acetone. He then sealed the beaker in a plastic bag to help prevent the acetone from evaporating.

After around 45 minutes of soaking, [Shawn] was able to peel the plastic layers off of the electronics. He was left with a tiny RFID chip and a large, flat copper coil. He removed the cover from the back of his iPhone 4S and taped the chip and coil to the inside of the phone. There was enough room for him to seal the whole thing back up underneath the original cover.

Even though the phone has multiple radios, they don’t seem to cause any noticeable interference. [Shawn] can now just hold his phone up to the RFID readers and open the door, instead of having to carry an extra card around. Looking at his phone, you would never even know he modified it.

[Thanks Thief Dark]

36 thoughts on “Simple Hack Puts An RFID Tag Inside Your Mobile Phone

    1. That was going to be my question as well. The only thing I can think of is if you’re not given a choice of tag, you’re given a coded tag and need to make the best of it.

      My local maker space uses a kind where we have a choice of card, sticker or key fob. The sticker can be put into a pocket of a wallet and read through the leather or fabric.

    2. Some door security systems (e.g. the Paxton system that seems common in the UK) aren’t quite standard RFID so you have to use their cards/fobs. Whether this is for extra security or to make more money selling cards is a matter of opinion.

    1. In some cases, yes. However here, no. NFC operates at 13.56MHz which is also know as the HF standard. The tag here operates at one of the LF frequencies (170kHz for this one, but 125kHz and 134kHz are standards as well). If he needed to emulate an HF tag, a phone could likely do the trick with some software work. However, the HF hardware on a phone can do diddly squat about LF.

  1. Just a warning for anyone attempting this (i have played around with RFID quite a bit).

    He obviously has RFID readers with either high power or very good control electronics since it can read the tag taped directly to a metal surface, this probably won’t work with most readers.

    Before breaking open your card try holding it flat onto a metal surface larger than the card (back of a card case, steel spatula, metal laptop lid or whatever you can find) and see if the reader picks it up, that way you won’t go through all that work and end up with something that could never have worked to begin with.

    1. You would be surprised what standard HID readers can read a card though Two layers of sheet rock, double pane glass, anodized aluminum sheet metal all of which I see on a daily basis.

      1. None of those are a true magnetic barrier, so of course it can read through them. Aluminum isn’t very good at stopping magnetism, and anodization has nothing to do with anything unless it was ferrous somehow.

    2. LF RFID is pretty good about being around and under metal and water. For HF RFID tags, they design certain ones specifically to be able to work on metal surfaces (the tags include a ferrite sheet under the antenna coil to channel the magnetic fields without incurring much eddy losses as would happen with standard metal). UHF RFID is really picky about much of anything near it unless the tags are really specially designed.

  2. I did this same thing about 7 years ago to open doors of office: https://plus.google.com/111653744412699215748/posts/cHSmt8M8XPZ . I glued a RFID tag in the cover of a Nokia phone.

    Unfortunately I was fired from the company (HP Software Brazil) just because I did it. They said I was too danderous… in fact, some companies are not “hacker friendly” and have bosses with the minds of a few centuries ago. Fortunately the evolution will annihilate all them. ;-)

      1. I would not want RFID tags as a sole entry access method at all. They are terrible for access control, but decent for secondary authentication. It is just too easy to clone them on the fly. At least with physical keys you must have a quality picture or hands-on for several minutes. Of course there are hybrid options that take the best of both like Cliq.

        Among many other things I do lockpicking, safecracking, pentesting and the like. Most people freak out when they learn that. I have been advised to not tell people what I am capable of during interviews. Pretty sad when I have an IS degree and will be looking for work in that field soon. How am I to get a job securing things if everyone fears people that can secure things?

        1. Sorry but just no…
          lots of RFID actually used is completely broken and highly unsecure, like Mifare or most of the LF tags, but there’s quite a good variety of tag that you can’t just clone and that are highly secure…

          too bad, lots of people still use some broken old RFID technology for security…

    1. Good luck getting someone in company security to add the tag you bought online to the database. Most i have met are really stubborn about only adding the tags supplied by the security firm that installed the locks, but they don’t really care if you hack them up to fit inside wallets, phones, bracelets or whatever afterwards.

    1. I did a similar thing with a cheap reader and card set from one of them fantastic Chinese sites. Found the plastic cards came apart. My iPhone comes apart. Seemed like a logical jump to put the induction ring in the phone. My only complaint was that with a plastic case on the phone the reader wouldn’t register it. Just the glass back seemed to work fine on contact. Not sure how I’d increase the output to register through the plastic. Maybe I’ll change the resistor on the contact base to give it a bit more voltage.

      1. This is the peep waterboarding, fire breathing pony making, mind exploding water melons, craters in the alley, blow-up the earth, quad-copter battling, LVL1 hackerspace we’re talking about here. The worst I could do is start a trend :D

  3. FYI, phone cases do exist to achieve what you want. NFC (or Near Field Communication) has been around for awhile and is in a lot of Android phones already. Apple still hasn’t put NFC in their phones. However, NFC emulates the RFID protocol and allows you to use one chip for several different RFID tags (from Wikipedia: “NFC standards cover communications protocols and data exchange formats, and are based on existing radio-frequency identification (RFID) standards including ISO/IEC 14443 and FeliCa.”). NFC can be used for other things like sharing photos between your friends.

    One of a handful of iPhone cases which will read your RFID tags and rebroadcast them when you want: http://www.devifi.com/in2pay_icaisse_overview.html

    1. Most access systems use 125kHz RFID rather than the 13.56MHz for NFC. Also, card emulation is possible but doesn’t happen automatically on Android. My Samsung Ezon NFC lock won’t detect my Nexus 5 unless a card emulation app is running. This requires too many steps to be useful.

  4. Neat idea, but is this for his own (home?) office? If it’s for a regular office, won’t he have to return the card if he leaves the company? I know they can disable access for the card, but all companies I’ve worked for so far require that people turn in their badges as well when they leave the company. They wouldn’t be too pleased if someone turns in a chip and a coil antenna. (c:

    Personally, I wish companies give an option of using one’s phone, if it’s equipped with NFC, as one’s access card/device.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.