Bruce Schneier
Schneier on Security
A blog covering security and security technology.
« Reflections of a Former U-2 Pilot | Main | "If You See Something, Say Something" »
May 11, 2010
Biometric Wallet
Cool idea, or dumb idea?
Its features include:
- Fingerprint access only
- Bluetooth enabled for notification alerts—automated notification via bluetooth if your wallet strays more than 10 feet from your body
- Protected against RFID electronic theft—the case shields all contents from RFID scanners
Posted on May 11, 2010 at 12:27 PM • 65 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
HJohn • May 11, 2010 12:40 PM
I guess it depends on what one is trying to protect.
My question is which is more likely: getting my wallet stolen and this handy-dandy device saving the day, or being locked out of my credit card due to some sort of malfunction?
Aaron Andrusko • May 11, 2010 12:54 PM
Seems like BS to me. Keeps the owner out some of the time, yet the pickpocket has all the time in the world to get into it. Diamond disc + dremel tool.
GreenSquirrel • May 11, 2010 12:58 PM
Can I vote for a cool dumb idea.
Cool because its a TOY. Gadgetry is always cool...
Dumb because its pretty pointless, doesnt make your stuff any safer and is a pretty large waste of money.
(now if it wasnt for cool and dumb ideas, admittedly cooler and dumber, then there is a large IT industry that wouldnt exist)
jfm3 • May 11, 2010 1:05 PM
It's a dumb idea.
1) The fingerprint scanner would either have an unacceptably high false positive rate, or an even more unacceptable high false negative rate.
2) Thieves generally have access to hack saws.
3) How are they going to tell the wallet is more than 10' away from *my* body? I smell snake oil.
4) The thing is ugly, bulky, and has conspicuous logos all over it. They may as well sharpie their corporate logo on my forehead. Yeesh.
There's a germ of a good idea here, which is adding security features to your wallet. But this ain't it.
piet • May 11, 2010 1:10 PM
Fingerprint: useless, how hard is it to break into a wallet?
Bluetooth notification: 10 ft away and you will never find the guy who took your wallet anyway.
Anti-RFID: cool, more and more cards will get RFID chips, and leaking less info is good.
peri • May 11, 2010 1:25 PM
What a coincidence: I am selling a related product!
My product is a faraday cage purse that you can keep these stolen wallets in. The purse comes with a hacksaw and smartphone wallet detector that finds and displays these wallets' locations; based on Bluetooth. Every purchase comes with three free fake wallets with fingerprint scanners that will send all the scans to a throwaway email account.
Calvin Culus • May 11, 2010 1:28 PM
If the alternative costs of the $400 @ 5% p.a. are $20, then to make a rational decision one needs to know one's aversion to risk and the expected costs of losing one's wallet.
My personal preference is to carry $10 in loose change and a credit card in my pants' pocket, but have $390 more margin with my broker.
Dave • May 11, 2010 1:31 PM
The alarm might be useful, and would help in the case of leaving your wallet somewhere as well as having your pocket picked. If the thief got away with it, though, I would not trust any physical measures to keep him/her out indefinitely. Even if you could hypothetically guarantee that the wallet could never be physically broken into, that doesn't get you your wallet back. You'd still have to cancel all your cards if only to get new ones. Physical impenetrability would at least protect your identity, but like I said, I don't trust it to do that indefinitely.
Wesley McGrew • May 11, 2010 1:31 PM
Nice gimmick, but ultimately worthless.
As others have pointed out, if I were to steal this wallet, I'd either be too-far-gone by the time it notified via bluetooth, or I'd have the foresight to throw it in something that would block the signal.
Then I can slice/saw/smash it apart at my leisure.
The locking features would serve as good tamper-evident protection, but I'm not likely going to give it back to the person I stole it from, so it doesn't really matter.
HJohn • May 11, 2010 1:33 PM
@piet: "10 ft away and you will never find the guy who took your wallet anyway."
__________
Unless you are willing to start searching everyone within 10 feet during Mardi Gras, by force if necessary.
What could possible go wrong?
tjvm • May 11, 2010 1:35 PM
"How are they going to tell the wallet is more than 10' away from *my* body? I smell snake oil."
From the web site, it looks like it's paired to your mobile phone. This, of course, raises the question of what happens if you want to go somewhere with your wallet but without your cell phone. Will there be an alarm emanating from your pocket the whole time?
K4L4M4R1S • May 11, 2010 1:39 PM
Just reverse the idea: make all the wallet content as digital content and put it into a real secure device. iPhone and Android start to be the premise of that, but security features (Confidentiality .Integrity .Accountability .Availability) is not yet present. A remote reset will permit to erase the content. Payment features. Digital ID(s) should be supported.
It will come ... hackers will be happy. No more pick pockets.
ebr • May 11, 2010 1:40 PM
fingerprint access: I suspect good scissors would defeat the wallet
Bluetooth Alarm: No, just put your wallet on a chain (like I used to do in high school, when I was cool)
RFID shielding...could be very good...if I kept anything in my wallet that used RFID
Now if I could put my passport in this sort of security wallet, that would be worthwhile (although some way to attach a chain would be cool too)
James • May 11, 2010 1:42 PM
It's an interesting idea. Will it solve every possible security risk (hacksaw, hammer, etc)? No.
However, it's better than nothing. Some might say that having something like this might deter a person from real security (such as putting it in a safe place), but we forget that security is not absolute going one day from insecurity to security the next day. Sometimes it is done incrementally. Besides, as some have mentioned, a lost wallet is a more common occurance. It is possible to tell whether it is 10' away using some signal strengh (the user has to wear some bluetooth device I guess for this to work and this can fail).
If the price is $400 then it really is a waste of time. Cost benefit wise there's not that much gain and a lot of loss. Interesting application of fingerprint sensors though.
NotAllSilly • May 11, 2010 1:51 PM
The evaluator is in the medical field where they have strict inappropriate data disclosure requirements.
I can imagine that determining a wallet is lost in that scenario is worth the $400 purchase price. Most of us don't have information worth $400 that's worth protecting, but it's not hard to imagine a doctor might.
The user of the fingerprint scanner is useful as a deterrent against the curious wallet finder as opposed to a dedicated thief.
Alan Kaminsky • May 11, 2010 2:03 PM
I tend to think the purse mentioned in the following article would be more effective than this wallet:
http://books.google.com/books?...
(MAD Magazine, September 1973)
Ram Dobson • May 11, 2010 2:06 PM
the main feature here is the notification. I assume the way it works is by pairing with my phone or something... then if my phone loses contact with the wallet it bitches, and i turn around and pick my wallet off the seat i left it on...
or if someone bumps into me and lifts the wallet, they only get 10ft before i turn around and start chasing them... that helps.
finally, the kevlar/fingerprint is good because it prevents a thief from just taking the stuff out of the wallet and placing the empty wallet back in my pocket, or handing the stuff off to a friend and then running in different directions.
i say it makes stealing a wallet harder. My wallet never has more than $100 and my credit cards / drivers license. If i had more valuable things, it might be worth the contrivance and cost.
this would be more useful if it allowed me to geo-locate the wallet, say turning on it's radio when it loses sync. (faraday bag still nulls this though...)
mcb • May 11, 2010 2:20 PM
Why not go the last step and use a thumbprint activated wireless smartcard for credit/debit, operator's licenses, passport/visas, toll/transport passes, insurance/benefits entitlement cards, school IDs, network access credential, password locker, biometric storage, and crypto keys?
dragonfrog • May 11, 2010 2:24 PM
As said already - it's kind of cool, but also really really dumb.
It achieves nothing that a short length of light chain fastened to your belt doesn't do better, and with both lower false negatives and lower false positives.
That said, the proposed countermeasures people have come up with for the bluetooth "feature" wouldn't work. Once the phone notices it's not getting a signal from the wallet anymore, the phone sets off an alarm (not the wallet).
How it works is: someone picks your pocket, takes your wallet but not your phone, and gets 10' away from you, around which point you might normally notice that your wallet is missing and turn to chase the person who just bumped into you. Just then your phone makes an unusual noise, which distracts you from the retreating thief. You fumble your phone out of your other pocket, unlock the screen, and finally realize that the pickpocket is now long gone.
Similarly, the issue of an alarm sounding in your pocket all the time would come up if you went out without your wallet, not without your phone.
Dean Reimer • May 11, 2010 2:26 PM
I think the big advantage of notification is that you can quickly search for a misplaced wallet and, if you can't find it, you can notify the credit card companies immediately before a thief has a chance to make any charges. Sometimes people can misplace their wallet or have it stolen and not realize they are missing it for some time.
What would make the wallet truly cool, though, would be an EMP generator that would annihilate all electromagnetically stored data on your cards in the event the wallet was forcibly opened. It would be rather inconvenient if the fingerprint scanner packed it in, but imagine the impress-your-friends factor!
dragonfrog • May 11, 2010 2:37 PM
@James
The interesting question isn't whether it's better than nothing (something I'm not convinced of, incidentally) - it's whether it's better at its price than existing measures.
A length of light chain or elastic cord, some grommets, one large and one small O-ring, will be more effective than this, cost two orders of magnitude less money, not run out of batteries, and not require carrying an additional expensive and thievable device (the smart phone) to make it work.
As to whether this actually is better than nothing, consider that nothing doesn't have this wonderful feature: if a mugger takes your wallet but forgets your iPhone, he's ensured that you won't get more than 10' away before he's reminded to go back and finish the job.
Ack • May 11, 2010 2:50 PM
I don't care how cool it is, a 600 dollar wallet is just silly.
Anti-RFID is a nice feature tho. The rest is junk IMO.
Darron • May 11, 2010 3:06 PM
Carbon Fiber "Five times stronger and two time stiffer than steel". Unless you try to cut it with a knife, then it's much weaker. Or squeeze it in a direction it wasn't designed to resist. Watch Formula-1 cars shatter their suspensions when they hit a curb too hard at the wrong angle.
I presume that the proximity alarm is a sound produced by the wallet, since it works with "any BlueTooth pairable phone". That's better than the phone screaming, since it will probably induce the thief to drop the wallet and make good his escape.
a. • May 11, 2010 3:53 PM
Stupid idea.
Wallet is a container for the things you don't want stolen - money, cards, passport etc.
Where you place your wallet is more relevant than whether it has iIPv6 notifications, GPS and fingerprint and whatnot implemented. At the bottom of my really old backpack, in the middle of other junk: fine. In the back pocket or bag pocket that can be opened without you noticing: blame yourself.
If moving in pickpocket prone area, take some precautions. Have a cheap wallet (or no wallet at all). Keep only small change and useless cards in it. The stuff you don't want stolen you can keep creatively, somewhere where you know where they are, and not in those 3 places where the German old tourists keep them after reading in a tourist guide how to keep safe.
For passport I have a faraday cage; layers of tin foil and tape and built to shape. Building one with duct tape and tin foil costs less than $ 2, and it works (test with a mobile phone inside; if it doesn't get reception it's good). And the passport doesn't have to be carried with all the time either.
BF Skinner • May 11, 2010 3:56 PM
"a 600 dollar wallet is just silly. "
Said the person who has never had a serious Bruno Magli shoe decision to make. :)
Dumb. I have never had to get my RFID pass to the office building out of my wallet, and always counted that as incredible advantage of the RFID technology over the regular ID, and this wallet denies exactly that advantage.
Harvey MacDonald • May 11, 2010 4:11 PM
I personally prefer allowing thieves to steal my remote-detonation grenade wallet. The false positives are a little hard to take, but it is awesome when it works.
Shane • May 11, 2010 4:26 PM
My wallet has a chain attached to it, which is in turn attached to my pants. It is already orders of magnitude cheaper than this, and undoubtedly more effective.
Dumb.
The only 'neat' feature *might have been the RFID shield, if it weren't for the fact that it completely nullifies the only real convenience RFID provides in the first place.
Kind of makes you wonder, though, why RFID exists at all, given that its usability is directly proportional to its vulnerability.
Direct link to the product website: http://www.tungstenw.com/pages/Home/62/
It looks like the fingerprint scanner is the same as is used on (for example) Lenovo notebooks; ie. a basic swipe-scanner.
Re: scissors opening the wallet, this doesn't appear to be a soft-shelled wallet, but a solid lockable device. Nothing a dremel couldn't open, though, unless there are countermeasures to destroy the contents.
I'll mirror almost everyone above: the RFID protection is cool, everything else looks pretty gimmicky to me. The Bluetooth pairing, in particular, seems like one of those deceptively bad ideas.
Also, just a correction to at least one person above: the Bluetooth pairing causes an alarm to trigger in the wallet itself, not on your phone. (The video on the product website is a little more illuminating about how the whole thing works.)
Florian • May 11, 2010 4:51 PM
Funny: Hiding RFID but active Bluetooth at the same time. I would guess, that those can be tracked from far away with a good antenna even better than RFID. Furthermore, they should be a good target, since the owner spend so much money for it he should have something good to put into. If I were a bad guy and those purses common, I would get together with a bad guy buddy of mine, get my laptop, buy some copper, turn a cellular into a small range BT scanner/jammer and get 10m away really quick without anyone noticing.
Sean • May 11, 2010 10:13 PM
The alarm is a good idea, although I'd trigger it at a shorter distance than 10'. The lock? Meh, it will be bypassed. RFID blocking? Always good.
Matt • May 11, 2010 11:38 PM
All the dumb people I know already spent thier $600 on a 32GB WiFi iPad...
AC2 • May 12, 2010 12:10 AM
@Matt
Exactly what I thought when I first read this :-)
But clearly there are dumber ideas around like 'Quantum Money', link:
http://www.newscientist.com/article/...
Though taken to its logical conclusion we could also have a 'Quatum Wallet', which is/ is not in your pocket depending on who is groping around for it?
Of course would be hard to figure out when it is 'lost'...
travelgirl • May 12, 2010 1:16 AM
am i the only person who thinks people will simply take a finger off the person with the wallet? does the wallet require a heartbeat to go with the finger?
Vic • May 12, 2010 2:44 AM
Definately a cool dumb idea.
Cool because, well, it really is a cool gadget in my opinion.
Dumb because it really does not do much to protect you and the contents of your wallet. First it acts like a big flashing sign above your head that blinks saying "I have valuabe stuff in my wallet". Second, alarm when it's 3m from you is pointless, if it's 3m from you it's most likely gone for good, either you won't be able to catch the thief or identify them in crowd. And third, as someone already said, it's not like thief don't have access to tools... I suspect you could even bash it open.
Vic • May 12, 2010 2:58 AM
Also, as far as RFID shielding goes... I don't believe that any other country save for America uses something as silly as RFID in their passports? At least in Europe we have those silly contactless microchip smartcards with "security" and "access control"...
vwm • May 12, 2010 4:58 AM
Guys, do you really expect a random cutpurse to use a Faraday bag? By the way, probably the alarm will go off *when* you place this toy in the bag, as this will interrupt the bluetooth contact .
Having said that, I would not by the wallet, either.
BF Skinner • May 12, 2010 6:22 AM
@vwm "do you really expect a random cutpurse to use a Faraday bag"
Yeah I do. Wether they know about it or not depends on if they boost things from stores or not. Bags that screen from the entrance sensors are in common use among shoplifters.
The wallet is to passive for my tastes. Hook it up to a taser or exploding ink cartridge so a failed authentication can have real repercussions beyond small wast of theifs time.
peri • May 12, 2010 6:35 AM
I can't believe I overlooked the gold old purse snatching technique. Just grab the wallet while it is open and reset the owner!
Phillip • May 12, 2010 8:43 AM
It's a counter to many theft attacks. However, the Kevlar thing is maybe more feel-good than real protection. You taught me, Bruce, in Secrets and Lies -- there's no such thing as a "tamper-proof" device -- only "tamper resistant". Where there is a will, there is a way.
Scott • May 12, 2010 9:52 AM
Imagine if you will, the fun you can have with TSA; and all for a mere $599. I say it's well worth it!
Ken Williams • May 12, 2010 11:51 AM
I think perhaps folks are too quick to criticize.
First, people probably drop their wallet (or leave it at the Starbucks counter, or whatever) far more often than wallets get stolen, and it would be nice to get notified of that right when it happens. I assume it just detects when it's strayed too far from your cell phone.
Second, when a casual thief steals a wallet, my impression was that they only wanted to hang on to it for like 30 seconds or less, grab the cash & cards, then toss it in a dumpster. I'm guessing the most likely scenario with this thing is that they grab it, can't open it (or figure it's a fancy cigarette case), then toss it. Theoretically they could bring it home & crack it open pretty easily, but I'm guessing that wouldn't happen very often - & then you're just back to Wallet 1.0 anyway, except that you potentially bought some time to call & cancel your cards.
Finally, the Faraday cage seems like it can't hurt. AFAIK there aren't any RFIDs in my wallet though.
Anyway, if wallet-stealing were a highly target-sensitive crime (one where they really want *MY* wallet, not the guy next to me's), then I'd agree with most of these posts, but I don't think that's usually the case.
How long does the battery typically last?
1-3 weeks without Bluetooth Pairing Mode
72 hours in Bluetooth Pairing Mode
Davi Ottenheimer • May 12, 2010 1:01 PM
Kind of misses the point of defense-in-depth. Seems to me this idea would blow the whole security budget for people who think it would help them but would be unnecessary for those who actually require protection.
Roger • May 12, 2010 4:22 PM
@Vic:
> I don't believe that any other country save for America uses something as silly as RFID in their passports?
No, everyone know either has it or is rapidly moving towards it. By some looming deadline (can't be bothered looking it up) non-RFID will no longer be accepted by most countries.
@vwm:
> Guys, do you really expect a random cutpurse to use a Faraday bag?
Absolutely -- many shoplifters already do.
> By the way, probably the alarm will go off *when* you place this toy in the bag, as this will interrupt the bluetooth contact .
Here, I think you are right. What the thief actually wants is a sound-absorbing bag, to slip the wallet into before it hits the 10' mark.
@Ken Williams:
> First, people probably drop their wallet ...far more often than wallets get stolen,
I have no idea how to assess the accuracy of that view, but from personal anecdote I would say it is not even close. But then I have lived in a city with a fairly high incidence of pickpockets.
> Second, when a casual thief steals a wallet, my impression was that they only wanted to hang on to it for like 30 seconds or less, grab the cash & cards, then toss it in a dumpster.
Umm, no. At least around here, pickpockets work in a team of three: the distracter (often a pretty women, sometimes a child), the actual pickpocket, and the hand-off guy. The pickpocket doesn't hold the wallet for 30 seconds, he/she hands it off in under a second. Often the pickpocket is dressed to facilitate easy frisking, to "prove" innocence.
The hand-off guy is a respectable looking person, often a senior citizen, with some kind of concealment device to hold the loot until they get back to their van to divvy up the last half-hour's worth of takings.
A siren on the wallet would screw up this system until they figured out how to sound-proof the hand-off guy's briefcase.
> I'm guessing the most likely scenario with this thing is that they grab it, can't open it (or figure it's a fancy cigarette case), then toss it.
There is no way they would toss something this fancy.
> Theoretically they could bring it home & crack it open pretty easily, but I'm guessing that wouldn't happen very often - & then you're just back to Wallet 1.0 anyway, except that you potentially bought some time to call & cancel your cards.
I think you seriously overestimate how hard it would be to open. With just the tools you could carry in the back of a panel van, I am certain I could open it in under a minute. If I took five minutes, it would probably even be repairable, and the crooks could take it to the pub "hey, wanna buy one of those fancy $600 wallets?"
Roger • May 12, 2010 4:42 PM
My assessment:
* far too expensive at $600. Even the fibreglass one is $400. For that sort of price I expect titanium.
* extremely uncomfortable looking, with a bulky, rigid case
* holds 4 cards and 10 money bills. Ten!?! That makes it pretty well useless to me.
* with all features enabled, the batteries only last 3 days!! I'd be constantly suffering from a flat wallet!
* The fingerprint reader is not a great idea. Apart from a lock providing very limited benefit on a highly portable object, wouldn't a hard-cased wallet be the perfect place to find a fingerprint? However I do see that they are trapped between a method that is adequately secure, and yet convenient enough for a wallet. I don't know of any ideal solution to this, but maybe a better solution would have been to open easily when in Bluetooth contact, and require a PIN when not in Bluetooth contact?
* The RFID shielding seems like a fair idea, but I cam sceptical about just how effective carbon fibre is for this function. Plus for all cards I have that have this feature, I already have cheaper shielding that I have tested (and no, I am not talking about al-foil; it looks like a silver cigarette case.)
* The Bluetooth controlled alarm is a reasonable idea, in that it thwarts the standard pickpocket tactic of the hand-off. However, unless you make the siren ear-splittingly loud, this will be trivially counter-thwarted by a few layers of towelling and a noisy crowd. And if it is ear-splittingly loud, then false alarms will be a bitch.
John Paulson • May 12, 2010 9:42 PM
So because it does not provide absolute security, it is not worth it. In that vain because a talented cracker can break into my $20 dollar firewall it is not worth putting up a firewall at all. The same can be said with any security device. I do not need a dead bolt on my door because any talented burglar will just use a crowbar or break a window.
Yea I would agree that a properly equipped thief could break in. But properly equipped thieves are as common as movie plot terrorists.
This wallet looks like it could prevent a majority of thefts. Sticky handed waiters, pot smokin teenager son or daughter, the crack addict mugger. That 400 or 600 dollars spent has to be cost/benefit analyzed. If I tended to carry lots of cash or even serious credit cards I might make the purchase. But for me it is not worth it.
RFID - usable but it looks like that wallet could not carry my passport.
Bluetooth - Good for short range, but what about GPS tracking!
Fingerprint - my question is what is the failure rate.
Cool idea if you lose the fingerprint angle. An alert in case I drop it, and RFID protection seem sensible. And I love gadgets.
Oliver • May 13, 2010 3:26 AM
Isn't that one of those cases off "A soultion searching for a problem"
Roger • May 13, 2010 5:52 AM
@John Paulson:
> So because it does not provide absolute security, it is not worth it.
No, we are all well aware that nothing provides absolute security. This one is "not worth it" because it provides very little additional security, has greatly impaired functionality (only holds 10 banknotes!), AND is extremely expensive (USD $600 for a wallet!!)
> In that vain because a talented cracker can break into my $20 dollar firewall it is not worth putting up a firewall at all.
Bad analogy. This is more like: everyone who cares already has a $20 firewall that will stop script kiddies but maybe not talented hackers. Now somebody wants to sell you an enhanced firewall which costs $1,000, oh and by the way you can only access the internet through it a maximum of 1 hour per day. But it's super-secure right? -- erm, no, it still only stops script kiddies.
> Sticky handed waiters,
Yep, I'll grant, it might make life harder for a wallet-stealing waiter. But speaking of movie plot threats -- when have you ever had your wallet stolen by your waiter?!? Dishonest waiters steal by short-changing you or manipulating the bill (both offences which have a relatively low risk of being caught, and almost no risk of prosecution), not by taking physical property (which has a high risk of ending up in court.)
> pot smokin teenager son or daughter, the crack addict mugger.
Que? I'd like to politely suggest that you haven't thought that through from the point of view of the criminal. This wallet would be only a trivial hindrance to a thief in your own household, and completely and utterly useless to prevent mugging (in fact in a mugging, it increases your risk of being seriously hurt.)
peri • May 13, 2010 8:18 AM
@John Paulson
I'm afraid I have to chime in as well. Your cost/benefit analysis involved only two parts and you got them both wrong.
Benefits
When you wrote "looks like it could prevent a majority of thefts" you just hand waved away all the attacks people suggested.
Costs
At least you got the $600 price tag right here. You missed all the ways having this wallet will make you more likely to be chosen as a target. A wallet with Bluetooth is literally broadcasting its existence and location to thieves. Every time you pull out your wallet and use the fingerprint scanner to open it, everybody around you is going to see your wallet is interesting. Even without taking the wallet out of your pocket, its rigidity and form are going to make your wallet seem like it is bulging.
Another cost you missed is the fact that adding a fingerprint scanner to your wallet also lets criminals steal your fingerprints. So one day if you open your wallet and see it was just a dummy which sent your prints to criminals then you will want to change your finger prints.
John Paulson • May 13, 2010 10:23 AM
@ Roger
Okay I would not buy it if can only hold 10 bank notes true that is a definite disadvantage. I agree it is not worth it for 600 dollars to me but to somebody else it could very easily be affordable and usable for them. That guy that hold a two or three platinum credit cards and spends 1000 dollars on a bottle of Champers every time he goes out partying will buy this versus the geek that has a drawn out amazon credit card and library card and spent his last 20 dollars on his Internet bill will likely not spend the money on the wallet.
Roger who is more likely going to steal my wallet a minimum wage earning waiter who see my wallet on the table while I am turned away or some guy with a laptop and the expertise to run Bluetooth jamming software/hardware in order to take my wallet. The first is more likely, the latter I would expect to at least not waste their time trying to get my wallet and move onto more profitable prospects like identity theft.
True I have never had my wallet stolen by a waiter but neither have I had my cellphone hacked into.
Ya Peri - true I did sort of did wave away many of the attacks people suggested. I will admit to that, but I am looking at the basics of the wallet and the general idea of the what it is to do. And many of the attacks are NOT common. They could very likely work!
If most criminals treated the theft of wallets like trying to break into Fort Knox then the wallet would be surly useless
I still see this wallet as not common. True if this wallet was in every other pocket I would not dismiss some of the above attacks. But most of the attacks above are going to the extreme. Most pickpockets will be able to deal with a normal leather wallet, put in a beeping not easily opened wallet most pickpockets will drop it. True if wallets above became more popular pickpockets would be prepared for it existence and carry portable Faraday bags and towel/silence foam filled boxes.
I do not dismiss that the wallet can be cut or sawed into. Just that many thefts are opportunity based and if things are not easy people will move on to an easier target/project. Crack addict will go I can not open it damn okay - toss over the shoulder. or pass onto somebody else who could then try and cut it open.
Also true the wallet will be sending out a bluetooth signal but I hate to break it to ya. Most thieves are not walking around with portable bluetooth scanners. They will be using their eyes. Looking for people that have money (ohh that looks like a nice Italian suit, okay he's a target .. which pocket....) or for weaknesses (that little old lady sure looks tired one little push and her purse is mine). They will not be hovering over a little screen trying to guess that guy has a signal coming from him, so is it his Sony watch, cell phone, hand frees ear piece, headphones or a wireless mouse he left on in his laptop bag OR finally a 600 dollar wallet.
Yes the fingerprint scanner dummy wallet sounds like a doable hack, but it would be silly. Somebody is going to pick my pocket twice once to remove wallet and once to insert dummy wallet which will send my fingerprint to waiting criminals so they can open the first wallet. (Plus in the process lose dummy wallet that sends fingerprints, by the way what is the cost of that) The crooks already lost out. Okay maybe they just want my fingerprints for other purposes would it be easier to follow me and pick up that big gulp cup I tossed.
I am also thinking given technology this is a nice first try. I could easily see much better designs and plans in the future. True wallet 2.0 does have it flaws but wallet 2.1 could be a bit better.
Aaron Andrusko • May 13, 2010 12:25 PM
Also, what if the user of this device was held up at gunpoint? "BG: Give me your wallet!" "GG: Hold on! it's complicated!"
"BG: F*** YOU, GIVE ME THE WALLET!"
"GG: The battery is dead! I can't open it!" *pop pop pop*
Aaron Andrusko • May 13, 2010 1:59 PM
Also, the idea of fabricating a false wallet that would fool the user into attempting authentication to transmit is far too geeky for even geeks. The real weakness in this fork would be to swap the wallet for a wood block, and reverse engineer the stolen wallet to dump the biometric data. Users of such devices are more likely to be spending dollars on other biometric secured devices, so a home intrusion or access to data on their workstation becomes a bit more possible. In a nutshell, its a stupid mashup toy designed to line the pockets of the company producing it.
RFID blocking wallets exist for less than 1/10th the cost anyhow.
Good times :D
Aaron Andrusko • May 13, 2010 2:06 PM
That method also would be a specific targeted attack. If you as an attacker had an individual in your sights, I am sure other methods of compromising their bubble exist without the extra hassle.
So if hackers don't give a shizzle and the user feels safe and proud of the device, everything falls back to the robbing situation I posed, or the increased likelihood of pickpocket due to the conspicuous construction and use.
I don't want to charge my thick stupid carbon wallet.
-2¢
Tim • May 13, 2010 8:13 PM
Man, a wallet with built-in Shiny? I totally want to steal it - and I'm not even a thief!
Gianluc Ghettini • May 14, 2010 6:55 AM
Ahahah, I think that for me the biometric wallet would be much more valuable and costly than the actual wallet... -> epic fail!
TyRex • May 18, 2010 4:09 AM
it rings a bell :)
"I advise no man to attempt opening this sporran till he has my secret," said Rob Roy; and then twisting one button in one direction, and another in another, pulling one stud upward, and pressing another downward, the mouth of the purse, which was bound with massive silver plate, opened and gave admittance to his hand. He made me remark, as if to break short the subject on which Bailie Jarvie had spoken, that a small steel pistol was concealed within the purse, the trigger of which was connected with the mounting, and made part of the machinery, so that the weapon would certainly be discharged, and in all probability its contents lodged in the person of any one, who, being unacquainted with the secret, should tamper with the lock which secured his treasure. "This," said he touching the pistol--"this is the keeper of my privy purse."
The simplicity of the contrivance to secure a furred pouch, which could have been ripped open without any attempt on the spring, reminded me of the verses in the Odyssey, where Ulysses, in a yet ruder age, is content to secure his property by casting a curious and involved complication of cordage around the sea-chest in which it was deposited.
locksmith • May 19, 2010 6:30 PM
What materials are proposed to prevent cutting and drilling after the wallet is stolen? How about a self-destruct function:)
Matt • February 8, 2011 4:07 AM
Well its pretty coool, however if someone would try to break it with a hammer or some crap the wallet should receive the damage and in turn incinerate the contents. now that would make my day, a theif juggling a fireball/wallet.
my only two critisisms are the price and the fact that you cant open it due to having your finger cut off. it would be a pain in the arse if you cant find your ex-finger to open the wallet.
Matt • February 8, 2011 4:18 AM
also i think it would be pretty dumb if you had to recharge the wallet. wow that sounds really wierd. recharging a wallet.
annnd its pretty dumb if you buy the wallet and realised that the money you were going to put in it was actully the money that you spent on it. yipee now you are 800 bucks poorer and now have a wallet that is super protective and might i add isnt protecting anything. that was a great buy :D
Subscribe to comments on this entry
Post a comment
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.
|
| Subscribe |
Subscribe via Kindle |
| Blog Menu |
SearchPowered by DuckDuckGoBlog Home Page
Archives by Date2013 J F M A M
Tags  |
| Latest Book |
more books by Bruce Schneier |
Comments