RFID Hacking
December 8, 2010 7:17 AM   Subscribe

RFID Hacking: Real or Hype; Prevention

The web is full of warnings that credit cards, driver's licenses and passports carry RFID chips and magnetic strips that can be read from 40 feet away, thus giving an identity thief your information. But these come from people who sell foil-lined wallets and sleeves.

My credit card issuer (Citibank) says the maximum distance is only a few inches.

The US government apparently takes the problem seriously and has issued a standard for wallets called FIPS 201.

What's the truth, and how effective is a shield?
posted by KRS to Technology (14 answers total) 3 users marked this as a favorite
Well, I can't imagine 40 feet, but on the East Coast we have the EZPass, an RFID toll collection system. Instead of stopping to pay your toll, you have this little box mounted near your rearview mirror and you go through the scanner at 15mph or so. That's got the be like 15 feet or so of distance from the scanner to your EZPass.

That said, I don't know how RFID works, necessarily, but I imagine smaller tags could not be read from such a distance, such as the ones on credit cards.
posted by InsanePenguin at 7:24 AM on December 8, 2010

Not all RFID systems are the same so you can't necessarily extrapolate from EZPass or anti-theft systems. I've seen proof of concept videos that RFID credit card numbers can be scanned at distances of about 1-2 feet using a device that fits in a small netbook case, which makes scanning in crowded lines, sidewalks, and public transit systems feasible. 40-feet is probably hype, but it's possibly a threat worth considering.

Magnetic strips are probably safer,
posted by KirkJobSluder at 7:43 AM on December 8, 2010

The EZPass RFID contains a battery, so it actively replies, extending the distance. Others do not, and reply on capturing the signal they are sent, then extracting energy from that to reply. That being said, anything having to do with radios and distance rely on two things: power and antennas. You can increase the range by using more power, or by using a bigger (or better) antenna. So the distances cited for standard RFID readers are based on standard equipment.

Someone who wanted to collect lots of information could use a radio that had a bigger antenna or more power. These aren't something you buy at Walmart, but they are possible. Bruce Schneier, security guru, says here that it has been possible to read things at tens of meters, but I don't see a source for what the circumstances are.
posted by procrastination at 7:55 AM on December 8, 2010

The problem is you are lumping active and passive RFID into one clump... EZPass is active RFID, it sends out a signal, has a battery, so it can make connections easier... you just need something to read it within its range...

RFID's like credit cards, and HSPD 12 cards, or metro smart trip cards are passive RFID, they get their charge from the reading device via a magnetic field... so the distance is determined by the amount of power needed for the device and the power of the magnetic field...

Active RFID's can be read, depending on the device, sometimes up to 300 feet, while passive range is normally less than a few feet.

Regardless, if someone could read the rfid chip, they then have to be able to read and use the information, gov't cards are encrypted, and can be difficult to read, credit cards are probably encrypted too... could someone spoof the rfid, possibly, but not the easiest thing to do...
posted by fozzie33 at 7:56 AM on December 8, 2010

A really good antenna pointed at a location that passive cards are read could also pick up the signal a few hundred feet away. I believe this was discussed in 2600 a few years ago, but I can't find a link..
posted by jrishel at 8:10 AM on December 8, 2010

apparently 69 feet is the record for reading passive RFID
posted by jrishel at 8:13 AM on December 8, 2010

With a directional antenna and amplifier, greater range is possible. How far? How about over a hundred feet for a passive RFID2 tag.
posted by zippy at 8:19 AM on December 8, 2010

Is it "real"? Sure. But this is good wisdom to heed:

fozzie33: Regardless, if someone could read the rfid chip, they then have to be able to read and use the information, gov't cards are encrypted, and can be difficult to read, credit cards are probably encrypted too... could someone spoof the rfid, possibly, but not the easiest thing to do...

Also consider the following things you likely do with your CC/Bank cards:

- Give them to waiters, who walk off with them for an indeterminate period of time.
- Put them into 3rd-party cash machines in sketchy delis.
- Read their account # over the phone.
posted by mkultra at 8:20 AM on December 8, 2010

I've tested some ebay shields against 125khz and 13.56mhz readers and was unable to read anything (with the card sitting directly on the reader). This is what someone would use plugged into a laptop in their backpack to try and skim your cards.

The encryption hasn't been (publicly) broken yet, and your cards will most likely expire before this happens. So the risk of any info being skimmed is extremely low.

If you're super worried about it, you can also just punch out the chip. Gently folding the card until you see stress lines can find the location of the chip, then just cut it out. However I hear some ATMs will eat the card, and this will make you look suspicious in stores (trust me).
posted by mewmewmew at 9:13 AM on December 8, 2010

"As seen on TV" - Saw a news report on this the other day - a RFID Tech guy (who just also happened to have an RFID security consulting service) was demonstrating how his netbook, inside of a case and equipped with an RFID reader, was able to read people's credit card information from their wallets or purses just by getting within 1-2 feet of them.

They tested it on random people on the street, read their CC info, then stopped the people and showed it to them for them to verify it as accurate (they obscured all but the first 2 digits anytime the netbooks screen was displaying CC info on camera).
posted by de void at 9:16 AM on December 8, 2010

A form of encryption used on many chips was broken in 2008. The encryption can also be circumvented by sending an authorization request to the issuing bank.
posted by KirkJobSluder at 10:10 AM on December 8, 2010

Also: what's the difference? All RFID is is numbers. The evildoers have to be able to use the numbers. You don't have to pay for bogus credit charges.
posted by gjc at 5:07 PM on December 8, 2010

Response by poster: OK, so it's possible to read the cards. How about shielding? The stuff on Amazon and eBay simply has a foil-lined sheath into which you slide the card. Does that work?
posted by KRS at 6:26 PM on December 8, 2010

shielding should work. it's a faraday cage
posted by jrishel at 6:14 AM on December 10, 2010

« Older Skills for an IT business analyst?   |   French-language holiday music recommendations? Newer »
This thread is closed to new comments.