RFID-Blocking Blazer and Jeans Could Stop Wireless Identity Theft 110
An anonymous reader writes A pair of trousers and blazer have been developed by San Francisco-based clothing company Betabrand and anti-virus group Norton that are able to prevent identity theft by blocking wireless signals. The READY Active Jeans and the Work-It Blazer contain RFID-blocking fabric within the pockets' lining designed to prevent hacking through radio frequency identification (RFID) signals emitted from e-passports and contactless payment card chips. According to the clothing brand, this form of hacking is an increasing threat, with "more than 10 million identities digitally pick pocketed every year [and] 70% of all credit cards vulnerable to such attacks by 2015."
signal blocking (Score:5, Insightful)
Re: signal blocking (Score:1)
Agreed. I have a Samsonute wallet with rfid blocking material. It works nicely, and it doesn't mess with my cellphone.
Re: (Score:2)
Maybe I'm confused by the story, but what has RFID in it? I thought these new currency things used NFC which is normally able to be turned off.
Re:signal blocking (Score:5, Funny)
If you build radio signal blocking into all of your pockets, doesn't that also screw up your cell phone from getting a call?
And the downside is?
Re: (Score:2)
If you build radio signal blocking into all of your pockets, doesn't that also screw up your cell phone from getting a call?
And the downside is?
Phone getting hot and battery drowned.
Re: signal blocking (Score:1)
The weight of carrying a phone and expense of buying it when you didn't want to get any calls in the first place.
Re: (Score:3, Interesting)
I have a friend who is just flabbergasted at the idea that I sometimes just turn my ringer off and don't take calls.
I like to be able to take calls or to make them when I want to. I like having a mobile gps device and all that.... um, I like having a phone, but sometimes, I don't want to be disturbed, and sometimes Iforget to turn that off for a day or two...oops... but I can still call out and thats what I pay the bill for.....
Re: (Score:2)
I have a friend who is just flabbergasted at the idea that I sometimes just turn my ringer off and don't take calls.
I've seen people freak when in areas with no coverage. "What if someone tries to call or text me?"
Smartphones are as addictive as meth.
Re:The downside is? (Score:2)
TSA search at the airport
Re: (Score:1, Informative)
If you build radio signal blocking into all of your pockets, doesn't that also screw up your cell phone from getting a call?
Yes and no.
If the signal blocking is wide-band it will screw up your cell phone. It will probably increase signal strength to get through and drain the batteries more than necessary.
The thing is that RFID typically works on the comparably low frequencies 125 kHz and 13 MHz while cell phones works higher up on 800 MHz and above.
That means that you can create a grid that blocks the lower frequencies while letting the higher frequencies through.
Re: (Score:2)
The thing is that RFID typically works on the comparably low frequencies 125 kHz and 13 MHz while cell phones works higher up on 800 MHz and above.That means that you can create a grid that blocks the lower frequencies while letting the higher frequencies through.
True, although it shouldn't matter in this case, because the spacing of the grid which controls the highest frequency blocked, means that on clothing, it's going to have to be pretty close. It's related to how Cell phones will work in Cars, because of those holes in teh metal cage of the car.
It's possible to build a cage that will block lower frequencies but not cell frequencies, like my car example, but the reverse is not true. For human sized clothing, I'd wager that they just have closely spaced metal
Re: (Score:3)
If the wireless cards don't have ample protection against copying of information and forging then the platform design is flawed.
A correctly designed public key infrastructure solution would be a lot harder to crack. Cards shall only reveal sensitive information to authorized readers, readers verify that the cards aren't forged.
The only thing left is the human factor.
Re: (Score:2)
Re: (Score:2)
There is no need for payment cards to ever reveal any information that can be used for identity theft, except for the card number. That on its own isn't much use.
All you need for a transaction is the card number and a challenge/response to confirm that the card is the one it claims to be.
Re: (Score:2)
Of course it's flawed. It's been flawed since it was introduced. This was introduced by credit/debit companies to make it more convenient so people would use it more so they'd collect more fees.
The first time I saw one I thought it was dangerous and idiotic. I largely still do because it's un-authenticated. Sadly, pretty much every card comes with it now.
When will people unders
Re: (Score:2)
If the wireless cards don't have ample protection against copying of information and forging then the platform design is flawed.
Of course it is. When they design these things, security is last on the list.
Re: (Score:3)
If you build radio signal blocking into all of your pockets, doesn't that also screw up your cell phone from getting a call? And wouldn't it muck with my keyless entry system on my car where I just carry the fob in my pocket and the car will know when it is me trying to get in or start it?
First off, yer not carrying that phone right. Both hands on the phone held out in front of you, head and eyes down, checking your facebook page. Style points for walking into traffic.
But seriously, if you are wearing a Faraday cage, rf signals will be blocked. In addition, when in that state, the phone will be trying to "phone home to report it's position at it's highest available power, so will drain the batteries quickly.
But to me, it just seems like a better idea is a Faraday wallet. Because if you
Re: (Score:1)
while you are at it (Score:4, Informative)
Re:while you are at it (Score:5, Funny)
Why not trousers+condoms all built-in...this has to be the more stupid informercial I have seen here for a while.
This is slashdot, advertising condoms here would be like targeting the Taliban with whisky ads.
Re: (Score:3)
Neckbeards having sex with drunken Muslim fundamentalists?
I think you might be on to something...
Re: (Score:1)
Not whisky. The Taliban drink tharra [wikipedia.org]
Brilliant idea (Score:5, Insightful)
People will replace all their clothes, rather than buying one tinfoil case/pouch per device. Makes total sense.
Re: Brilliant idea (Score:1)
It's developed by Norton, of course it will be bloatwear.
Re: (Score:3)
Tinfoil hat (Score:2)
For full garment
why not just carry around a portable EMP generator (Score:3, Funny)
That's what I do.
Re: (Score:2)
That's what I do.
"And that's why I no longer fly anywhere..."
Re: (Score:3)
I wear a nylon sweater to build up some static charge. Zaps any RFID readers that try to steal my identity in a brush-up attack. I don't half go through a lot of phones though.
Hope it works better then my wallet (Score:5, Interesting)
Paid extra for an RFID blocking wallet. Tested it out the next time I had to pay for lunch with my RFID card.
Placed wallet on reader, card is somewhere in the middle, beeep, thanks for you payment - fuck.
My wallet is a "Protact" with the A written like a German AE. 100% rip off, hope these pants are better.
Re:Hope it works better then my wallet (Score:5, Informative)
I found the el-cheapo cardboard sleeves with a foil lining to be entirely adequate. 5 in a pack for a few dollars. I've not replaced the first one yet (I only have one NFC capable credit card).
Re:Hope it works better then my wallet (Score:4, Interesting)
The solution is to make the cards secure. So far there have been no known contractless payment thefts via "walk by" attack, so it seems like the security works. I've been using such cards for a decade now without issue so at this point I trust them.
It's things like passports that are more at risk, since an attacker can read some personal data from them (payment cards are either anonymous or don't provide things like your name, they only allow transactions). Fortunately I don't carry my passport most of the time.
Re: (Score:2)
Passports are easy. Just microwave the thing. Fries the chip but looks normal. "I don't know why it doesn't work,officer."
Re: (Score:3)
Passports are easy. Just microwave the thing. Fries the chip but looks normal. "I don't know why it doesn't work,officer."
Got my passport in 2006, don't think it has RFID. My VISA card does - or did until I centered a hole punch over the chip and whacked it with a hammer. That was strangely satisfying :-)
Re: (Score:2)
Got my passport in 2006, don't think it has RFID. My VISA card does - or did until I centered a hole punch over the chip and whacked it with a hammer. That was strangely satisfying :-)
I really don't understand this logic. Yes, wireless connections to the card are a risk (and I say that as someone who took measures to shield my wallet), but that risk is minuscule in comparison to the risks associated with using the magstripe (vulnerable to skimming) instead of the chip (uses challenge and response).
These days, if someone requires me to use magstripe, I look at the terminal extremely carefully before swiping.
Re: (Score:2)
Yes, wireless connections to the card are a risk ... but that risk is minuscule in comparison to the risks associated with using the magstripe (vulnerable to skimming) instead of the chip (uses challenge and response). These days, if someone requires me to use magstripe, I look at the terminal extremely carefully before swiping.
The VISA Pay Wave doesn't have user challenge/response, it's simply a wireless magstripe. It's just a gimmick and really no faster than swiping the card. Skimming at a POS terminal - other than at a gas station or older ATM - is pretty rare (and/or ballsy) and I've personally never heard/read about it anywhere. I live in the US, so your mileage may vary elsewhere...
Re: (Score:2)
The VISA Pay Wave doesn't have user challenge/response, it's simply a wireless magstripe.
Do you have a citation for that? It seems odd to me that they would use such a weak mechanism, when the existing chip already uses challenge/response.
The standard used is ISO/IEC 14443 [iso.org], which enables half-duplex communications, suggesting that challenge/response is at least plausible.
Additionally, in my country (Australia), I found that when they introduced PIN-less transactions for contact less cards below a certain threshold ($100), PINs were no longer required when the chip was inserted, which is consist
Re: (Score:2)
The VISA Pay Wave doesn't have user challenge/response, it's simply a wireless magstripe.
Do you have a citation for that?
Sure, every TV commercial showing someone using Pay Wave - tap, (beep/flash), done. In addition, it's advertised as being faster than just swiping. Having to type in a PIN isn't faster. The US is supposed to move to Chip and PIN next year for CC - I think debit cards usually need a PIN already (not sure, I would *never* use a debit card). Often no signature/PIN is required for common purchases (like food) if under $50 - both CC and debit.
Re: (Score:2)
Ah, I think you misunderstood me. When I said that it uses challenge-response, I was referring to the cryptographic challenge-response (e.g. the card receives a message, signs it with a private key, then transmits the signature), in contrast to magstripe, where data is simply read from the stripe.
Re: (Score:1)
Place your credit card against a dolphin torch and turn it on. You'll see a dark outline inside the edge of the card. This is the antenna.
Take a stanley knife, cut out a 4mm wide section across the entire antenna. Once you cut deep enough, you'll find wire tracks. Cut out an entire section of the antenna, making sure you get all the windings in that section (In my card it wrapped around the edge 4 times).
Put a dab of superglue over the square you just cut out to stop the card from delaminating.
The RFID on y
Re: (Score:1)
I bought a wallet branded as "Traveler". Works like a charm. Put my RFID security card inside, couldn't get into the office without taking the card out.
Re: (Score:2)
I don't know why we persist with such horrible security for an unnecessary convenience. If you have to wrap your card in foil or use a stainless steel wallet or buy special clothes, isn't the convenience lost at that point?
Calling it fraud could stop identity theft (Score:5, Insightful)
You know what could completely stop identity theft? Holding banks responsible for the loss when they were tricked by some thief pretending to their customers. You will see them tightening their authentication and fraud detection overnight.
You know why some countries don't have any identity theft at all? They held banks and companies responsible when they were defrauded, and won't let them pass the loss to their customers by claiming "identity theft".
Re:Calling it fraud could stop identity theft (Score:4, Informative)
You know what could completely stop identity theft? Holding banks responsible for the loss when they were tricked by some thief pretending to their customers. You will see them tightening their authentication and fraud detection overnight.
This is how it already works in the USA. By law, customers can only be held liable for up to $50 for credit card fraud, and almost all banks just offer the courtesy of reducing the liability to zero (you have to be with an incredibly shitty one and/or have a VERY shitty credit rating for them to not do this.)
And if somebody steals your identity by taking out loans in your name, it's on the lender to prove that you were the one who actually took out the loan to begin with. It's inconvenient as hell granted because of all of the shit you have to go through to sort it out, but at the end of the day you don't have to pay anything to the banks if you're the victim, and the banks are the ones that lose.
Identity theft still happens anyways because whether the thief steals from you or the bank, they still make money out of the deal (unless they get caught.)
Re:Calling it fraud could stop identity theft (Score:4, Informative)
And if somebody steals your identity by taking out loans in your name, it's on the lender to prove that you were the one who actually took out the loan to begin with. It's inconvenient as hell granted because of all of the shit you have to go through to sort it out
And that's why you're wrong. It's on YOU to prove that the loan is fraudulent. My identity was stolen by an illegal mexican who "bought" a car. Now that's on my record until I go to court and prove that it wasn't me.
Re: (Score:1)
i think you need to reread your parent. i think the lack of a subjunctive that threw me off on the first read.
"if a loan taken out by somebody else were automatically considered fraud, it would be up to the banks
to document that you made the loan."
i'm not sure if the reason cc transactions are covered in the way that they are is because fraud, though.
Re: (Score:3)
You're both right, you're both wrong.
The burden is on the bank to force you, via the law, to repay them. The burden is on the person to clear their credit report of the issue.
Now, the desirability of having a large system that operates under "guilty until proven innocent" and, while not having the force of law, is still pretty vital to living in America.... well, that's a different story.
Re: (Score:2)
That's the way it is in the UK. The banks still try to trick the victim into saying that they made some kind of mistake, or argue that a lack of up to date anti-virus on your PC makes you liable, or that their security is perfect so it simply must have been your fault. In the end though if you stick to your guns they have to pay up.
Re: (Score:2)
This doesn't solve the problem at all (Score:4, Insightful)
Re: (Score:2)
Or at least use a properly designed PKI solution?
Re: (Score:3)
The RFID/NFC tag on your passport requires a lot of your private information already as the private key to decrypt it. And even then, the biggest additional piece of information at the first level of encryption it gives you is your picture (the same picture that's already in your passport).
Users with Android phones with NFC capabilities can check this for themselves [google.com].
Every time an official checks your passport, that digital picture is only used to verify that the physical picture on the passport hasn't been
Re: (Score:1)
It might make the Passport safer, but it's certainly not preventing identity theft.
Re: (Score:3)
Do any cards actually have that kind of data available over wireless comms? Passports do, but most people don't carry them regularly. Bank cards and the like usually don't, they only supply the card number and a challenge/response mechanism. The card number alone isn't enough to make fraudulent transactions.
"More than 10 million identities"? (Score:1)
There was an article not so long ago where a national is card in south Korea was used as target. If I remember correctly that over 50% of the population suffers from identity theft.
So there is clothing... (Score:5, Insightful)
Re:So there is clothing... (Score:4, Insightful)
I wish I had mod points. This is the first thing I thought of. Except why bother to only steal more clothes?
Re: (Score:2)
So you don't think there are people who shoplift out of designer stores to resell?
Re: (Score:1)
I meant, there are more things protected by RFID than just clothes. :P
Re:For those who didn't read (Score:2)
It is only the pockets that are protected. Good luck getting that pair of jeans in your pocket.
Are you only planning on stealing ladies underwear?
Perfect! I combine it with my tinfoil hat (Score:2)
Well great idea. First, I chip me, my clothes, my belongings, my accessories. And then I use a tinfoil jacket and trousers to block them all. Great idea. On a second thought. Such clothes are the perfect addition to my tinfoil hat. However, for complete protection I would recommend tinfoil underwear, socks, and - because this is slashdot - condoms to be absolutely safe.
It's by Norton... (Score:5, Funny)
When you're wearing the jeans your legs will only move at two-thirds normal speed. You have to have the blazer dry cleaned, and specifically by Norton, once a year otherwise it and the trousers may cease to function and leave you naked out on the street one day.
Re: (Score:2)
NOT RFID! (Score:2)
Every time this come up, its RFID ePassport this and RFID credit card that. None of these use RFID at all, the technology used is NFC. As for the RFID blocking jacked, pants, wallet etc. I have tried a number of these and yes they are good at blocking RFID access tags, but do only a little to reduce the range of NFC.
Re: (Score:1)
Speaking of theft, what about actual theft? (Score:1)
These clothes will be easy to steal, because you can just wrap them up in a wad and they will block their own theft tag. And once you've stolen them, you can use them to steal other items, because they will block theft tags. Sounds awesome for theives and like total wankery for everyone else.
Here's an idea (Score:2)
Just stop with all the RFID bullshit on credit and debit cards! Really, is that extra few seconds taken to insert and enter a PIN such an onerous burden? People in that much of a hurry aren't likely to use that precious sliver of time to stop and smell the roses anyway.
For those worried about cell phones and the like, I suspect the new-style duds will do little or nothing to impede those signals. They're a couple of orders of magnitude higher in frequency than the current RFID payment systems, and they use
solution in search of a problem? (Score:1)
None of my credit cards are RFID. The only cards I have ever had that are RFID/NFC are hotel keys, and conference cards. My passport cover itself blocks RFID scanning - US passports only work if open.
And of course the sensationalism of the quote "more than 10 million identities digitally pick pocketed every year [and] 70% of all credit cards vulnerable to such attacks by 2015" - really? There are many problems with statements like this - but I am sure the Marketing group came up with them:
- stealing a credi
Do they have hats too? (Score:2)
Back pockets not secure (Score:3)
keeping a wallet in a back pocket is a silly thing to do anyway - easy for (physical) pick pockets to lift stuff from there.
Where to find a good RFID blocking wallet (Score:2)
I would like to buy a simple RFID blocking wallet. I can find a lot of them on Amazon, but none seem to have a coin compartment. I currently use a Lifeventure wallet [lifeventure.co.uk], and I would like to get something similar. Ideally it would have the outside blocked, the inside not. So when you open it, you would be able to hold the card to an RFID scanner, without having to take it out.
All suggestions are welcome!
Columbia makes RFID blocking wallets (Score:2)
They have both bifold and trifold. Don't know how well they work, though.
"Going equipped" (Score:2)
Until you get charged with "Going equipped for stealing" an offence under the Theft Act. Since blocking RFID will block most shop security devices. Perhaps Blazers will become the new uniform for shop lifters.
As fashion statements go ... (Score:2)
REquest the right card (Score:2)
You know you can request Credit cards and IDs without the RFID chip in it. I do this all the time with Visa and AMEX. I request cards without the Chip.... problem solved.
Laugh (Score:1)
Stupid idea, instead just make wallets, phone sleeves or other small item carriers with the lining.
I'll wait for SP1 ... (Score:2)
... I'm not an early adopter.
It's fixing the wrong thing (Score:2)
If the card companies are depending on the cardholder's pants for improving security, then their system is broken.