Join 3,552 readers in helping fund MetaFilter (Hide)


The low-tech way around RFID
April 30, 2007 8:26 AM   Subscribe

The guy over at Make Your Nut is facing a dilemma I've wondered about myself: what to do about the security risks that are inherent in the many RFID-chipped credit and ATM cards that banks are so keen on issuing today? There's a lot of evidence out there that indicates that the highly personal information these cards (and the new US passports as well) carry can be stripped away by a thief with a little motivation and access to relatively low-cost equipment. You can go with the nifty RFID-blocking wallets (discussed here previously), or, according to some, you could just grab a hammer.
posted by shiu mai baby (26 comments total) 3 users marked this as a favorite

 
That really depends on if it's encrypted or not, and if so, how well. He doesn't say if he got a straight answer or not from his bank.

I'm assuming these RFID chips are passive (they'll give up information when "charged" by a reader), which means anyone with an active reader can get the data of any RFID chip in a radius of only a few feet. This limitation wont' be a big deal on a subway or other crowded area though.

I've wondered about this for a while.
posted by splatta at 8:33 AM on April 30, 2007


Schneier highlights the RFID Zapper
posted by poppo at 8:35 AM on April 30, 2007


Wow, those wallets are some kind of wickedly ugly fashion statement. Hammer, please.
posted by Blazecock Pileon at 8:36 AM on April 30, 2007


The record for reading an RFID is, I believe, 50 feet. Special equipment was, of course, involved, but as Schneier says, attacks only get better.

There's an RFID kit out there in case you ever want to RFID enable your front door, or cat flap, or confirm your worst fears about your bank's idea of security.
posted by Kid Charlemagne at 8:46 AM on April 30, 2007


Hammer, please.

Would that be the 'MC' or 'Ban' model that you are looking for?
posted by YoBananaBoy at 8:48 AM on April 30, 2007


Credit card companies say that the likelihood of this happening is low, so there isn’t any need for alarm.

That seems like an odd thing to think. I mean, it's pretty obvious that criminals will sease on absolutly any way to do their work. If you can imagine it, some criminal will do it.
posted by delmoi at 8:54 AM on April 30, 2007


wrap them in tin-foil..

oh, wait...that's for another problem
posted by HuronBob at 9:04 AM on April 30, 2007


That might be the shortest, and (and I believe this is causally related) best Wired article I've ever read.
posted by serazin at 9:15 AM on April 30, 2007 [2 favorites]


ugly wallets aside, making RF screens for passports, credit cards, and ID's is generally simple.

You can even use wire mesh as long as the gaps in the mesh are much smaller than the wavelength of the radiation. This is easy for Radio Frequency (meters) and not to difficult for Microwaves (centimeters). This is also the reason you are not "cooked" by your microwave, but can still see inside! The Wikipedia entry on the matter also suggests metallic ink, which although more expensive, might solve the fashion dilemma of the security-conscious consumer.
posted by quanta and qualia at 9:23 AM on April 30, 2007


Okay, I admit I'm a bit ignorant on the subject, but would it be at all possible to reprogram the information on the chip without coming into physical contact with it?
posted by edgeways at 9:29 AM on April 30, 2007


As the Wired article says deliberately tampering is a "bad idea". Using a hammer directly on the passport may leave incriminating signs of hammer indentation, I'm sure it wouldn't be hard for the "hypothetical" user to figure out ways to avoid that.
posted by edgeways at 9:34 AM on April 30, 2007


edgeways, my understanding is that passive RFIDs are read-only, but these guys claim to be able to deactivate them.

Disclaimer: If you know everything I know about current technology, you are probably way behind the curve.
posted by Terminal Verbosity at 9:35 AM on April 30, 2007


RFID, hehehe. What a joke.
posted by IronLizard at 9:42 AM on April 30, 2007


The very worst part about RFIDs is the pronunciation. Arr-fid? Blazecock, pass the hammer when you're done.
posted by Skorgu at 10:16 AM on April 30, 2007


On a somewhat unrelated note: "Make Your Nut?" Am I missing some crucial piece of linguistic information here?
posted by aliasless at 10:34 AM on April 30, 2007


Sorry if this sounds horribly ignorant...
So...the RFID chips actually carry tons personal information? I always assumed they merely carried a unique identifier that was, in turn, used by the reader to interrogate a remote database...or some process like that. All sensitive information is stored away from the chip itself.

Guess that explains why I don't work in the security industry...
posted by Thorzdad at 10:44 AM on April 30, 2007


If you're in business for yourself, the point when you break even is the point when you make your nut. Carny slang, if I recall correctly. The peanut vendors had to sell a certain number of peanuts before they would start making a profit. When they sold the amount that covered their cost, the had made their nut.
posted by Astro Zombie at 10:46 AM on April 30, 2007


'making your nut' is still used in the taxi industry.
posted by attackthetaxi at 11:01 AM on April 30, 2007


The hammer seems like the easiest and best solution to an incredibly stupid and short sighted problem. Heck, maybe I'll go into business "fixing" people's passports for them and get paid to smash chips.
posted by fenriq at 11:09 AM on April 30, 2007


As I understand it, the RFIDs in passports are write once read many type technology. But I'm willing to bet that there are many people out there who can transplant a fresh RFID chip into an existing passport such that it can't be detected by casual observation.

The Register had a bunch about the UK's RFID passport system a while back. I can't find it now but it suffices to say that it did not instill confidence in the reader.

Canada could really clean up if they marketed a self adhesive, radio opaque passport cover.
posted by Kid Charlemagne at 11:30 AM on April 30, 2007


Yeah, those Farraday cage wallets are hideous, mostly because they're so damned big (big enough for a passport, natch, but that's a lot wider than your average leather fold). Compensatorily, though, mine gives me the mother of all non sequiturs to drop into casual conversation.

I also love the idea of rogue individuals walking around with concealed devices that fry every RFID chip within ten paces. Kind of like the cell-phone jammers I so badly want to see marketed, only with more finality.
posted by Mayor West at 11:36 AM on April 30, 2007


On a somewhat unrelated note: "Make Your Nut?" Am I missing some crucial piece of linguistic information here?
posted by aliasless at 1:34 PM on April 30

Yeah, Astro Zombie nailed it (and sorry for the apparent non-sequitur). It's a finance blog, so the MYN guy uses the term to describe the point each month at which you're able to pay all your bills. The posts are generally related to stuff one can do to make one's nut each month.
posted by shiu mai baby at 11:41 AM on April 30, 2007


excuse my complete legal ignorance: is it illegal to smash one's own rfid passport with a hammer, and if so, what are some possible ramifications if the "crime" is discovered?
posted by ericbop at 12:10 PM on April 30, 2007


"Make Your Nut?" Am I missing some crucial piece of linguistic information here?

Live and learn. I've always heard (and said) "covering your nut". If a company has a lot of overhead, it's got a big nut to cover. Must be a regional thing or something.

As for RFID's in mandatory identification: scary, with a capital S.
posted by Benny Andajetz at 12:37 PM on April 30, 2007


That phrase confused me too. I assumed it came from poker jargon. In hold-em', you would "make the nut" if a card was dealt that gave you the best possible hand; ensuring your victory. Seemed like a strange reference in finance terms, but it kind of makes sense. Once you make the nut, you don't have to worry about losing money. Any further betting is just going to determine how much you'll profit.
posted by team lowkey at 1:44 PM on April 30, 2007


I thought when you made your nut it was time to go get a towel.
posted by Cyrano at 4:04 PM on April 30, 2007


« Older Peak Performance is a website featuring dozens of ...  |  Demonstrate one of the weirdes... Newer »


This thread has been archived and is closed to new comments