Follow

I always see wallet and backpack commercials saying that they block RFID, but honestly how realistic are RFID "attacks" even?

I mean, it's not like there is some criminal with a card terminal quietly sneaking up on people and charging them with RFID, is there?

· · Web · 2 · 3 · 4

@oklomsy I've been wondering about this

Perhaps you could install an RFID terminal the same way as one of those metal detector gates at the airport - people would walk through a door and get charged without noticing?

Highly unlikely though. I don't believe that kind of attack is a considerable threat

@anarchiv Hmm... Probably... But you need to get really close, the card needs to be 1 or 2 centimeters close for it to even detect the card.

Eh, this whole RFID thing looks more like marketing buzzword to get people excited than actual safety.

@oklomsy @anarchiv
I got scolded at the US/Canada border once for not keeping my driver's license in the special RFID barrier envelope until the border agent asked for it :-(

@anarchiv @oklomsy
My hypothesis is that either my information was coming up on their screen when they were talking to the car in front of me, or, based on y'all saying RFID requires very close contact, not putting my ID in the sleeve ever (at the time I just kept my ID naked in my wallet) damaged the RFID components and they had to manually enter my info

@oklomsy @anarchiv
I _think_ you can get better range with a better antenna. But AFAIK the attacks are basically non-existent because:
- Most people have a sensible upper limit on payments before a pin has to be entered.
- The payment console has to be linked to a business account, finding mules for normal bank accounts isn't simple but for business accounts it's a lot harder still.

@kingannoy @anarchiv From my experience, the pin limit tends to be around 200dkk or 30 USD, anything higher than that we need to ask the customer to add a pin.

@anarchiv @oklomsy I've been playing with cloning my own cards and fobs and I guess it would be possible to clone randos' stuff as well, but I wouldn't personally worry about people running around with custom-made high-range readers that would be able to read your card at a whopping 15cm distance.

@oklomsy The wallets don't even block RFID scans. They're always shitty and ineffective Faraday cages. blackhillsinfosec.com/rfid-pro seems like a pretty good article on it. One of the RFID readers has a range of up to 25 feet.
also reddit.com/r/privacy/comments/

@cy @oklomsy very common in airports apparently. they just have to walk past a line of people to scrape whatever is broadcasting.
Sign in to participate in the conversation
Linux.Pizza

A instance dedicated - but not limited - to people with an interest in the GNU+Linux ecosystem and/or general tech. Sysadmins to enthusiasts, creators to movielovers - Welcome!