Electronic Pickpocket Stoppers
Wednesday, April 2, 2008
Stuck on the tarmac, flipping through a travel magazine, you're struck by the blurb for metal-lined wallets. Purpose: to prevent digital pickpocketing by blocking radio frequencies.
These handsome babies start at $79.99 and top out at the $225 Italian Leather Teju Lizard Embossed Travel Wallet.
Your reaction: Wow! Luxury accessories for paranoids!
But you would be wrong. Maybe.
Because, says electronic security expert Bruce Schneier, crystallizing the view of many: "As weird as it sounds, wrapping your passport in tinfoil helps. The tinfoil people, in this case, happen to be correct."
The issue is bigger than just the new style of passports, which contain chips that emit information that can be read by a scanner. We're also talking about your Metro SmarTrip card, your employee ID/building access card, your automatic highway toll pass, the newest wave of credit cards and gas purchasing cards, even digital drivers' licenses being developed in some states.
All of these nifty and oh-so-convenient bits of plastic employ versions of what's known as radio frequency identification technology, or RFID. That is, they toss out bits of data that are caught by receivers, with little or no contact, just through the air in some cases. The new credit cards, such as MasterCard's PayPass, don't have to be swiped through a machine. Swiping is so retro, and takes precious extra seconds. You need only lightly tap the PayPass on a terminal to register a purchase.
Neato. It feels as if you're living in the future, or in an episode of "24," when you slap your purse on the Metro turnstile and the gate opens, or you wave your ID badge at a node on the wall and your office door beeps open (and then your face and all your recent movements around the office -- yikes! -- pop up on the security guard's computer).
But alas, just as every problem has a solution, so every solution has a problem, right?
According to some security gurus, even when there is no receiver in the vicinity, your digital secrets are leaking merrily from the cards in your wallet, like sound from a radio that you can't turn off.
So, conceivably, a pickpocket with a laptop and an antenna could lift the digital contents of your wallet. This modern, hypothetical Artful Dodger would never reach his fingers under your jacket. He'd be that guy slouched on a bench in Union Station with a backpack, vacuuming up bits and bytes as crowds flowed past. Behind your back, the contents of your wallet may be talking about you, digitally, to perfect strangers.
Paranoid? The scenario has mainly been reenacted by researcher-hackers under simulated conditions. The makers and issuers of RFID cards insist the data are encrypted and safe. Yet some security watchdogs assert the need to cover, or shield, these cards when they aren't in use. A thin metalized nylon can do the trick, based on the classic Faraday cage design, to disrupt RFID communications.