Tuesday, August 14, 2007

How to de-RFID your credit card

WHY there is such a craze for sticking RFID chips in everything in these days in which we are supposedly trying to be more alert about security, I have no idea. Not to mention the unparalleled level of identity theft. Yes, let's do put our credit card numbers out there for any hacker with a hankering to find.
Luckily, Consumerist has been keeping up with this foul trend:

Credit card companies are putting magical radio chips inside your credit cards to allow for "touch n go" "contact-less" payments, but if for some reason the idea of a miniature beacon transmitting your credit card information, albeit however encrypted the companies feel like making them, there is something you can do about, blogs Cody: Dremel!

1. Google your specfic credit card name and type (i.e. Chase Freedom Card) + RFID. If you get some hits of people saying there's an RFID chip inside, it's probably got one.
2. Hold your credit card up into the light and see if you can spot the raised bump. That's the RFID chip.
3. Drill a hole in the spot.
4. Voila! You're off the grid.

As long as you don't make huge gashes and tear through your magnetic strip, this should in no way affect your ability to swipe at the store or use ATMs.

Three related posts for the paranoid:

From BoingBoing:
Hacked passport crashes readers

A hacker has demonstrated an exploit against the RFID tags in the new US passports that allows him to clone a passport and modify the RFID with bad code that will crash the passport readers.
... "If you're able to crash something you are most likely able to exploit it," says Grunwald, who's scheduled to discuss the vulnerabilities this weekend at the annual DefCon hacker conference in Las Vegas.

Also from BoingBoing:
UK security experts have cracked the sooper sekure new UK biometric passports. It took 48 hours. With £174 worth of sniffer hardware, attackers can read all the personal information off of any of the three million new UK passports in circulation -- and if combined with demonstrated hacks for reading RFIDs at a distance, this could happen from across the room, or even farther. You can then clone the RFID and stick it in another passport (surprise! your identity is now owned by a terrorist!).

If this worries you, perhaps you'll want to read this (But I am not advocating breaking the law by tampering with your passport). From Wired:
All passports issued by the US State Department after January 1 will have always-on radio frequency identification chips, making it easy for officials – and hackers – to grab your personal stats. Getting paranoid about strangers slurping up your identity? Here’s what you can do about it. But be careful – tampering with a passport is punishable by 25 years in prison. Not to mention the “special” customs search, with rubber gloves. Bon voyage!

1) RFID-tagged passports have a distinctive logo on the front cover; the chip is embedded in the back.

2) Sorry, “accidentally” leaving your passport in the jeans you just put in the washer won’t work. You’re more likely to ruin the passport itself than the chip.

3) Forget about nuking it in the microwave – the chip could burst into flames, leaving telltale scorch marks. Besides, have you ever smelled burnt passport?

4) The best approach? Hammer time. Hitting the chip with a blunt, hard object should disable it. A nonworking RFID doesn’t invalidate the passport, so you can still use it.

– Jenna Wortham

No comments: