BwoZoo22
DIS Veteran
- Joined
- Aug 12, 2013
MagicBands Can Be Read By NFC Enabled Phones
- Thread starter PirateFuzzball
- Start date
anthony2k7
DIS Veteran
- Joined
- Jan 4, 2007
I thought purchases under a certain amount were not going to need a pin? Even if someone could easily charge their numerous bottles of water/coke to someone elses band would soon add up over a few days! Whats a bottle of drink now $3? say for a family of 4 drinking two bottles each a day, so 8 bottles a day over a 7 day trip = $168
Regardless, hotel room security still seems the biggest issue to me.
Disco
Hail Eris!
- Joined
- Jul 16, 2009
You still have to do the finger print scan when you enter the park? I thought the new RF lines let you just walk in?
rock_doctor
DIS Veteran
- Joined
- Apr 6, 2009
I just hope Disney actually uses the RFID system for more then just to save you from having to take out your credit card or room key. Personally, the dump of data shown is not what is contained on the magic band but only the band saying hello this is who i am.
someplace else i read that while the cards also have this nfc, that the bands also contain a battery and bluetooth chip. That's why they can communicate at a distance.
not sure if i'm linking correctly but this is the FCC filing:
https://apps.fcc.gov/oetcf/eas/repo...alledFromFrame=N&application_id=427834&fcc_id
and here's a list of bluetooth channels showing that the bands operate on bluetooth channels 1 through ~74
http://www.spectrumwiki.com/wiki/DisplayEntry.aspx?DisplyId=127
from the disney filing:
I don't think it's bluetooth, I think it's 2 types of NFC, Short range and long range. The short range can be powered by the reading device, and the battery is to power the long range NFC, which can be read at about 20 feet or so.
to be honest- no idea if the long range is bluetooth or just some proprietary thing using the bluetooth frequencies.
I dont know if BT has those particular frequencies set aside or anything like that.
But I'm pretty sure that NFC is a "standard" like bluetooth and so they can't be transmitting high power and still be NFC or transmitting on the 'wrong' bands and still be NFC. It could be a disney NFC-like protocol but it wouldn't be NFC then.
My guess would be since they bothered to use the NFC standard for the short range that they are using the bluetooth standard in some capacity. My guess is that they used the NFC standard in order to take advantage of economies of scale with components rather than something proprietary. So if they did that with NFC than why not with the higher transmission power end and pick a standard like BT? Seems they might be using something like Bluetooth LE's (I think AKA BT 4.0) proximity profile or something like it.
But all just my guess to be honest. So who knows what the high powered bit is.
We're going in December- you can be pretty sure that if i have time when i get home i'll be ripping into my band to see if there are any discernable markings on the chips.
Room charges require a PIN number to be entered at POS.
I doubt that the PIN would be on the RFID even encrypted.
Both. But there are two RFID scanners per station now so if the guy ahead of you has problems, just step around and use the other station. It goes MUCH faster.
ya know- it just hit me that since the magic bands are just off the shelf NFC, there's no reason they couldn't use your phones NFC too. They could just link your phone to your account like its a magic band or a card too and you could use that.
As an example- coke will load a "my coke rewards loyalty card" into your isis mobile wallet on your phone. Then you can "spent" your my coke rewards on NFC equipped coke machines alongside with paying with credit cards.
Disney could just hook up with isis (or google, or whoever winds up owning the cell phone wallet...)- and load a "my disney rewards card" onto your phone wallet and then no need for a pass, kttw card, photopass, or fastpass card.
There's even a small chance that newer phones that have bluetooth 4.0/LE could behave like a magic band with a little tweaking of the MDE app.
Why waste money on hardware when your customers will pick up the cost for free? Especially since your already building a paradigm where they will use their smartphone in your parks all day long.
disney is the borg and soon will be taking over our phones.
As an example- coke will load a "my coke rewards loyalty card" into your isis mobile wallet on your phone. Then you can "spent" your my coke rewards on NFC equipped coke machines alongside with paying with credit cards.
Disney could just hook up with isis (or google, or whoever winds up owning the cell phone wallet...)- and load a "my disney rewards card" onto your phone wallet and then no need for a pass, kttw card, photopass, or fastpass card.
There's even a small chance that newer phones that have bluetooth 4.0/LE could behave like a magic band with a little tweaking of the MDE app.
Why waste money on hardware when your customers will pick up the cost for free? Especially since your already building a paradigm where they will use their smartphone in your parks all day long.
disney is the borg and soon will be taking over our phones.
Tinkerdreams
Disney Princess
- Joined
- Sep 8, 2007
ya know- it just hit me that since the magic bands are just off the shelf NFC, there's no reason they couldn't use your phones NFC too. They could just link your phone to your account like its a magic band or a card too and you could use that.
As an example- coke will load a "my coke rewards loyalty card" into your isis mobile wallet on your phone. Then you can "spent" your my coke rewards on NFC equipped coke machines alongside with paying with credit cards.
Disney could just hook up with isis (or google, or whoever winds up owning the cell phone wallet...)- and load a "my disney rewards card" onto your phone wallet and then no need for a pass, kttw card, photopass, or fastpass card.
There's even a small chance that newer phones that have bluetooth 4.0/LE could behave like a magic band with a little tweaking of the MDE app.
Why waste money on hardware when your customers will pick up the cost for free? Especially since your already building a paradigm where they will use their smartphone in your parks all day long.
disney is the borg and soon will be taking over our phones.
You obviously don't know my family, they're constantly losing their phones. Last 2 trips to Disney, they have lost a phone.
You obviously don't know my family, they're constantly losing their phones. Last 2 trips to Disney, they have lost a phone.
laughing-
but with the disney app- THEY will know where it is every second- lol.
rock_doctor
DIS Veteran
- Joined
- Apr 6, 2009
Ultimately this is the goal of the technology. This already common place over seas where you cell phone basically also acts as your credit card allowing you to buy goods with a simple connection to the phone (may be a text or NFC to the vending machine). The item is then charged to your phone bill. This is the future...
I'm not sold personally that it's all that wonderful for payment on a cell phone. The goal might not be achievable with the current setup in the US.
ATT/Tmobile/Verizon have their ISIS system. They wont let google wallet exist on their phones. I've been playing a little with ISIS since i have verizon. And honestly it's easier for me to pull my wallet out and use my credit card to pay then to pull out my phone, open the app, enter my pin, hit the enable nfc payments button, and select which card to use. I wish my credit cards had NFC as tapping is quicker than swiping, but seems they are going backwards with that in the US. My older AMEX cards seemed to have that but the new ones dont and i'm just starting to see the readers become the norm at the stores.
BUT for loyalty cards to me it's a lot easier than carrying a stack of cards in my wallet or using one of those apps on my phone. I've had a mycokereards account for years and never used it, now with it on in my ISIS wallet, I use it all the time because i can redeem at a coke machine nice and easy.
So for something like a disney ticket, i just might use my cell and NFC, especially since it seems like i probably will have the app already running and doing it's thing on my phone in the parks anyway.
But phone Payment in general, I'm not sold, yet....
- Joined
- Feb 11, 2007
The DESFire chip is just one of the chips in the thing. There are two passive RFID chips for two different frequencies (one HF, the DESfire chip, at 13.something MHz, the other at UHF frequencies, not sure the specs), plus a 2.4GHz active transmitter.
FYI, my Samsung G3 reads the chips in the APs and KTTW cards as well.
Also, just because the DESFire chip supports encryption, doesn't mean it is used.
He'd also need to generate a magnetic field strong enough to reach that distance and can induce the energy in the circuit of the chip to transmit, unless he's stalking around one of the touchpoints. The chip is designed to work at 10cm or less.
That's the active transmitter part. It (presumably) has a completely different ID than the passive section, so even knowing it doesn't get you anywhere.
All purchases require a PIN. The original plan had it only being required for $50 or more, but the concerns appear to have changed that.
Hotel room security is probably the most valid concern, but someone would need to know your resort and room number...if someone starts scanning an ID on every room, red flags should be going up and locking out the card/band.
Yes, the finger scan is still required. It's still how they verify it is yours.
NFS can be a somewhat nebulous term, but NFC stands for "Near Field Communication". The specs for it generally limit it to about 20-30cm at most.
The "long range" part is an active battery powered transmitter working in the 2.4GHz band, where Wi-Fi and Bluetooth live. I don't know if it qualifies as a Bluetooth device (it is unidirectional), but the output power limits it to about 9-15 feet. It is intended to trigger some experiences without explicit use - the common example is a princess knowing your child's name without having to ask.
But keep in mind about most of the privacy concerns - there is NO personal information on the bands, just an ID string (and more than one of those). They can't link it to you without access to Disney's computers. At best, they might be able to use your Fastpass+...
FYI, my Samsung G3 reads the chips in the APs and KTTW cards as well.
Also, just because the DESFire chip supports encryption, doesn't mean it is used.
He'd also need to generate a magnetic field strong enough to reach that distance and can induce the energy in the circuit of the chip to transmit, unless he's stalking around one of the touchpoints. The chip is designed to work at 10cm or less.
That's the active transmitter part. It (presumably) has a completely different ID than the passive section, so even knowing it doesn't get you anywhere.
All purchases require a PIN. The original plan had it only being required for $50 or more, but the concerns appear to have changed that.
Hotel room security is probably the most valid concern, but someone would need to know your resort and room number...if someone starts scanning an ID on every room, red flags should be going up and locking out the card/band.
Yes, the finger scan is still required. It's still how they verify it is yours.
NFS can be a somewhat nebulous term, but NFC stands for "Near Field Communication". The specs for it generally limit it to about 20-30cm at most.
The "long range" part is an active battery powered transmitter working in the 2.4GHz band, where Wi-Fi and Bluetooth live. I don't know if it qualifies as a Bluetooth device (it is unidirectional), but the output power limits it to about 9-15 feet. It is intended to trigger some experiences without explicit use - the common example is a princess knowing your child's name without having to ask.
But keep in mind about most of the privacy concerns - there is NO personal information on the bands, just an ID string (and more than one of those). They can't link it to you without access to Disney's computers. At best, they might be able to use your Fastpass+...
BuzzBelleMom
DIS Veteran
- Joined
- Jul 13, 2006
This whole thread has piqued my interest - love hearing about all the possibilities.
anthony2k7
DIS Veteran
- Joined
- Jan 4, 2007
But if one was to hang around the hotel for a while and follow a guest to their room whenever you successfully read their band, a determined thief could easily compile a list of rooms and valid band ID's to hit later, and then hit them later and still be gone before disney security notice whats going on.
- Joined
- Feb 11, 2007
True. And this is a concern even without the magicbands, since ALL the key locks are RFID.
There ARE various security features of RFID that can be enabled, such as the DES encryption available on the chip mentioned. If they are at least using that as well, then it might be more secure...I have not looked into the state of the art for that level of chips and how they are used yet.
Of course, no system is perfect.
Share this page
-
Signage Revealed for Pixar Fest Marketplaces at Disneyland
-
Limited Time Offer: Discounted DVC Rentals!
-
See the 'Pixar Pals Playtime Party' Celebration at Disneyland
-
Together Forever - A Pixar Nighttime Spectacular Pixar Fest 2024 Fireworks
-
New Behind-the-Scenes Experience Coming to Cirque du Soleil at Disney Springs
GET A DISNEY VACATION QUOTE
Dreams Unlimited Travel is committed to providing you with the very best vacation planning experience possible. Our Vacation Planners are experts and will share their honest advice to help you have a magical vacation.
Let us help you with your next Disney Vacation!
Dreams Unlimited Travel is committed to providing you with the very best vacation planning experience possible. Our Vacation Planners are experts and will share their honest advice to help you have a magical vacation.
Let us help you with your next Disney Vacation!
