Which is why, when my bank sent me a debit card, unsolicited, to replace my ATM card, I returned it.
I also noisily insisted on a no-RFID replacement. AFAIK, I am RFID free, though, I should get a detector.
Care to elaborate on this post? I'm doing some wiki-research on the subject, but you probably know a lot more as to CC policies on sending out chipped cards and dealing with them.
Or are we consumers pretty much out of luck, all cards will have 'em soon enough, and getting the Faraday caged wallet is about all there is to do?
I'm told that the scenarios outlined on ThinkGeek are really over the top, and that RFID chips have a broadcast range of about half an inch, if that, having no internal power source. o_O
RFID is also pathetically easy to reproduce. We use them for tooling identification, and sometimes part ID, and they make all kinds of shit to read/write, lots of which can be run from software on a palm pilot.
I've heard stories of people destroying the RFID with a short nuke in a microwave. Consumerist.com has talked about these cards many times.
Never, ever, under any circumstances, ever trust the government, ever. If they're honest today, the technology they have today will be used by dictators tomorrow.
Good post, Chris.
Why did you keep the cards? Refuse to accept them, tell the company to send you a non-RFID replacement. If they can't, cancel the card and go somewhere else.
The 5 second nuke in the microwave will destroy an RFID chip. Unfortunately, in the case of the passport, that's a crime. And the range on the passport one was said to be "10 cm", but people have shown that it can be picked up 30 feet away. What's worse is the data on the passport chip is NOT ENCRYPTED.
As for the Credit card.. You can return it, but I bet within 2 years ALL cards will have them, and destroying the chip will not be an option - I'd be willing to be wager that new card readers will have RFID capability, and if it doesn't get a signal, it will reject the card. What I don't understand is why they simply didn't require biometric data(say a lone thumbprint), that will prevent alot of credit card abuse.
One second of power in the microwave will definitely disable the RFID antenna, while otherwise doing minimal if any visible damage to the card. Sometimes one second of power output requires setting the microwave to run for 2 seconds.
I tested this on five different cards, when Citibank pulled the same thing. I believe they finally replaced them with non-RFID cards, but that was around the time I fired Citi for their anti-gun activism, so I could be mistaken.
I nuked mine for 3 seconds and put my passport cover between my anvil and flatty a few times.
I've been told RFID chips are good to about 2ft broadcast range but are scannable (defcon 0
at 60-70ft.
Not sure if this works, but I googled around a bit, and found a site that looked somewhat credible that said that water or aluminum limits the distance from which the rfid can be detected. Since it's impracticle to walk around with the cards in an aquarium, the best way to limit reach is to line the wallet with aluminum foil, a sort of cheap version of a farraday cage. Also, stacking a few cards together tends to limit the reach, since they interfer with eachothers signals.
I have no idea if this works or not, and I dont have a RFID reader to check it with, but the site in question seemed to have actually meassured it(instead of just claiming it as truth), so it would be interesting to know your opinions?
The following is not a profanity I like to employ very much, but I believe it's use is both indicated and justified here:
HOOOOO LEEEEEE SHIIIIT!!!!!!!!!!!!!!
Wow. The amount of stuff Adam DIDN'T say, that I can guess at, is huge. Well, this is why I told my prosthetist that if any of the components for my new prosthetic legs have RFIDs to either destroy them, or find me alternatives without. My credit card doesn't have one, my cell phone has no GPS... I wonder if my Texas driver's license does? I hope not.
Chris, just curious, have you tested the RFID blocking wallet to see how well it works?
Washington Mutual, for now, has an option to get non-RFID cards, but I had to go in to a branch to order one. The teller at the branch and the Indian who cancelled the 'smart' card for me on the phone both had never heard of the security concerns.
The fun part is, if you need to use a PIN, it's exactly as secure as your old card. If you don't need to use a PIN, it's LESS secure. Nice. You know what would be really secure AND convenient? A chip implanted in your right hand, or maybe your forehead. Naw, I'm sure nobody would ever go for that...
During my time in the Windows Mobile division at Microsoft, I noticed a group of giggling people walking around staring intently at a small Pocket PC type device. Joining the group, I found that they had written a small application that grabbed information off the reasonably new keyfob-style credit cards. As we walked around the building, we could go into empty conference rooms and read the information for any such cards in the room on the next floor up.
While I'm sure security has been increased on these devices since, we gathered the data from about thirty of them in one pass through the building.
I will leave the question of what one could do with this information to the reader.
Commenting by HaloScan.com
