Dropsafe

by Alec Muffett

DIY RFID-blocking Equipment?

I was sent this link by a fellow geek:

DIFRWear

Our RFID Blocking Wallets ensure that cards with RFID tags within the wallet can NOT be read while the wallet is closed. This gives you the ability to control when, how and by whom your cards are accessed. To allow the RFID tag in the card to be read, simply open the wallet and direct it towards the reader.

http://www.difrwear.com/images/wallets_320.jpg

Governments, corporations, franchises and banks are now using RFID tags embedded in identification cards. These tags allow the cards to be read remotely. You may have one of these chips in your wallet or passport right now.

The RFID tags in identification cards have been shown to be insecure (Click here for examples of RFID insecurities). Attackers are able to read and copy information stored on these tags to create copies they can use themselves!

Now I’m not in a position to say whether these things work, since I lack both a “blocking” wallet and a RFID test rig with which to experiment; moreover since I am not in a position to fly to the States for a while, I am not going to be visiting my favourite toy store any time soon.

However, I would like to make an appeal for experimentation:

Some months ago I was learned of an old hack that UK-based IT consultants and Cable-TV company engineers used to use to disable their cellphones in such a way that they were not registered as “switched off” by the cellphone company.

The effect of this was that the person phoning the engineer would be told “the person being dialled is unobtainable”, rather than “the phone you are trying to reach is switched-off”.

This was beneficial because bonuses were paid for coverage and reachability (etc) and whilst it was not-OK to switch your phone off, it was perfectly acceptable to be in a cellphone reception “blackspot”, even if you happened to be carrying your blackspot around with you.

The method for “blackspotting” was simple: drop the phone into an anti-static bag:

Strong Signal Moderate Signal Weak Signal Weaker signal Dead

What I want to know is: does this work for RFID?

My preliminary experiments with some other RF-loop stored-value cards (the ones used around my office for food purchases) suggest that antistatic bags are not “proof” enough to resist the chirp and response of those systems; however there will certainly be some variations in signal strength, frequency, and potential for protection from passive sniffing rather than resisting a RF chirp from a distance of 2 inches.

So: if you have an RFID card, and a reader, could you please see if antistatic bags – applied as demonstrated – have any attenuation effect on the cards, and post a comment below?

Thanks!

Comments

11 responses to “DIY RFID-blocking Equipment?”

  1. Nobby
    re: DIY RFID-blocking Equipment?

    Easy way to check would be anti-static bag and an Oyster card. Or, if you have proximity scanners for building entrance etc. you it could be tested that way, either way I’ll have a go when i’m back in the office (friday) and let you know

    Reply
  2. alecm
    re: DIY RFID-blocking Equipment?

    That’s kinda what I was wondering: are Oyster cards “true” RFID (assuming such a thing exists?) or are they just another form of stored-value card?

    Likewise the chips in my cats, I suppose…

    Nonetheless I’m happy to collate results here.

    Reply
  3. Jonathan Oxer
    re: DIY RFID-blocking Equipment?

    I gave it a try with a 134.2KHz reader and the tag in my arm. The result was no signal attenuation at all: jon.oxer.com.au/blog/id/110

    Reply
  4. Jonathan Care
    Urban Myth?

    I don’t believe that the anti-static bag trick will work with mobile phones, unless you are already in an area with very low signal strength.

    Might work with RFID depending on signal strengths and proximity, but I’m doubtful. What’s the frequency range?

    Reply
  5. alecm
    re: Urban Myth?

    I don’t know the RFID frequency range, but if it is the 146 *KILO*hertz that Jonathan Oxer’s comment / blog suggests, then it is below longwave and will penetrate almost anything, even underwater to some depth…

    In which case I would very much like to know how the wallets block the traffic…

    Reply
  6. Jonathan Care
    re: Urban Myth?

    I suddenly felt an urge to research this.

    http://www.idtechex.com/products/en/articles/00000040.asp shows that there are five frequency bands in use: * Low Frequency (LF) 125-135 KHz * High Frequency (HF) 13.56 MHz * Ultra High Frequency (UHF) 868-930 MHz * Microwave 2.45 GHz * Microwave 5.8 GHz

    The page goes on to explain the applications, benefits and disadvantages of each wavelength.

    I’m guessing that the in-wallet cards are likely to be in the HF or UHF band, due to size of antenna, and the health risks perceived with microwave radiation. LF would also have a very slow rate of data transfer. Near field work is normally performed with HF kit, although a near field UHF coil has recently been developed.

    Reply
  7. Jonathan Oxer
    re: Urban Myth?

    Yes, and it’s even more complex than that: as well as various frequency ranges in use there are passive, active and semi-active tags, and then a variety of modulation schemes.

    As a massive generalisation, low(er) frequency tags tend to be passive and high(er) are active. LF tags have better penetration: low frequencies are attenuated less by things like water, hence the use of 125 or 134.2KHz for implantable tags. 125KHz is the frequency historically used for implantable tags in the US, which does things differently to the rest of the world (134.2KHz is the ISO-standard frequency for implantable tags and is used by every country except the US) although ISO-standard tags are starting to be used in the US now as well.

    There is an enormous variety of RFID technology. It can be pretty hard to get your head around it all.

    Reply
  8. Jonathan Care
    re: Urban Myth?

    I suddenly felt an urge to research this.

    http://www.idtechex.com/products/en/articles/00000040.asp shows that there are five frequency bands in use: * Low Frequency (LF) 125-135 KHz * High Frequency (HF) 13.56 MHz * Ultra High Frequency (UHF) 868-930 MHz * Microwave 2.45 GHz * Microwave 5.8 GHz

    The page goes on to explain the applications, benefits and disadvantages of each wavelength.

    I’m guessing that the in-wallet cards are likely to be in the HF or UHF band, due to size of antenna, and the health risks perceived with microwave radiation. LF would also have a very slow rate of data transfer. Near field work is normally performed with HF kit, although a near field UHF coil has recently been developed.

    Reply
  9. Chaynlynk
    re: DIY RFID-blocking Equipment?

    I just discovered that if i put 3 static bags over my already 7dbi AP antenna my signal drops from -46 to -71db. I quick search on google about this caused me to stumble on here.

    Reply
  10. Oldfart
    re: Urban Myth?

    The possible reason for the RFID wallet cards working is that the metallised film in the two faces of the wallet causes the RFID tag antenna to be detuned (Reduced Q)to the the extent that there is insufficient RF reaching the tag electronics. The anti static bags would have the same effect. More the better.

    Reply
  11. Bob

    I am currently using my phone which is wrapped multiple times in a big silver Mylar antistatic bag that’s used for motherboards. The phone is using 4g for internet access and currently is a wifi access point tethered to my laptop’s wifi. So I am typing and sending this comment via this setup and the mylar antistatic bag hasn’t blocked the 4g or wifi signal to from my phone. Phone reception however is on 1 bar in the bag as opposed to full signal bar when out of the bag but still gets tyxt and calls

    Actually as an update I tested the phone in the bag at different ranges, it defintely reduces the distance the wifi is accessable about within 2 meters or so.
    Also a friend called in coincidently just as I was doing this. Got the text but not the call.
    Interesting.

    A good article on what kind of signals mylar or other kinds of material can block is needed

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts