The swivelCard Kickstarter campaign recently received a lot of press coverage and makes some impressive claims as their goal is the development of USB and NFC business cards at a $3 unit price. While most USB-enabled business cards we featured on Hackaday were made of standard FR4, this particular card is made of paper as the project description states the team patented
a system for turning regular paper into a USB drive.
As you can guess this piqued our interest, as all paper based technologies we had seen until now mostly consisted of either printed PCBs or paper batteries. ‘Printing a USB drive on regular paper’ (as the video says) would therefore involve printing functional USB and NFC controllers.
Luckily enough a quick Google search for the patents shown in one of the pictures (patent1, patent2) taught us that a storage circuitry is embedded under the printed USB pads, which may imply that the team had an Application-Specific Integrated Circuit (ASIC) designed or that they simply found one they could use for their own purposes. From the video we learn that ‘each card has a unique ID and can individually be programmed’ (the card, not the UID) and that it can be setup to open any webpage URL. The latter can even be modified after the card has been handed out, hinting that the final recipient would go to a ‘www.swivelcard.com/XXXX” type of address. We therefore got confused by
Imagine giving your business card with pictures, videos, presentations, and websites for the recipient to interact with!
paragraph that the project description contains.
This leads us to one key question we have: what kind of USB drive can make a given user visit a particular website, given that he may have Linux, Windows, Mac or any other OS? They all have similar USB enumeration processes and different key strokes to launch a browser… our wild guess is that it may be detected as storage with a single html file in it. Unfortunately for us the USB detection process is not included in the video.
Our final question: Is it possible to embed both USB and NFC controllers in a thin piece of paper without worrying about broken ICs (see picture above)? NFC enabled passports have obviously been around for a long time but we couldn’t find the same for USB drives.
Possible or not, we would definitely love having one in our hands!
Edit: One of our kind readers pointed out that this campaign actually is a re-launch of a failed indiegogo one which provides more details about the technology and confirms our assumptions.
72 thoughts on “Ask Hackaday: Can Paper USB Business Cards Exist?”
Why not print a QR Code on the card?
Which company allows you to plug in any USB device someone gave to you anyway?
That is what I was wondering too. There aren’t a lot of big businesses that will allow that. And they shouldn’t. You’re infinitely more likely to get your point (whatever that may be, video, document, etc…) across with a QR code or just a url. And it won’t cost anymore than a normal business card. I do appreciate the coolness of this, but most corporations, from my experience, disallow this anyway.
If you bothered to RTFA, there are examples with a QR code.
Nobody knows what do do with a QR code anyway, so they’re a bit useless.
Well, then bit** at Google and Apple to make it part of 4.5 and 9. Seriously, this should be as transparent as typing a search into… uhm Google.com?
Seems great for a security consultant. You plug in the device and then it gives you a link to why they need to hire a security consultant because plugging in a USB device is dangerous. But do many people really know this?
or more detail:
> Our final question: Is it possible to embed both USB and NFC controllers in a thin
> piece of paper without worrying about broken ICs (see picture above)?
I would call it cardboard, not paper. The simple mechanics necessitate that it be at LEAST 1.2mm thick so when doubled over as pictured to insert it will be 2.4mm thick to fit into the USB slot, probably has to be slightly more since there’s no solder on the pads, 1.3, 1.4 mm even. It would be quite strong.
As for the technology – I have a whole Linux computer with 802.11N inside a fully functional SD Card (FlashAir), so I don’t think it’s really very difficult to slap a flash drive in a bit of cardboard. I think actually if you found one of those ultra small USB drives and pulled it apart, you could probably make one of these yourself.
I agree with your analysis. And it’s not like the card would need to survive hundreds, or even dozens of insertion cycles. Chances are it would only be used once, maybe twice. Should one occasionally fail to survive even that, no big deal. The USB bit is just an attention getting gimmick. Your website address is still printed on the card, for those truly interested in doing business with you.
“I have a whole Linux computer with 802.11N inside a fully functional SD Card”
My amazement that this is possible still hasn’t worn off. Miracles and wonders.
The first thing that popped into my mid was SIM card or stripped-down micro-SD card. Use some conductive silver ink, and you’ve got a reasonable concept.
The indiegogo page states: “Proprietary intelliPaper cardstock is half a millimeter thick”.
So they expect you to stick a 1mm thick male USB into the socket and make a proper electrical contact. I don’t know how that will work.
0.5mm paper is thick enough that when folded over double, unless you go nuts creasing the heck out of the fold, will presumably have enough spring action to make a fair contact.
The spring contacts are in the socket, not the plug (card in this case).
There’s a few things out there that’s not the full plug, everyone needs a few of these: http://www.buyincoins.com/item/11107.html for example.
Of course there are versions already with memory etc.
Not saying that it will, but from the image (no, I didn’t click through to the campain) it would appear that the way it is folded puts the contact area under a bit of tension. Still, not a reliable method of contact, but I could see it working. Maybe.
Looks like the company behind it has been selling them for a while (the company has existed since 2011 at least): https://www.intellipaper.info/technology/
The NFC part is also already common technology: http://uk.moo.com/nfc/
I’m sometimes amazed how well Kickstarter can still work as a marketing medium for existing products…
What’s wrong with this? There’s even Arduino clone soldered on a piece of paper, no wonder if someone flashed it with some sample USB or NFC sketch. I don’t see much problem in pure technical feasibility.
The problem isn’t hardware. It’s software. Can you even go from (insert USB peripheral) to (web page magic)?
…assuming you’re not running Win98 and all that idiocy…
on windows: you just have to register it as a keyboard, win+r = run, type whatever webpage you want to go to with www and enter. Opens in default browser.
I would assume it is possible that the usb devide knows what OS is has been registered to somehow to do specific commands for each.
For Windows, just create an autorun.inf file on the USB card, with the following config:
open = cmd /c start http://hackaday.com
To my knowledge, this is not an available feature in the secure *nix world (Autorun is a Microsoft creation that has caused a lot of security issues in the past.)
To add to your knowledge, it doesn’t work on Windows any more either.
Win7 & beyond have AutoRun off by default, XP & Vista were switched off via an update years ago.
The short answer is no. You can’t plug in a USB drive and presto, web browser launches and requests http://www.mysite.com. That hasn’t been a thing on any Win or *nix OS I know of for more than a decade.
Below, @Andreas has an interesting idea of having the USB device impersonate a keyboard to feed the attached OS the appropriate hot keys to launch the browser. That may work as long as the OS doesn’t require you to approve the addition of the USB impersonated keyboard.
Hak5 PaperDucky anyone? Or should we call it OrigamiDucky…
Someone forward Origami Ducky to hak5 on the double! It would be a glorious age when the robot overlords rise up and are vanquished by seemingly harmless fail passes.
It is pretty simple to get a computer with a known operating system to open a desired URL whenever you insert a USB device. It is merely a matter of letting said USB device impersonate a keyboard and enter a shortcut to open a URL. Having this happen cross platform is a bit trickier, but can probably be done by fingerprinting the operating systems response to different kinds of USB devices to determine whether Windows or Mac style shortcuts should be used. (Linux is probably another can of worms as you never know what kind of desktop environment that is in use, but you can always target say KDE, standard Gnome, and Unity and cover most of the use-cases.)
If you are interested in defending against this, make sure that random USB devices are not authorized to communicate with the system by default. (See http://www.irongeek.com/i.php?page=security/plug-and-prey-malicious-usb-devices for more information.)
Alt + F2. It works on Gnome, KDE and XFCE
On Unity too
CMD + space + safari + enter will get the spotlight helper in Apple OSX to launch Safari but I don’t know if you can reliably impersonate a keyboard without some sort of question & answer dialog. I think I’ll give it a try though.
I guess you’d have the device query the machine it’s attached to and spit out the appropriate keystrokes.
good catch, thanks!
Peaked? Really? I want to expect better of HaD, but you guys really need actual editors and writers.
Yeah, good job on correcting the spelling of someone who speaks English as a second language.
As for the editing, I took care of that eleven hours ago, but Mathieu’s autosave overwrote that. Shit happens, or stuff like that. Sorry I can’t be around to proofread everything as it goes live on the site.
Have you ever considered proofreading before it goes up on the site?
Ya’ll need to quit being asses about spelling and grammar. If ALL you pull out of a HAD article is a spelling error, you’re doing it wrong. I never notice errors because I actually read them for their content. Ya’ll should try that sometime.
Content? Often the summary is wrong as well.
HAD is a commercial operation, not some random kids blog, so they don’t get a free pass with the sloppy editing (plus claiming to be journalists, being degree qualified etc).
Posters, on the other hand, are entitled to be as wrong & sloppy as they like.
Brian’s right on this one. Mat and I were talking about this Kickstarter for a few hours while he was doing the write-up. I previewed the post both after Mat had written it and after Brian had edited it. Brian caught it and changed it to “piqued,” else I would have.
Sometimes things go wrong. In this instance, every effort was made in terms of editing. I’d say this is about as excusable as it gets in that regard.
At least it’s not the common: there, they’re, their …
Fishing for pitty just because english is your second language? cry me a river.
If I were trying accomplish this same feat, exactly as described, I would use a technique similar to what’s used in smart cards, All the electrical bits hidden directly under the contacts, embedded in a small pit carved out with a CNC machine. I work in the security industry, and I have seen RFID and NFC tokens of all sizes down to a square centimeter, so its not inconceivable that an RFID/NFC chip + coil could fit in the space provided. With every thing hidden under the contacts, and scoring the correct areas needed to make the fold, there is no reason in my mind this could not be accomplished with paper based media using existing smart card manufacturing technology.
On the other hand… It seems overly complicated. Simply using a business card sized, 2.4mm thick piece of plastic with existing smard card manufacturing techniques to imbed your USB chip and contact plus a simple die cutter to create a small removable piece at one end that the end user breaks off to allow the USB contacts to be inserted would be far easier to produce. It would probably be cheaper since smart cards generally sell for less than $3.
As far as loading up software via USB automatically without user interaction, one need only look to Sandisc and their line of USB thumb drives that load proprietary software that has the ability to install and run its own DLL files to fool the computer into thinking it has more HDD/optical drives than physically exist. Yes this generally only applies to windows based systems, but let’s be honest, with the current market being dominated by windows based machines, why bother worrying about Linux or Mac when the probability of your USB business card reaching a non windows machine is relatively low, especially in a corporate or business environment. Its a simple matter of ensuring the card is still readable as a standard USB storage device on non windows machines, thus enabling these systems to access the data stored if the user manually opens it.
One last note, I think it is a very bad idea to incorporate rewritable flash into the card. I can see far too many plausible scenarios were somebody adds malicious code after the the card is made or handed to a potential client or customer. It would be far safer to use WORM based flash and then write zeroes to any unused sectors to prevent later modifications.
If someone has sufficient physical access to your belongings that they can load malicious software on a business card *after* it was given to you, and *before* the one time you’re likely to use it, then they have other and better options available.
On the other hand, if you were to load your own business card with software that demonstrates an exploit in a harmless way, I could see that landing you some security related business or a job.
I didn’t mean somebody taking your card and modding it, I meant somebody who finds or is given one and modding it to do something malicious and then giving to somebody else or putting it back were they found it for its original owner to find. Besides, if you’ve ever been in an office were multiple people work and have their desks in the same room, which is not uncommon amongst lower level staff, then you would know that getting access to peoples personal space/items is a simple matter of waiting for them to leave the office for lunch, doing the deed, and replacing the card before they hot back. Besides I’ve been known to leave lots of business card in my desk drawers at work. Venders give them out like candy and I almost always toss them in a drawer.
The whole point of a gimmicky business card is to get you to check out the gimmick immediately. By the time it’s in a desk drawer, it is forgotten and never to be used again, making tampering with it pointless.
Your scenario might be a fun cliche in a movie. You know, the type where the villain leaves the hero unattended in some nefarious but ultimately escapable trap, when he had the opportunity to simply shoot him…
But this is real life. If you have access to their desk, you have access to their COMPUTER. Load the malicious software and leave. If that’s not feasible for some reason, I bet they have a standard memory stick laying around, which they will be far more likely to use than a business card.
In all honesty, that’s exactly how I would go about it. Load up some code on somebody elses storage device, put it back were I found it, and wait for the code to call home as soon the victim plugs in the storage device. saves me the trouble of trying to bypass security, and lets the victim do all the work for me. And if you want a prominent example of just such an occurrence, all you have to do is look up “Sony root kit” in Google. And if you assume nobody is dumb enough to use the effected DVDs your wrong, that particular root kit virus still turns up trying to call home all the time.
And maybe the USB business card isn’t the best target, but maybe that’s whats available. Lets be honest, you could leave it on the floor somewhere and some poor fool willing to shove anything into a computer just for the novelty of seeing if actually worked.
Haven’t we gotten beyond the point where we willingly shove anything in our USB port?
The whole point of tech business cards was to demonstrate skill. What image does this present?
I agree, I most certainly would not plug one of these in if some bloke I’ve only known for a few minutes to an hour just willy nilly tossed me one and suggested I plug it in on pure faith that he’s an honest guy.
No, I think if this takes off in any form they will be quickly banned in most medium to large business as a legitimate external threat to individual computers and internal networks alike. The terminals and PCs we use were I work already have the USB ports disabled for anything and everything. We literally use PS/2 keyboards and mice for every PC and terminal on property. Hell, even the DVD drives are disabled. Something like USB business cards would be handled in much the same way people handle hazardous waste and biological contaminants, thrown away, quarantined, or burned out of simple mistrust of the person handing it out.
Would this comply to USB specifications? I don’t think so. Also, I don’t like the fact that the contacts are exposed while its plugged in, increasing the risk of short circuit. I assume the spacing between the contacts and the contact themselves are all paper so I’d be scared that moisture sets in the card and shorts something.
It’s a cool idea, but at 3$ a piece, you’re not gonna buy a few hundreds to give to just about anybody, for them to reach a URL. If I was given one, I’d probably tear it apart and reach the guts before I would plug it in a computer. I hate carrying business cards around anyways, I either just enter the contact in my phone instead of leaving with the card or just take a picture and save the info later.
Why did they want 300 000$ on indiegogo but only 10 000$ on kickstarter? Like another user said , its seems its just disguised advertising.
There are many devices that connect via USB that don’t actually meet USB spec. USB devices are so ubiquitous that its virtually impossible to enforce any real physical standards, not that anyone ever really tried. In my days in the military, I used cables with some of the most bizzar connectors on them that actually turned out to be running a simple USB signal. My favorite was a five pin circular connector with a outer locking ring that worked the same way as a standard radio coax locking ring we used to connect our firing computers to our digital network radios. That connect or was so rugged it would literally pull the the whole ten pound radio out of its mount if you accidently pulled too hard on it.
My point is that USB should be looked as more of a signal standard rather than a physical port specification. All that matters is weather the connector your using cleanly passes on the signal. After that its really a matter of asthetics/usage requirements that determine what connector you end up using.
Why not simply buying a bunch of cheap 1GB USB drives to give away and store his stuff there? Not much more expensive and certainly more useful than a card with an ASIC. Personally I wouldn’t plug such a card in my computer with the possibility of frying a USB port.
Because that’s boring, might as well print a web address on a business card.
The info is unimportant, it’s a gimmick that gets you remembered (and rapidly passes it’s use-by date when everyone does it).
Using a QR code (as previously mentioned) is pointless because no-one uses them (ya gotta install an app yada yada), NFC just as useless as it’s not widespread (iPhone etc) and who has a non-phone reader?
My current card is laser etched glass, I make similar things for friends.
Thinking about it, it’s basically an update on the old ‘Business Card CD’: http://www.wizbit.net/cd-duplication/business-card-cds/
Huh, you can get DVD’s in that format too. The things you learn.
I’m guessing the mfgr’s stopped making 1Gb USB sticks a long time ago (last month?)
for the very reason that there is no profit left in making them.
They still make them for exactly this reason – promo stuff.
‘Amazingly’, I found a 32-GB USB 2.0 drive for around $10 on N**E** that tested to actually have that rated capacity (well, 31GB + wear leveling/bad sector substitutes) and it’s the size… of a USB Bluetooth dongle. In other words, less than 2 millimeters past the plug. It might as well have been micro-USB! I haven’t broke it down yet, but I bet they used something like QFN and placed it under the insulator part of the plug that the 4 pins sit on. Amazingly, you will find 128MB USB drives for sale, still.
There are some of those really tiny USB drives that have a Micro SD inserted between the USB contacts and the outside of the connector shell. Some have a notch in the shield so you can pull the card out and swap in another, or you can buy the adapter without a card.
I have a Verbatim 4GB one. The card seems to be glued in or there’s just not enough give to get anything between it and the metal to pull it out.
Dunno if the width of the Micro SD was intentionally made to exactly fit inside a Type A USB plug or if it’s a happy coincidence.
This one uses a Cypress USB controller. I read this news article some time ago.
Yes they can, if your company is stupid enough to be willing to plug in a random USB device
Hell where i work they have to supply us with usb dongles we cant even use our own!
why does your company leave precious corporate assets on your internally accessible network? would be the more pertinent question. So REALLY their primary point of defense is to tell people “don’t do this” ? bail now before they blame you for something
Too bad java was such a failure
The original idea of java was that one could put code on devices like this and have it run anywhere.
A big thanks to Microsoft for killing off java and replacing it with something far far less portable,
While uSoft did considerable damage to the growth of Java, Java is still more popular than Visual Basic or C#. Java’s not dead (yet)
If Java was as popular as you think, you wouldn’t need to say “it’s not dead yet!”.
Flash, RealAudio, Napster, IE 6, Windows 98, non-BSD and 68K Macs, Analog cell phones… The phrase “This too shall pass.” comes to mind.
Regarding the quote “Imagine giving your business card with pictures, videos, presentations, and websites for the recipient to interact with!”, I see nothing in that sentence that suggests that when inserted, anything automatic occurs with regard to launching a browser on a web sites. The web site to interact with could be nothing more than a cached web site stored in flash with a name like “click-me.html”.
I supported the Agic Silver Ink pen on kickstarter and they delivered it with ‘USB business cards’ which are literally just glossy photo paper. You fold over the end to make it a bit thicker.
Look at that subtle off-white coloring. The tasteful thickness of it. Oh my God, it even has a watermark.
Do you like Phil Collins?
Wow, policy busting random usbs and quaint paper biz cards – there’s a combo that nobody wants.
Great way to feature those questionable kickstarters!
I really wanted to make a business card like this when I was finishing my art degree and was looking for creative ways to distribute my portfolio. Ended up abandoning the idea for all the reasons listed ..
I have a friend that works at the company, and he’s given me several of the sample USB cards. They are pretty cool, but I am still dubious about the concept of plugging a random USB stick into your computer.
Stocking the new innovative Invisi-Gard 316 marine grade stainless
steel Security & the far more affordable 7mm Security,
Coastwide as well provide a great deal of window
dressings including the very Well-known Roller Blind, Verticals, Venetians and Timber Blinds along with an array of awnings for your outdoor entertainment areas.
They give your home personality, and they act as a conduit of visual information to and from the
outside world. Revamping your home by replacing old furniture with a new
one is a good example.
Please be kind and respectful to help make the comments section excellent. (Comment Policy)