Readers had insightful comments about the short-range RFID tag embedded in my new credit card
Thanks to all of you who had comments and provided some additional insight on my recent column "RFID hits me in wallet, literally". In brief, I was concerned about wireless security and hackers despite the promised short range of just 2 inches (5 cm) for my new credit card's RFID "feature". I also wondered exactly what the user benefit was of such a short-range link, compared to an old-fashioned manual swipe through a standard card reader. My initial plan was to try to shield the RFID part of the card card using aluminum foil, or perhaps even mu-metal if I could get some of it as a thin foil.
Among the things which readers told me were these (I haven't verified any of them, so judge for yourself):
- I should smash the RF IC in the card with hammer, but try not to deface the card (hmmm, sounds possibly effective but also crude and risky).
- If the card uses 13.6 MHz or even UHF, the foil shielding may work. If the card uses a lower frequency, it may be necessary to use a full metal enclosed or shielded bag. A static-proof bag ued to shop and handle ICs and PCBs may be sufficient.
- You can get a wallet with a steel mesh woven in, for RF protection; one reader saw it in the Hammacher Schlemmer section of the Skymall catalog, here.
- Another reader noted that his university uses these contact-less, wireless cards for their entrance ID, so you do not have to remove the card from your wallet. But, he adds, he also has a similar card for the local metro, and the card reader sometimes gets confused. Is this a hardware problem, sprecturm issue, data issue, or poor implementation at the reader and software end? Don't know and can't say!
Of course, one way to "solve" the multiple-card problem is to eliminate multiple cards altogether. Each person will just have a single RFID chip encompassing all their accounts in their wallet or maybe under their skin. There is a dark side to this: you can be cut off and made to disappear from society, so to speak, with a few keystrokes at the administrative level, and so become invisible or a non-person. Think, for example, of Orwell's novel 1984
, the 1996 movie Eraser
(starring Arnold Schwarzenegger), the 1967 novel Logan's Run
(and made into a movie in 1976), the short story 'Repent, Harlequin!' Said the Ticktockman
by Harlan Ellison, or any one of many other speculative-science and science-fiction stories.
So, what am I going to do? I think I'll use my old friend ESD first, and try to zap the card's electronics with a good, solid 20 to 30 kV spark. This should have no effect on the plastic material of the card itself (I'll test on an old card to be sure) and probably no effect on the magnetic stripe which is there as back-up for the RF link.
But here's my real problem: I don't have a card reader, wireless or other, nor reader interpretation software, so how do I test the effectiveness of the ESD zap, the aluminum foil or other shielding, or any other hardware scheme I am trying? Will I have to keep going back to the register at a store while making small purchases of gum, candy, and similar, and look like a nutcase? Once again, it's the test and assessment phase of the project that will be the real challenge. ♦