When shopping for tech gifts, the security conscious (or just paranoid) shopper will discover a wide array of RFID blocking devices available for sale. Save your money.
What is RFID?
Radio Frequency Identification (RFID) is a wireless communication method. It’s used for inventory tracking, passports, identification cards and credit cards. A huge industry has popped up offering RFID-blocking accessories such as wallets, fanny packs, backpacks, and other security sleeves. They work by using conductive material that blocks radio-waves. The technical term is a “Faraday cage“. You can make your own with a few layers of aluminum foil. You could also make a hat, if you were extremely paranoid.
The sleeves, for the most part, do what they claim. The lining does block radio waves, though some are less effective than wrapping your card in aluminum foil. On the other hand, like the foil hat, they block a crime that doesn’t exist.
“But, David,” I hear you exclaim, “I saw proof that it’s possible to steal credit card information on TV!”
Yes, that part is true also. Typically, RFID cards are read from a distance of a few inches. Hackers have proven that they can swipe card information from many feet away. They use sophisticated radios and directional antennas to read RFID. A demonstration at the DefCon hacker conference showed a successful attack from 69 feet.
If the attack is possible, and the blocking technology works, then why am I calling it snake oil?
Simple: It never happens. There’s a huge difference between hackers showing off at a conference and what criminals will do. If it’s easy to steal or buy stolen cards online, why would I skulk around a coffee shop with a backpack full of radio equipment? Roger A. Grimes, the InfoWorld columnist, explains.
…the fact remains that in over a decade, not a single crime involving an RFID-enabled device has been reported in the public domain.
There have been hundreds of millions of credit cards stolen in the same timeframe and likely billions of financial crimes, and not a single real RFID theft. It’s not that it can’t be done. The videos prove it can. But there is a huge gulf in the world of threats and risks between what can be done and what is likely to be done. And so far, based on over a decade of historical evidence, RFID-related crime appears not only very unlikely, but non-existent.
Why the lack of crimes? Well, Grimes has some compelling arguments.
With RFID-crime, someone has to physically sit around and be close to a bunch of RFID-enabled products. The world is full of CCTV cameras, and sitting around committing crime is likely to end up with the thief’s picture saved for the police to see. … That same criminal could buy stolen credit card information by the thousands for cents per card on a number of online forums.
Some people ask me about the other doomsday scenario where a foreign agent steals their passport information. …even if they get the information, what are they going to do with it? Use your passport with a new picture ID? If they have that sort of sophistication, you’re in James Bond territory, and they can simply make a new passport from the ground up…or pay a thug $50 to mug you to get it.
Which, of course, reminds me of one of my favorite cartoons:
When shopping, buy a wallet or purse that looks nice. Don’t worry about the foil lining unless you already own a foil hat.