Sound-Based System Promises Chipless Phone Payment

CWmike writes "While near-field communication gradually emerges to turn mobile phones into payment devices, startup Naratte is introducing a system it claims can do roughly the same thing without adding a chip to the handset. On Monday, Naratte introduced Zoosh, a technology that lets phones exchange transaction information via inaudible sound waves. As with NFC, the phone user would just put the phone near to a point-of-sale terminal to redeem a coupon or make a purchase. NFC provides short-range radio communication between phones and point-of-sale devices so users can just tap or point their phones at the device to make a purchase. NFC uses specialized chips, which are already built into a few phones such as the Google Nexus S sold by Sprint Nextel, and are expected in more handsets in the future. Zoosh involves software that utilizes the speaker and microphone in a handset to send and receive audio signals with another device, similar to the way early modems exchange data by sending tones through the handsets of desk phones cradled in coupler devices. The company has posted a video that shows how it works. Between this and barcodes (which Starbucks says is working well already, thank you very much), is NFC already irrelevant?"

Inaudible to people, perhaps..

[intellitech]

But I bet a microphone could still pick it up..

And, on a side note, this is oddly reminiscent of Phreaking.. Payments with tones and all.. even if they are "inaudible."

Re:Inaudible to people, perhaps..

[gehrehmee]

Doesn't mean replaying it would get you anything, if it's cryptographically sound.

Re:Inaudible to people, perhaps..

[c0lo]

But I bet a microphone could still pick it up..

I don't know... might work better than radio waves - the attenuation of RF in air might not beat the attenuation of sound waves. The higher the frequency, the higher the attenuation of the ultrasound in air (dry air: 0.6 dB/m at 50 kHz, 1.8 dB/m at 100 kHz). Add some directional elements, use a small emitting power and what's not in direct line of emission might be drowned by noise at a distance of 0.1-1m.

And, on a side note, this is oddly reminiscent of Phreaking

Hmmm... yes, but I think in this case the danger will come from rogue bats flying around that pay terminal (hold you fire, it's just a lame joke)

Re:Inaudible to people, perhaps..

[dbIII]

Doesn't mean replaying it would get you anything, if it's cryptographically sound.

It had better be. We don't want any chipless phishing.

Re:Inaudible to people, perhaps..

[adolf]

dry air: 0.6 dB/m at 50 kHz, 1.8 dB/m at 100 kHz

No. Sound is not so linear as that. You cannot take a chart that says sound is attenuated by 1800dB at 1km and simply divide by 1000 to get the attenuation at 1m.

Remember inverse-square law: Check it out. (And more here.)

All that aside: The simplified rule of thumb for sound at audible frequencies, for a spherical waveform (such as that emitted by a phone), is that sound falls off at a rate of 6dB for each doubling of distance.

So, if you're making noise that measures 80dB@10cm, you get the following results at these increasing distances:

74dB@20cm
68dB@40cm
62dB@80cm

etc.

And we only care about frequencies in the audible range, despite the implication in TFS, or it will be completely unable to work with existing phones (which is the main point of the thing to begin with). To wit: Combine Nyquist theory with the shitty analog electronics and 48KHz (at best!) ADC/DAC in a phone, and the resultant system must be either audible to a sufficiently-close non-damaged human ear, or else be completely non-functional.

So, there's no point in even discussing how well the thing might behave at 50 or 100KHz, because that's never going to work with existing phones.

And the whole argument is moot, anyway: The transport layer for this sort of payment system, whether RFID or barcodes or acoustic signalling or Bluetooth or avian carrier, will be recordable by a sufficiently-motivated and clever person. It therefore must have strong security (whether cryptographic or otherwise), or it will fail and be exploited. And if it does have strong security, it doesn't matter if it's recordable or not, since any recovered data will be useless to the eavesdropping party.

Re:Inaudible to people, perhaps..

[mspeedie]

Correct, phish with out chips is just half a meal!

Re:Inaudible to people, perhaps..

[c0lo]

All that aside: The simplified rule of thumb for sound at audible frequencies, for a spherical waveform (such as that emitted by a phone), is that sound falls off at a rate of 6dB for each doubling of distance.

With directional elements, the wave-front is no longer spherical - assuming a beam (plane-wave front), the exponential attenuation (due to absorption) holds.
But, you are right for the back-scattered sound - this will degrade much faster not only because of the absorption, but also because it won't be an almost planar wave-front anymore.

And we only care about frequencies in the audible range, despite the implication in TFS, or it will be completely unable to work with existing phones (which is the main point of the thing to begin with). To wit: Combine Nyquist theory with the shitty analog electronics and 48KHz (at best!) ADC/DAC in a phone, and the resultant system must be either audible to a sufficiently-close non-damaged human ear, or else be completely non-functional.

The human ear is able to pick up to 20 kHz, and people over 40 are able to hear at most 16-18 kHz (if ever). This is why 22 kHz is meant to be the absolute upper frequency to digitally encode on an Audio CD and thus 44 kHz the maximum sampling rate required for "absolute audiophile perfection".
All the above as an estimation for what frequency a ADC/DAC in a smart phone can be capable of: my guess - an upper limit of 30-36 kHz. Given the amount of information that a NFP requires (hundreds of bytes, including an encryption key), the fact that tone encoding is not sensitive to amplitude/power variations, the fact that directionality of sound is easier to implement than in RF, the band between 20 to 30 kHz may be just enough to implement the NFP with a better protection for eavesdropping than using radio. This will raise the cost for the eavesdropping party, thus requiring a higher level of motivation than a near-field type of payments usually offer - most of the NFP services I know are capped to $50-$100/payment.

It therefore must have strong security (whether cryptographic or otherwise), or it will fail and be exploited. And if it does have strong security, it doesn't matter if it's recordable or not, since any recovered data will be useless to the eavesdropping party.

I don't argue with that. It is only a (almost academic) discussion which transport can be implemented cheaper: I argue that the acoustic one may be the one - but I'm not sure.

Re:Inaudible to people, perhaps..

[rjstanford]

He's not saying that its hard to pick up audio waves. You just seem to be laboring under the impression that its somehow harder to pick up radio waves. Same series of problems, but audio waves are more understood by humans since we're sensitive to them ourselves. Of course, they're also easier to baffle in many ways.

1970 called..

[Mogster]

They want their accoustic couplers back :)

NFC irrelevant?

[fuzzyfuzzyfungus]

Has NFC already been reduced to a glorified mag-stripe; but with more options for carriers to get their pound of flesh out of the transaction? If so, then yes, a cheaper way of communicating with the POS arguably threatens its relevance.

However, if that deplorable possibility hasn't come to pass, then this seems like only a partial replacement. With NFC, as with the prior RFID stuff, you get the handy option of having passive, antenna-powered tags that can interact with powered devices. You can also have two powered devices talk to each other, some combination depending on the circumstances. With this audio mechanism, and QR codes, and the like, you have the advantage of using hardware that is already there 'for free' because it has other uses; but your versatility is limited: The audio-based system, unless some very clever and likely not cheap piezo/MEMS system were to be hacked together, will only work between two powered devices. QR codes are tolerant of unpowered tags, indeed their tags are cheaper than RFID ones; but you are restricted to dumb tags only. No challenge/response authentication or anything unless two devices with screens and cameras are flashing QR codes at each other as a crude form of two-way communications interface, in which case both of the devices have to be fairly sophisticated and powered.

back to capt'n crunch

[fermion]

There was a time when the cost of a long distance call was exorbitant. Fortunately the phone company ran validation over the same lines of communication, and it was possible to reverse engineer the tones ATT used to get free long distance. The lesson learned is that if the user has access to the validation channel, and the validating code is simple and unencrypted, then it will be hacked and abused. Given the limitations of the cell phone microphone and the network, I would wonder how complex the tone could be, and how easy it would be to hack to steal product or money.

I completely refuse

[holophrastic]

Right now, I have an AMEX in my wallet. It's the best. Unlike my six other credit cards, my AMEX has no chip, no PIN, and no magic. Ok ok, it has a magstripe. The point is that in order to use it, I open my wallet, swipe my card, sign my signature, and walk away. That's great. It's convenient because it takes fewer than 10 seconds, and it's super-secure, because it requires me to take out my wallet, and to use my card within a millimetre of the magstripe reader. And it's super legal too, because my signature is a legal tool that means something, and it's very criminal to forge someone else's signature. Finally, it's super-safe for me, because if anyone, anywhere in the world uses my credit account for any reason in any way, I'm not responsible for the charge. That's perfect.

The reason I don't use my other credit cards is very simple. They suck. The chip can be read from many yards away, through my pocket. So it's not secure. I need to remember a different PIN for each, so it's not convenient. I'm not allowed to use the same PIN for each -- that's against the card agreement, and rightfully so. And here's the worst part. If someone else uses my card, and uses my PIN, it doesn't matter how they got it it, I'm still responsible to pay it. Read your agreement. Ask for it. That's what it says. It says that you are responsible for any purchase made using your PIN. My PIN is not 32 characters long. It's just a handful of digits that anyone could notice, and remember easier than a phone number.

Now, we're talking about using my phone. A device that can break, die, crash, or get lost. Unlike my wallet, my phone moves from my pocket to my hand way more often. It discharges too. So now if my battery dies, I won't be able to buy a new one. Suck on that for a while. How's that for a buried shovel? So it won't be safe. It won't be secure because whatever information is being passed is being passed through the air, and is no more secure than any airwave transmission. And by using ordinary soundwaves, it can be detected by any microphone that ever existed -- including other phones. My credit card can't intercept other credit cards, unless it's covered in cheese when I swipe it. And by the way, jamming is just as bad. So it's not secure in any way.

Not to mention the most annoying part of all. I just refuse to use a modem ever again. I don't want to hear that sound again. I don't want to wonder why my 16800 is connecting at 14400. I don't want to know why no one has ever gotten 56000 ever, with any 56000 modem. And I don't want to have to explain to someone what BAUD means ever again.

I'm done with that shit.

Re:I completely refuse

[holophrastic]

See, I used to think that, but it's the other side that makes it true. Certainly any agreement could say that if someone uses my PIN, I wouldn't be responsible. They don't, but they could, but they don't. And you can flip that any way you like. But a signature is different. A signature isn't a part of my agreement. A signature is a legal device.

The primary reason that my credit account can't charge me for fraudulent charges is because I never agreed to those charges. And in today's legal world, the only reason that I need to pay my credit card bill is because every restaurant has me sign a piece of that says "I agree to pay above total amount in accordance with card issuer's agreement".

It's not the account agreement; it's the law, and the concept of a signature as a binding contract. A PIN is based on the idea that no one else knows my PIN. A signature is based on the idea that no one else can bind me to a contract. The day that the law changes, and says that using someone else's PIN is criminal, then I'll be happy. But right now, you're allowed to use someone else's PIN. That's not illegal. It's illegal to steal, but that doesn't stop my having to pay my credit card bill. Contrast that with the idea that it was always illegal to sign someone else's name, even with their permission and consent. You simply aren't allow to sign someone else's signature, under any circumstance, for any reason whatsoever.

So that's the reason that I say it's a problem with the technology. The technology failed to consider the legal ramifications of such a change. To say that it's not the technology's fault is like playing football during during recess (do they still have recess?) and calling interference when the ball hits a tree. That's not interference, the tree was there before you threw the ball.

Re:I completely refuse

[fast+turtle]

I guess you didn't understand GP's point. If he didn't sign for it or authorize the charge, he's not responsible for more then $50 USD in debt in the States, unlike those smart cards, where the agreements are starting to include the improper use of a PIN making the customer completely responsible for the transaction.

Because of that, I will never go with one of the smart cards as sticking with the old system means I still have the limit on damages of $50 USD instead of having no recourse.

Re:I completely refuse

[holophrastic]

Just as the previous reply says, you're forgetting that for all of the things being equal, with a PIN, you have to first pay your VISA. With my signature, I don't have to pay AMEX while I'm fighting everything else. That's the difference. When someone steals my card, I still have my money to fight them. When someone steals your card, and charges $15'000, first, you lose $15'000. And if you don't pay it, then you lose your credit rating, and your lawyer won't even take your case.

See the protection? Read your agreement. Read the line that says that you pay for absolutely any charge made with your PIN.

As for the signature that isn't checked by anyone, you're wrong. It's checked when I say it should be checked. When I say it's not my purchase, AMEX calls the store, and asks for that slip. Then they look at it, send it to me, and ask me if it's my signature. I say no. They then believe me.

Re:I completely refuse

[holophrastic]

Yeah, that's what I've been saying. Thanks for making it so concise.

Re:I completely refuse

[JasterBobaMereel]

...and this will be backed up in writing by a document stating that you allow them to sign in lieu of you, and what they can sign on your behalf. and anything signed by them in this way can be disputed by you, and so is less binding that you signing it yourself ...

They are not signing your name, they are signing theirs on your behalf

Re:Do Not Want

[A+nonymous+Coward]

No, Elvis is.

And pb&j sandwiches.

Re:Most secure is cash.

[stabiesoft]

Agreed, and the local coffee shop I go to gives me a discount for using the green stuff. It puzzles me how all these customers come in and use a credit card for a 2 dollar purchase. The dirty looks the cashier gives to these people is "priceless".

Text a One-Time-Password

[Doc+Ruby]

I don't understand why the specific method of the phone giving the cash register some money is some kind of roadblock. Why the phone needs some new method of communicating with the cash register. The phone has a million ways to send a message to the cash register and get a message back. Why can't the phone just text a One-Time Password to the cash register? Or use HTTPS? Or USSD, the GSM infrastructure high priority message used for topping off prepaid phones? Or any of a number of other comms techniques? Phones in Scandinavia have been texting parking meters, and getting texted when the meter's running down, for years. The money can be transferred by digital "check" between banks, or the telco can collect micropayment notices to be paid back like a credit card at the end of the month - or your phone privileges are cut off by the telcos cartel, harsher than a credit rating hit.

The infrastructure for these transactions are everywhere already. I'm impressed by the cleverness of this "inaudible" signaling, but it all seems an unnecessary waste of time.

Re:Um. Posted a video...

[fahrbot-bot]

You are confusing inaudible with invisible.

You probably need a different plug-in :-)