Features Podcasts Family Video Comics Music Tech Science Books Film & TV Games ✚

Jill

RFID blocking at the point-of-sale

Cory Doctorow at 7:02 am Sat, Feb 18, 2012

— FEATURED —

Book Review

The Man Who Laughs: grotesque Victor Hugo potboiler was the basis for The Joker

Feature

Eurovision 2013: An American in London

Book Review

The Twelve-Fingered Boy - mesmerizing YA horror novel

— FOLLOW US —

Boing Boing is on Twitter and Facebook. Subscribe to our RSS feed or daily email.

 

— POLICIES —

Except where indicated, Boing Boing is licensed under a Creative Commons License permitting non-commercial sharing with attribution

 

— FONTS —

Tweet
Kindle


Spotted by the cash-register at London Drugs, a giant discount pharmacy-cum-big-box-store in downtown Vancouver, these cheap RFID-blocking credit-card sleeves.

RFID-blocking wallet, point of sale, London Drugs, Vancouver, BC

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

MORE:  arphid • photo • privacy • rfid • Technology

More at Boing Boing

Eurovision 2013: An American in London

The technology that links taxonomy and Star Trek

  • http://www.facebook.com/profile.php?id=701878416 Nicholas Robinson

    Very nice photograph. I like the artistic decisions used in framing the shot, the interaction between the lights and darks, the almost unearthly use of chiarascuro.

    A masterpiece.

    Now, can you perhaps spare two moments to write a fucking paragraph about it? Unfortunately we don’t all share your supreme “In-ness” with the subject matter.

    • http://profile.yahoo.com/VKKSEOBH4L62RC6FPMAUIFALLE frank benedetti

      You make an excellent point.

    • Historybuff

      RFID (orRadio-frequency identification) has been something featured on here for a number of years as a potential tracking device. At one time the UK was wanting to have all Passports fitted with an RFID chip to enable “convenience” in processing travel. However it also meant that you could be tracked anywhere your passport went, just like geotracking on your mobile.

      Tests also showed that they were also easily hacked and, since the chip contained all the information on your passport, they made a handy target for identity thieves.

      http://en.wikipedia.org/wiki/Radio-frequency_identification

      • manicbassman

         what do you mean “wanting”… it’s a fact… all UK passports currently being renewed or first issue now HAVE them…

    • jnordb

      Instead of snarky posting, I prefer googling topics that I am unfamiliar with…

      • dumbbunny

        Oh, but when the snark is that funny, snark away.

      • robdobbs

        Google this.

    • theophrastvs

       ”In-ness” is clearly difficult to judge; particularly among an eclectic crowd like the BoingBoing gallery.  I have felt like you do here at times (i think the last time was a sudden unexplained attack of “my little pony” posts).   I happen to know a bit about RFID so this post struck me as copacetic.  That is, your impatience here has shown me the narrowed error of my ways – thankee!

    • guanto

      Vancouver is a city in Canada. Hope that clears it up for you.

      • http://burntheflag.ca Jardine

        Oh, and London Drugs, despite the name, is not based in London, Ontario or even that other London with chimney sweeps. They don’t even have stores east of Manitoba.

    • Pedantic Douchebag

      We’ve missed you at the meetings, Nicholas.

    • hakuin

       pay attention

      http://boingboing.net/2008/03/19/bbtv-how-to-hack-an.html

    • oasisob1

       Can you spend two moments to ‘fucking’ google “RFID”?

  • lavardera

    I block mine with a hammer and awl through the chip.

    • simonbarsinister

       Fan of ’15 seconds in the microwave’ here.

  • http://www.facebook.com/people/Joe-Larkin/100001367611144 Joe Larkin

    http://www.wired.com/threatlevel/2009/08/fed-rfid/
    RFID chips can be read remotely and data can potentially be obtained for malicious purposes. RFID chips are in some Government ID cards, passports, and potentially some credit cards. It’s another possible way to steal information that can be used to track people, perform ID theft and possibly steal credit card numbers. 

  • Mister44

    Does it actually work? I carry a small case around lined in lead for all of my cards and portable electronics.

    • Moriarty

      Wouldn’t aluminum foil be sufficient?

      • Mister44

         What are you – part of the aluminum foil lobby?

  • PJDK

    I’ve never quite understood the obsession with RFIDs.  Security issues are there, you don’t want someone to be able to steal your credit card info with a machine, but that is hardly insurmountable (and I don’t know of any cases outside of a lab of it actually happening).  

    The range of those things is very low and they would make a terrible vector for surveillance especially given everyone carries a phone anyhow.The one thing they are super useful for is using cards without having to get them out of your wallet.  So do people block them, what from?  

    • jay curry

      To put it bluntly, RFID cards can be copied. A copy may look like another RFID card, or it might look like a notebook, textbook, magazine, be embedded in the sleeve of a jacket or shirt. It might look to the casual observer like an old wind-up watch, perhaps not even functional. However if the copy is of your credit card, or your drivers license so you can go through border crossings easier, whomever has that copy can use your credit card, or can cross the border easier as a result.

      The other thing that happens, even if no-one is making copies of your card, every time that card is read, a record of that transaction is made. This may be nothing more than ‘card 900b1y900k read at [timestamp] by reader [serial number]‘ or it may be a detailed record of every item that just passed by the cash register as part of your shopping purchase.  And what that record contains, where it’s kept, by whom, for what purpose (Target sending coupons to you or your partner 3-6 months after one of you becomes pregnant) is not something that you have control over.

      You may be OK with that. Or you may not. But consider that if you combine the two, it becomes trivially easy for someone to frame you as being at or near the scene of a crime, when in reality you’re sound asleep in bed, perhaps in a different city. Even if you are OK with the idea of keeping those records, and turning them over to the police if requested or with a court order, the fact that the evidence can be faked, really should worry you.

      • Jorpho

        The other thing that happens, even if no-one is making copies of your card, every time that card is read, a record of that transaction is made. This may be nothing more than ‘card 900b1y900k read at [timestamp] by reader [serial number]‘ or it may be a detailed record of every item that just passed by the cash register as part of your shopping purchase.  And what that record contains, where it’s kept, by whom, for what purpose (Target sending coupons to you or your partner 3-6 months after one of you becomes pregnant) is not something that you have control over.

        But the exact same thing can be done with any credit card or debit card, RFID or not.

        • http://stephenrice.eu Stephen Rice

          Sure, but that’s an argument against credit or debit cards, not a argument for RFID.

  • Dmitri DB

    Oh, cool — The local insurance company (Crown corporation at that) that you gotta get your drivers license through in this province actually hands these out along with the RFID-enabled drivers licenses which are supposed to get you through the border more smoothly. I brought the forbes article about the blackhat conference credit card reading thing up with my coworker and he showed me his. I’m not surprised that the credit card companies aren’t giving these out with their contactless credit cards though… Just sit and think how much profit they’d be out on if they actually tried stopping credit card fraud with a properly upgraded & engineered system :P

    • TombKing

      Yeah I just got mine, but for the enhanced licenses I am not sure what it is worth. All that is on the chip is the unique identifier that is printed on the card. I guess someone could make a duplicate but there is not personal info itself so unless they had everything else not much, also if they have managed to get into the system that actually uses said information on the chip, well they can just go look anyone up at that point so the string of unique gobbledygook is moot at that point.

      If I have no choice about a credit card with RFID then I will definitely invest in  a blocking wallet or sleeves like in the picture.

    • hub

      You are nice calling this “local insurance company”. I call that “provincial monopolistic racket”, a conflict of interest at that as they have no interest in prevention since the core of their business is to sell insurance as a prices that is 4 time the rate in other provinces private insurances.

      • http://twitter.com/iserlohn iserlohn

         Actually that’s not true. The scale is different – everybody has to earn their premium discount on a level playing field – your age and sex do not factor in to your base premium. This makes first year premiums significantly more expensive for some demographics, while substantially cheaper for others, compared to other systems. It all evens out depending on how careful you drive and how much you claim.

  • jkonrath

    I was expecting, in a bit of irony, that this would have a sale price only available if you used the drug store’s loyalty card.

  • LordBlagger

    The range of those things is very low and they would make a terrible vector for surveillance 
    =============

    There are other issues.

    1.Think denial of service. They are low power, and they work on an ethernet like protocol. Just broadcast with higher power, and it doesn’t have to be that high, and you can deny all card readers in quite a range. Small 9 v battery, plus a bit of circuitry and you could stop a shop from working. Hidden on the premises, cash into an account and you will be told where it is (or it is removed). Cash then gets withdrawn via an ATM machine in other locations.

    2. Think fake responses. For example, how about adding in extra items to a shopping basket remotely, or hiding the expensive items? Think about this if you are innocent and shop security gets you with items you haven’t paid for.

    RFID is going to be the new black when it comes to crime and extortion. 

  • DewiMorgan

    My green card came with a metal-lined envelope that I have to keep it in :) 

  • gaiapunk

    I think it is supposed to be ironic that they’re selling RFID blocking sleves precisely where you are most likely to use RFID, the check out line.

  • ponzicar

    Do they even work? Or did someone figure out a way to sell useless plastic sleeves at a relatively huge markup?

    • dr

      I am curious about this as well.  What is in the composition of the sleeve that would block a radio frequency signal?

  • BBNinja

    Um…I get Cory was going for “ironic” but doesn’t it make sense that they would have RFID covers for sale right where you were most likely to pull out your RFID enabled card?

    • hub

      The irony is bank or government “selling” RFID card “for your security”. Note that banks also make sure they defer the liability to the customers with the “enhanced security” they claim it provides (*hint* it does not)

      • iwanttowatchyoutubeyoubastards

        The best one is when the Royal Bank sent me my RFID card. They sent it in the mail.

        Preactivated.

        Without informing me it was coming.

        With a paper explaining how I could use it for $200 of purchases before it would ask for a PIN.

        When I went in to complain and have the PINless stuff killed they said it wasn’t a security exploit because “No one uses that yet.” So not only security through obscurity, but security through obscurity that’s being destroyed by an ad campaign!

        I moved all but a small chequing account out of the Royal Bank over that one.  Should move the chequing, too, but with all the stuff tied to it it’ll take forever to do without disrupting something.

  • cstatman

    help,  my brain hurts,  I am so confused.

  • http://www.facebook.com/profile.php?id=648466645 Rick Davies

    Consumer’s Advice: those are not cheap. At that price, these over here are 3-for-2: http://difrwear.com/products/rfid-blocking-card-sleeve-set-set-of-3-lb103

  • http://profiles.google.com/cityprole Wendi Galczik

    I know that those TV-ad aluminum wallets are supposed to block RFIDs, but wasn’t aware of any plastics that did so..anyone know about this?

  • Peter Yard

    Ladies and gentlemen, I think we can agree that the era of the tin-foil wallet has arrived. They will go so nicely with a new range of hats I have in mind.

  • http://www.linkedin.com/in/kenahoo Ken Williams

    So the clever bit here is that you can buy these things *AT THE VERY KIND OF PLACE WHERE YOU CAN BUY THINGS*?

  • hub

    But does it really work?

    • http://mjfgates.myopenid.com/ mjfgates

      Metal RFID-blocking sleeves, how DO they…

      nah.