1 of 1
The tinfoil people happen to be correct.
Posted: 07 December 2010 01:12 PM   [ Ignore ]
Five Star Member
Avatar
RankRankRankRankRank
Total Posts:  5152
Joined  2005-01-27

Stuck on the tarmac, flipping through a travel magazine, you’re struck by the blurb for metal-lined wallets. Purpose: to prevent digital pickpocketing by blocking radio frequencies.

These handsome babies start at $79.99 and top out at the $225 Italian Leather Teju Lizard Embossed Travel Wallet.

Your reaction: Wow! Luxury accessories for paranoids!

But you would be wrong. Maybe.

Because, says electronic security expert Bruce Schneier, crystallizing the view of many: “As weird as it sounds, wrapping your passport in tinfoil helps. The tinfoil people, in this case, happen to be correct.”

The issue is bigger than just the new style of passports, which contain chips that emit information that can be read by a scanner. We’re also talking about your Metro SmarTrip card, your employee ID/building access card, your automatic highway toll pass, the newest wave of credit cards and gas purchasing cards, even digital drivers’ licenses being developed in some states.

All of these nifty and oh-so-convenient bits of plastic employ versions of what’s known as radio frequency identification technology, or RFID. That is, they toss out bits of data that are caught by receivers, with little or no contact, just through the air in some cases. The new credit cards, such as MasterCard’s PayPass, don’t have to be swiped through a machine. Swiping is so retro, and takes precious extra seconds. You need only lightly tap the PayPass on a terminal to register a purchase.

Neato. It feels as if you’re living in the future, or in an episode of “24,” when you slap your purse on the Metro turnstile and the gate opens, or you wave your ID badge at a node on the wall and your office door beeps open (and then your face and all your recent movements around the office—yikes!—pop up on the security guard’s computer).

But alas, just as every problem has a solution, so every solution has a problem, right?

According to some security gurus, even when there is no receiver in the vicinity, your digital secrets are leaking merrily from the cards in your wallet, like sound from a radio that you can’t turn off.

So, conceivably, a pickpocket with a laptop and an antenna could lift the digital contents of your wallet. This modern, hypothetical Artful Dodger would never reach his fingers under your jacket. He’d be that guy slouched on a bench in Union Station with a backpack, vacuuming up bits and bytes as crowds flowed past. Behind your back, the contents of your wallet may be talking about you, digitally, to perfect strangers.

Paranoid? The scenario has mainly been reenacted by researcher-hackers under simulated conditions. The makers and issuers of RFID cards insist the data are encrypted and safe. Yet some security watchdogs assert the need to cover, or shield, these cards when they aren’t in use. A thin metalized nylon can do the trick, based on the classic Faraday cage design, to disrupt RFID communications.

CONTINUED BELOW

 Signature 


“By the sweat on our brows, and the strengths of our backs…Gentlemen. Hoist the Colours! And you, madam, I warn you, I know the entire Geneva Convention by heart!”
Trust me.

Profile
 
 
Posted: 07 December 2010 01:12 PM   [ Ignore ]   [ # 1 ]
Five Star Member
Avatar
RankRankRankRankRank
Total Posts:  5152
Joined  2005-01-27

“If I had an RFID that didn’t have a cover, a driver’s license, a credit card, a corporate ID card . . . suddenly a [shielded] wallet isn’t such a stupid idea,” says Schneier, an author of books on security and the chief technology officer of Santa Clara, Calif.-based BT Counterpane, a network security company.

Marc Rotenberg, president of the Electronic Privacy Information Center in Washington, keeps an ad for one of those shielded wallets, clipped from a travel mag, posted on his office door. It’s a little joke, but he’s also serious. “RFID creates security and privacy risks,” he says.

A couple of years ago, when the State Department announced the new style of passports, EPIC recommended that people wrap their passports in tinfoil. Instead, the State Department addressed such concerns by embedding metallic shielding in the front and back cover of the passport books. In addition, the new “passport cards” to be offered to U.S. citizens who travel frequently between the United States and Canada, Mexico or the Caribbean will come with similarly shielded sleeves.

The fact that the State Department has resorted to shielding material—does that mean the threat is real, that shielded wallets for other types of cards are a good idea? Schneier, for one, thinks the passport books are still vulnerable when they are open.

But spokesmen for the State Department and the Department of Homeland Security say the shields are just an extra level of security for documents that are already safe because of encryption and the nature of the information on them. Even when the passport books are open, the digital information can be read by a scanner no more than a few inches away, says spokesman Steve Royster. As for the passport cards for frequent border-crossers, they can be read at 20 to 30 feet but contain no personal information, Royster says. The personal stuff is safe in government computers, he says.

MasterCard, for its part, says consumers need not invest in shielded wallets—they can save their money for other purchases.

“All of our cards go through very strict security testing,” says MasterCard spokeswoman Erica Harvill, who says she carries her PayPass unshielded as a key fob. The data on the cards are encrypted using a system involving random, unique authentication codes that can only be used once, Harvill says. In addition, the signals can travel only a very short distance.

But if the specter of unauthorized leaks from your hip pocket keeps you awake at night, Geb Masterson, president of Kena Kai in Anaheim Hills, Calif., will sell you one of his DataSafe models. The shielding material is a thin “metalized nylon,” finished for the style-conscious with fine Italian leather. They come in colors, and in selections for men and women. The result is no heavier than a standard leather wallet, says Masterson, who adds that he has sold more than 50,000 in less than two years. And no, the metalized fabric won’t magnetize or demagnetize your credit cards, he promises.

His sales pitch is shrewd: Hackers are only going to get better at data theft, so better safe than sorry.

“I have to carry a wallet anyway,” he says. “I’d rather have it lined in this material that radio frequencies can’t get through.”

But if you put your SmarTrip card in a shielded wallet, won’t you have to take it out to make it work on the Metro? Yes—so some models have window flaps that let you expose such cards when necessary.

Competitors offer less expensive alternatives. There’s an RFID Blocking Wallet from DIFRwear.com for $19.99 and one via SkyMall.com for $19.85.

Most affordable of all: tinfoil.


Source

 Signature 


“By the sweat on our brows, and the strengths of our backs…Gentlemen. Hoist the Colours! And you, madam, I warn you, I know the entire Geneva Convention by heart!”
Trust me.

Profile
 
 
Posted: 07 December 2010 05:26 PM   [ Ignore ]   [ # 2 ]
Five Star Member
Avatar
RankRankRankRankRank
Total Posts:  6932
Joined  2005-10-21

I know ThinkGeek sells a stainless steel mesh wallet, though It hink that’s more for durability and style than RFID.

 Signature 

1: Extraordinary claims require extraordinary proof. If it does what it says, you should have no problem with this.
2: What proof will you accept that you are wrong? You ask us to change our mind, but we cannot change yours?
3: It is not our responsability to disprove your claims, but rather your responsability to prove them.
4. Personal testamonials are not proof.

What part of ‘meow’ don’t you understand?

Profile
 
 
Posted: 07 December 2010 06:10 PM   [ Ignore ]   [ # 3 ]
Five Star Member
Avatar
RankRankRankRankRank
Total Posts:  8165
Joined  2005-02-06

I’ve lined my trousers with tinfoil… tongue wink

 Signature 

———
The Kruger-Dunning effect is rampant on internet fora.
J. Kruger & D. Dunning (1999), Unskilled and unaware of it: how difficulties in recognizing one’s own incompetence lead to inflated self-assessments. J Pers Soc Psychol. 77, 1121-1134

Profile
 
 
Posted: 08 December 2010 09:25 AM   [ Ignore ]   [ # 4 ]
Five Star Member
Avatar
RankRankRankRankRank
Total Posts:  2899
Joined  2005-06-15
LaMa - 07 December 2010 11:10 PM

I’ve lined my trousers with tinfoil… tongue wink

So where do you keep your RFID chip?  smirk

 Signature 

I’m not some ordinary moron.
I’m an Oxy-Moron!

Mental Giant: A very tall person who is more than slightly confused.

Profile
 
 
Posted: 08 December 2010 01:03 PM   [ Ignore ]   [ # 5 ]
Five Star Member
Avatar
RankRankRankRankRank
Total Posts:  5152
Joined  2005-01-27

The tinfoil is there to protect his piercings from setting of security alarms.

 Signature 


“By the sweat on our brows, and the strengths of our backs…Gentlemen. Hoist the Colours! And you, madam, I warn you, I know the entire Geneva Convention by heart!”
Trust me.

Profile
 
 
Posted: 09 December 2010 06:47 AM   [ Ignore ]   [ # 6 ]
Senior Member
Avatar
RankRankRankRank
Total Posts:  534
Joined  2009-08-10

Only my work pass works this way and it has an operating range of about 6 inches (or less), so a thief stealing data would probably have to be a close as a pickpocket; like being on public transport or bumping into you.

Profile
 
 
Posted: 09 December 2010 11:08 AM   [ Ignore ]   [ # 7 ]
Five Star Member
Avatar
RankRankRankRankRank
Total Posts:  6932
Joined  2005-10-21

Lots of places have RFID passes.

I remember that the game company I worked for had them, and folks were getting ‘creative’ in placement and use. One guy kept it in his sock, and would do a Bruce Lee kick in front of the scanner to open the door. Another guy kept his in his back pocket, and would simply do a little spin in front of the sensor.

 Signature 

1: Extraordinary claims require extraordinary proof. If it does what it says, you should have no problem with this.
2: What proof will you accept that you are wrong? You ask us to change our mind, but we cannot change yours?
3: It is not our responsability to disprove your claims, but rather your responsability to prove them.
4. Personal testamonials are not proof.

What part of ‘meow’ don’t you understand?

Profile
 
 
   
1 of 1