Roger Grimes on Why You Do Not Need to Worry About RFID Blocking Wallets
-
Roger Grimes, columnist for InfoWorld, has a great article on why RFID blocking wallets, purses and other things are just a scam and why there is essentially zero risk - especially as the people getting these things almost never have RFID devices in their wallet. Do you? I sure don't. Have never seen one, not even one advertised. It's a rare issue. Roger delves into how uncommon they are and what immense cost a thief would need to spend in order to attempt an attack on your already heavily protected, chip and pin backed, RFID card.
-
Why would anyone bother doing this when I can take a picture of someone's credit card with my phone. It would cost less for me to get a job as a waiter and take a picture of everyone's card when I went to do the bill, and then quit and buy a ton of stuff.
-
@johnhooks said:
Why would anyone bother doing this when I can take a picture of someone's credit card with my phone. It would cost less for me to get a job as a waiter and take a picture of everyone's card when I went to do the bill, and then quit and buy a ton of stuff.
Well at least in Europe the trick is that you never let the card out of your possession, so chip and pin cards are not easy to photograph.
-
If chip and pin work like they do in Europe like they do in the US, they aren't really secure. The PIN isn't verified by the bank before allows the transaction. Instead the PIN can be faked with an overlay on the card itself.
A good breakdown can be read here http://www.techrepublic.com/blog/it-security/chip-and-pin-the-technology-is-no-longer-secure/
But RFID? yeah your passport is the only thing I can think of that most people have with one in it.
-
@Dashrender said:
But RFID? yeah your passport is the only thing I can think of that most people have with one in it.
Yeah, I hate that one. It makes American children identifiable when abroad from a distance. You don't need to be able to read the RFID, only see it. It becomes a tracking device (over very short distance.) But the scariest thing is that if a family is all carrying their RFID passports as they are told to do, someone in a crowded marketplace or other public area can use them to identify foreign children and, more scarily, identify when they have become isolated or are out of line of site with their accompanying adults.
-
@Dashrender said:
A good breakdown can be read here http://www.techrepublic.com/blog/it-security/chip-and-pin-the-technology-is-no-longer-secure/
Only problem there is that they don't explain how a card is cloned if it doesn't leave your hand, as it would not in a chip and pin transaction.
The only flaw I know of with chip and pin is banks that decide not to actually use chip and pin technology but only use the card itself and ignore the pin. If actual chip and pin is used, none of those attacks work. But the banks are not actually using it, of course the system doesn't work.
-
If I recall correctly, US is chip and signature, not chip and pin so its almost useless.
-
@johnhooks said:
If I recall correctly, US is chip and signature, not chip and pin so its almost useless.
Yup, but they sell it as "chip and pin" to trick people. My dad got one and was all excited they I asked how he was using it in all of those places without chip and pin readers and he was like I just sign.... oh no it's a scam!!
-
@scottalanmiller said:
@johnhooks said:
If I recall correctly, US is chip and signature, not chip and pin so its almost useless.
Yup, but they sell it as "chip and pin" to trick people. My dad got one and was all excited they I asked how he was using it in all of those places without chip and pin readers and he was like I just sign.... oh no it's a scam!!
And I think gas stations have like a 3 year window to get compliant. They were one of the biggest issues.
-
@scottalanmiller said:
@Dashrender said:
But RFID? yeah your passport is the only thing I can think of that most people have with one in it.
Yeah, I hate that one. It makes American children identifiable when abroad from a distance. You don't need to be able to read the RFID, only see it. It becomes a tracking device (over very short distance.) But the scariest thing is that if a family is all carrying their RFID passports as they are told to do, someone in a crowded marketplace or other public area can use them to identify foreign children and, more scarily, identify when they have become isolated or are out of line of site with their accompanying adults.
You would have your minor children carry their own passports? Regardless of what 'they' say I probably would never do that. Give them a paper copy fine, but the actual passport.. nah.
-
@scottalanmiller said:
@Dashrender said:
A good breakdown can be read here http://www.techrepublic.com/blog/it-security/chip-and-pin-the-technology-is-no-longer-secure/
Only problem there is that they don't explain how a card is cloned if it doesn't leave your hand, as it would not in a chip and pin transaction.
The only flaw I know of with chip and pin is banks that decide not to actually use chip and pin technology but only use the card itself and ignore the pin. If actual chip and pin is used, none of those attacks work. But the banks are not actually using it, of course the system doesn't work.
I think it's less about a cloned card, and more about a stolen one.
Chip and Pin does not save you from stolen cards - the overlay that simply sends the OK signal to the card removes the pin from matter'ing.
-
@johnhooks said:
@scottalanmiller said:
@johnhooks said:
If I recall correctly, US is chip and signature, not chip and pin so its almost useless.
Yup, but they sell it as "chip and pin" to trick people. My dad got one and was all excited they I asked how he was using it in all of those places without chip and pin readers and he was like I just sign.... oh no it's a scam!!
And I think gas stations have like a 3 year window to get compliant. They were one of the biggest issues.
I hadn't heard that anyone was exempt - but assuming that's true, As you said, without a PIN you're not really any more secure, and even with a PIN, your stolen card isn't secure either.
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
But RFID? yeah your passport is the only thing I can think of that most people have with one in it.
Yeah, I hate that one. It makes American children identifiable when abroad from a distance. You don't need to be able to read the RFID, only see it. It becomes a tracking device (over very short distance.) But the scariest thing is that if a family is all carrying their RFID passports as they are told to do, someone in a crowded marketplace or other public area can use them to identify foreign children and, more scarily, identify when they have become isolated or are out of line of site with their accompanying adults.
You would have your minor children carry their own passports? Regardless of what 'they' say I probably would never do that. Give them a paper copy fine, but the actual passport.. nah.
They tell them to do so. It's often recommended.
-
Hmm... Roger seems to have a trend of recommendations against protecting yourself. In the case of the RFID wallet, he makes total sense. I've never even though of buying an RFID blocking device.
But someone on SW thinks that firewalls are useless because of this nonsensical piece of crap article: http://www.infoworld.com/article/2616931/firewall-software/why-you-don-t-need-a-firewall.html
-
Easily one of the creepier RFID things I've seen
-
-
Another RFID issue that I've seen is schools forcing children to wear RFID tags. It sounds great that during the school day the school knows what room they are in. That's fine. The problem is that when kids walk home creepers can stalk them without being visible to the kids themselves. A potential abductor can lurk behind a fend, use a simple scanner to tell when the children have separated from a group, identify their exact location and abduct them knowing that the school has ensured that he (or she) has identified a child within a certain age bracket, their location and the potential location of friends who would miss them shortly.
Talk about someone working hard to put kids at severe risk!
-
Did you just make that? Jesus and Chippy!
-
@scottalanmiller said:
The problem is that when kids walk home creepers can stalk them without being visible to the kids themselves.
The range of RFID is really short (centimetres). Essentially you'd see the kids long long long long long before you got an RFID blip.
-
@MattSpeller said:
@scottalanmiller said:
The problem is that when kids walk home creepers can stalk them without being visible to the kids themselves.
The range of RFID is really short (centimetres). Essentially you'd see the kids long long long long long before you got an RFID blip.
Battery powered ones have a range of about 300 feet.
