Ask Hackaday: Can Paper USB Business Cards Exist?

swivel business card

The swivelCard Kickstarter campaign recently received a lot of press coverage and makes some impressive claims as their goal is the development of USB and NFC business cards at a $3 unit price. While most USB-enabled business cards we featured on Hackaday were made of standard FR4, this particular card is made of paper as the project description states the team patented

a system for turning regular paper into a USB drive.

As you can guess this piqued our interest, as all paper based technologies we had seen until now mostly consisted of either printed PCBs or paper batteries. ‘Printing a USB drive on regular paper’ (as the video says) would therefore involve printing functional USB and NFC controllers.

Luckily enough a quick Google search for the patents shown in one of the pictures (patent1, patent2) taught us that a storage circuitry is embedded under the printed USB pads, which may imply that the team had an Application-Specific Integrated Circuit (ASIC) designed or that they simply found one they could use for their own purposes. From the video we learn that ‘each card has a unique ID and can individually be programmed’ (the card, not the UID) and that it can be setup to open any webpage URL. The latter can even be modified after the card has been handed out, hinting that the final recipient would go to a ‘www.swivelcard.com/XXXX” type of address. We therefore got confused by

Imagine giving your business card with pictures, videos, presentations, and websites for the recipient to interact with!

paragraph that the project description contains.

This leads us to one key question we have: what kind of USB drive can make a given user visit a particular website, given that he may have Linux, Windows, Mac or any other OS? They all have similar USB enumeration processes and different key strokes to launch a browser… our wild guess is that it may be detected as storage with a single html file in it. Unfortunately for us the USB detection process is not included in the video.

Our final question: Is it possible to embed both USB and NFC controllers in a thin piece of paper without worrying about broken ICs (see picture above)? NFC enabled passports have obviously been around for a long time but we couldn’t find the same for USB drives.

Possible or not, we would definitely love having one in our hands!

Edit: One of our kind readers pointed out that this campaign actually is a re-launch of a failed indiegogo one which provides more details about the technology and confirms our assumptions.

Comments

  1. Robert says:

    Why not print a QR Code on the card?
    Which company allows you to plug in any USB device someone gave to you anyway?

  2. James says:

    > Our final question: Is it possible to embed both USB and NFC controllers in a thin
    > piece of paper without worrying about broken ICs (see picture above)?

    I would call it cardboard, not paper. The simple mechanics necessitate that it be at LEAST 1.2mm thick so when doubled over as pictured to insert it will be 2.4mm thick to fit into the USB slot, probably has to be slightly more since there’s no solder on the pads, 1.3, 1.4 mm even. It would be quite strong.

    As for the technology – I have a whole Linux computer with 802.11N inside a fully functional SD Card (FlashAir), so I don’t think it’s really very difficult to slap a flash drive in a bit of cardboard. I think actually if you found one of those ultra small USB drives and pulled it apart, you could probably make one of these yourself.

    • Chris C. says:

      I agree with your analysis. And it’s not like the card would need to survive hundreds, or even dozens of insertion cycles. Chances are it would only be used once, maybe twice. Should one occasionally fail to survive even that, no big deal. The USB bit is just an attention getting gimmick. Your website address is still printed on the card, for those truly interested in doing business with you.

      “I have a whole Linux computer with 802.11N inside a fully functional SD Card”

      My amazement that this is possible still hasn’t worn off. Miracles and wonders.

    • That One Guy says:

      The first thing that popped into my mid was SIM card or stripped-down micro-SD card. Use some conductive silver ink, and you’ve got a reasonable concept.

    • Sanjay says:

      The indiegogo page states: “Proprietary intelliPaper cardstock is half a millimeter thick”.

      So they expect you to stick a 1mm thick male USB into the socket and make a proper electrical contact. I don’t know how that will work.

  3. janekmann says:

    Looks like the company behind it has been selling them for a while (the company has existed since 2011 at least): https://www.intellipaper.info/technology/

    https://www.intellipaper.info/products-page/

    The NFC part is also already common technology: http://uk.moo.com/nfc/

    I’m sometimes amazed how well Kickstarter can still work as a marketing medium for existing products…

  4. numpad0 says:

    What’s wrong with this? There’s even Arduino clone soldered on a piece of paper, no wonder if someone flashed it with some sample USB or NFC sketch. I don’t see much problem in pure technical feasibility.

    • The problem isn’t hardware. It’s software. Can you even go from (insert USB peripheral) to (web page magic)?

      …assuming you’re not running Win98 and all that idiocy…

      • Bogdan says:

        on windows: you just have to register it as a keyboard, win+r = run, type whatever webpage you want to go to with www and enter. Opens in default browser.
        I would assume it is possible that the usb devide knows what OS is has been registered to somehow to do specific commands for each.

      • supershwa says:

        For Windows, just create an autorun.inf file on the USB card, with the following config:

        [autorun]
        open = cmd /c start http://hackaday.com

        To my knowledge, this is not an available feature in the secure *nix world (Autorun is a Microsoft creation that has caused a lot of security issues in the past.)

        • Tony says:

          To add to your knowledge, it doesn’t work on Windows any more either.

          Win7 & beyond have AutoRun off by default, XP & Vista were switched off via an update years ago.

      • awasson says:

        The short answer is no. You can’t plug in a USB drive and presto, web browser launches and requests http://www.mysite.com. That hasn’t been a thing on any Win or *nix OS I know of for more than a decade.

        • awasson says:

          Update:
          Below, @Andreas has an interesting idea of having the USB device impersonate a keyboard to feed the attached OS the appropriate hot keys to launch the browser. That may work as long as the OS doesn’t require you to approve the addition of the USB impersonated keyboard.

  5. DigiGram says:

    Hak5 PaperDucky anyone? Or should we call it OrigamiDucky…

    • default_ex says:

      Someone forward Origami Ducky to hak5 on the double! It would be a glorious age when the robot overlords rise up and are vanquished by seemingly harmless fail passes.

  6. Andreas says:

    It is pretty simple to get a computer with a known operating system to open a desired URL whenever you insert a USB device. It is merely a matter of letting said USB device impersonate a keyboard and enter a shortcut to open a URL. Having this happen cross platform is a bit trickier, but can probably be done by fingerprinting the operating systems response to different kinds of USB devices to determine whether Windows or Mac style shortcuts should be used. (Linux is probably another can of worms as you never know what kind of desktop environment that is in use, but you can always target say KDE, standard Gnome, and Unity and cover most of the use-cases.)

    If you are interested in defending against this, make sure that random USB devices are not authorized to communicate with the system by default. (See http://www.irongeek.com/i.php?page=security/plug-and-prey-malicious-usb-devices for more information.)

  7. Tyler says:

    The capabilities and functionality details explain how the card works, they indicate it is a read only USB drive with a html page on it that uses javascript to direct users on to the intended webpage.

  8. Garrett says:

    Peaked? Really? I want to expect better of HaD, but you guys really need actual editors and writers.

  9. jack324 says:

    If I were trying accomplish this same feat, exactly as described, I would use a technique similar to what’s used in smart cards, All the electrical bits hidden directly under the contacts, embedded in a small pit carved out with a CNC machine. I work in the security industry, and I have seen RFID and NFC tokens of all sizes down to a square centimeter, so its not inconceivable that an RFID/NFC chip + coil could fit in the space provided. With every thing hidden under the contacts, and scoring the correct areas needed to make the fold, there is no reason in my mind this could not be accomplished with paper based media using existing smart card manufacturing technology.

    On the other hand… It seems overly complicated. Simply using a business card sized, 2.4mm thick piece of plastic with existing smard card manufacturing techniques to imbed your USB chip and contact plus a simple die cutter to create a small removable piece at one end that the end user breaks off to allow the USB contacts to be inserted would be far easier to produce. It would probably be cheaper since smart cards generally sell for less than $3.

    As far as loading up software via USB automatically without user interaction, one need only look to Sandisc and their line of USB thumb drives that load proprietary software that has the ability to install and run its own DLL files to fool the computer into thinking it has more HDD/optical drives than physically exist. Yes this generally only applies to windows based systems, but let’s be honest, with the current market being dominated by windows based machines, why bother worrying about Linux or Mac when the probability of your USB business card reaching a non windows machine is relatively low, especially in a corporate or business environment. Its a simple matter of ensuring the card is still readable as a standard USB storage device on non windows machines, thus enabling these systems to access the data stored if the user manually opens it.

    One last note, I think it is a very bad idea to incorporate rewritable flash into the card. I can see far too many plausible scenarios were somebody adds malicious code after the the card is made or handed to a potential client or customer. It would be far safer to use WORM based flash and then write zeroes to any unused sectors to prevent later modifications.

    • Chris C. says:

      If someone has sufficient physical access to your belongings that they can load malicious software on a business card *after* it was given to you, and *before* the one time you’re likely to use it, then they have other and better options available.

      On the other hand, if you were to load your own business card with software that demonstrates an exploit in a harmless way, I could see that landing you some security related business or a job.

      • jack324 says:

        I didn’t mean somebody taking your card and modding it, I meant somebody who finds or is given one and modding it to do something malicious and then giving to somebody else or putting it back were they found it for its original owner to find. Besides, if you’ve ever been in an office were multiple people work and have their desks in the same room, which is not uncommon amongst lower level staff, then you would know that getting access to peoples personal space/items is a simple matter of waiting for them to leave the office for lunch, doing the deed, and replacing the card before they hot back. Besides I’ve been known to leave lots of business card in my desk drawers at work. Venders give them out like candy and I almost always toss them in a drawer.

        • Chris C. says:

          The whole point of a gimmicky business card is to get you to check out the gimmick immediately. By the time it’s in a desk drawer, it is forgotten and never to be used again, making tampering with it pointless.

          Your scenario might be a fun cliche in a movie. You know, the type where the villain leaves the hero unattended in some nefarious but ultimately escapable trap, when he had the opportunity to simply shoot him…

          But this is real life. If you have access to their desk, you have access to their COMPUTER. Load the malicious software and leave. If that’s not feasible for some reason, I bet they have a standard memory stick laying around, which they will be far more likely to use than a business card.

          • jack324 says:

            In all honesty, that’s exactly how I would go about it. Load up some code on somebody elses storage device, put it back were I found it, and wait for the code to call home as soon the victim plugs in the storage device. saves me the trouble of trying to bypass security, and lets the victim do all the work for me. And if you want a prominent example of just such an occurrence, all you have to do is look up “Sony root kit” in Google. And if you assume nobody is dumb enough to use the effected DVDs your wrong, that particular root kit virus still turns up trying to call home all the time.

            And maybe the USB business card isn’t the best target, but maybe that’s whats available. Lets be honest, you could leave it on the floor somewhere and some poor fool willing to shove anything into a computer just for the novelty of seeing if actually worked.

  10. RandyKC says:

    Haven’t we gotten beyond the point where we willingly shove anything in our USB port?
    The whole point of tech business cards was to demonstrate skill. What image does this present?

    • jack324 says:

      I agree, I most certainly would not plug one of these in if some bloke I’ve only known for a few minutes to an hour just willy nilly tossed me one and suggested I plug it in on pure faith that he’s an honest guy.

      No, I think if this takes off in any form they will be quickly banned in most medium to large business as a legitimate external threat to individual computers and internal networks alike. The terminals and PCs we use were I work already have the USB ports disabled for anything and everything. We literally use PS/2 keyboards and mice for every PC and terminal on property. Hell, even the DVD drives are disabled. Something like USB business cards would be handled in much the same way people handle hazardous waste and biological contaminants, thrown away, quarantined, or burned out of simple mistrust of the person handing it out.

  11. Dude Love says:

    Would this comply to USB specifications? I don’t think so. Also, I don’t like the fact that the contacts are exposed while its plugged in, increasing the risk of short circuit. I assume the spacing between the contacts and the contact themselves are all paper so I’d be scared that moisture sets in the card and shorts something.

    It’s a cool idea, but at 3$ a piece, you’re not gonna buy a few hundreds to give to just about anybody, for them to reach a URL. If I was given one, I’d probably tear it apart and reach the guts before I would plug it in a computer. I hate carrying business cards around anyways, I either just enter the contact in my phone instead of leaving with the card or just take a picture and save the info later.

    Why did they want 300 000$ on indiegogo but only 10 000$ on kickstarter? Like another user said , its seems its just disguised advertising.

    • jack324 says:

      There are many devices that connect via USB that don’t actually meet USB spec. USB devices are so ubiquitous that its virtually impossible to enforce any real physical standards, not that anyone ever really tried. In my days in the military, I used cables with some of the most bizzar connectors on them that actually turned out to be running a simple USB signal. My favorite was a five pin circular connector with a outer locking ring that worked the same way as a standard radio coax locking ring we used to connect our firing computers to our digital network radios. That connect or was so rugged it would literally pull the the whole ten pound radio out of its mount if you accidently pulled too hard on it.

      My point is that USB should be looked as more of a signal standard rather than a physical port specification. All that matters is weather the connector your using cleanly passes on the signal. After that its really a matter of asthetics/usage requirements that determine what connector you end up using.

  12. Gerd says:

    Why not simply buying a bunch of cheap 1GB USB drives to give away and store his stuff there? Not much more expensive and certainly more useful than a card with an ASIC. Personally I wouldn’t plug such a card in my computer with the possibility of frying a USB port.

    • Tony says:

      Because that’s boring, might as well print a web address on a business card.

      The info is unimportant, it’s a gimmick that gets you remembered (and rapidly passes it’s use-by date when everyone does it).

      Using a QR code (as previously mentioned) is pointless because no-one uses them (ya gotta install an app yada yada), NFC just as useless as it’s not widespread (iPhone etc) and who has a non-phone reader?

      My current card is laser etched glass, I make similar things for friends.

    • Tony says:

      Thinking about it, it’s basically an update on the old ‘Business Card CD': http://www.wizbit.net/cd-duplication/business-card-cds/

      Huh, you can get DVD’s in that format too. The things you learn.

    • Ren says:

      I’m guessing the mfgr’s stopped making 1Gb USB sticks a long time ago (last month?)
      for the very reason that there is no profit left in making them.

      • Tony says:

        They still make them for exactly this reason – promo stuff.

        • Joe2 says:

          ‘Amazingly’, I found a 32-GB USB 2.0 drive for around $10 on N**E** that tested to actually have that rated capacity (well, 31GB + wear leveling/bad sector substitutes) and it’s the size… of a USB Bluetooth dongle. In other words, less than 2 millimeters past the plug. It might as well have been micro-USB! I haven’t broke it down yet, but I bet they used something like QFN and placed it under the insulator part of the plug that the 4 pins sit on. Amazingly, you will find 128MB USB drives for sale, still.

          • Galane says:

            There are some of those really tiny USB drives that have a Micro SD inserted between the USB contacts and the outside of the connector shell. Some have a notch in the shield so you can pull the card out and swap in another, or you can buy the adapter without a card.

            I have a Verbatim 4GB one. The card seems to be glued in or there’s just not enough give to get anything between it and the metal to pull it out.

            Dunno if the width of the Micro SD was intentionally made to exactly fit inside a Type A USB plug or if it’s a happy coincidence.

  13. N3RD_A2Z says:

    This one uses a Cypress USB controller. I read this news article some time ago.

    http://www.cypress.com/?rID=94593

  14. onebiozz says:

    Yes they can, if your company is stupid enough to be willing to plug in a random USB device
    Hell where i work they have to supply us with usb dongles we cant even use our own!

    • F says:

      why does your company leave precious corporate assets on your internally accessible network? would be the more pertinent question. So REALLY their primary point of defense is to tell people “don’t do this” ? bail now before they blame you for something

  15. F says:

    Too bad java was such a failure

    The original idea of java was that one could put code on devices like this and have it run anywhere.

    A big thanks to Microsoft for killing off java and replacing it with something far far less portable,

  16. Regarding the quote “Imagine giving your business card with pictures, videos, presentations, and websites for the recipient to interact with!”, I see nothing in that sentence that suggests that when inserted, anything automatic occurs with regard to launching a browser on a web sites. The web site to interact with could be nothing more than a cached web site stored in flash with a name like “click-me.html”.

  17. StinkySteve says:

    I supported the Agic Silver Ink pen on kickstarter and they delivered it with ‘USB business cards’ which are literally just glossy photo paper. You fold over the end to make it a bit thicker.

  18. P.Bateman says:

    Look at that subtle off-white coloring. The tasteful thickness of it. Oh my God, it even has a watermark.

  19. vonskippy says:

    Wow, policy busting random usbs and quaint paper biz cards – there’s a combo that nobody wants.

  20. Ian Hanschen says:

    Great way to feature those questionable kickstarters!

  21. Asanthai says:

    I really wanted to make a business card like this when I was finishing my art degree and was looking for creative ways to distribute my portfolio. Ended up abandoning the idea for all the reasons listed ..

  22. shellster says:

    I have a friend that works at the company, and he’s given me several of the sample USB cards. They are pretty cool, but I am still dubious about the concept of plugging a random USB stick into your computer.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 93,534 other followers