An RFID-Blocking Wallet

Here's how to make an RFID-blocking wallet out of duct tape.

Posted on December 29, 2005 at 2:40 PM • 44 Comments

Comments

gregDecember 29, 2005 3:16 PM

We have disscussed this type of blocking of RFID signals with foil b4. It seems his simple experment worked, and i have tried this too with my work ID. But these readers only have a range of cm. What about a attacker with a custom reader that works at 100's meters? What will the range reduction be with simple Foil? Has anyone experimented with this?

Roy OwensDecember 29, 2005 3:19 PM

Where is the market response to this? I want a ready-made one that closes with Velcro. I don't care about the color. It should be made to enclose (and protect) a guy's existing wallet. (I happen to like the design of my current tri-fold.)

Metal PlatesDecember 29, 2005 3:30 PM

Would using a steel plated wallet do the same thing?

After all, steel tip boots do a lot of damage as well.

Bruce SchneierDecember 29, 2005 3:35 PM

"Where is the market response to this?"

I have not yet seen commercial products. I have no doubt that there will be, but after the chipped passports issue.

rjhDecember 29, 2005 3:43 PM

There will be a lot of variability due to gaps, etc., but it is reasonable to expect a 10-fold reduction in reader range. (That's the math for -40db with an r^4 law.) 40db is reasonable for the aluminum foil wallet.

For other more attractive possibilities there are also conductive cloth options. See http://www.lessemf.com/fabric.html for one vendor of conductive cloth. The cloth is expensive, but it seems reasonable to consider making pockets, purse, and computer bag liners out of conductive cloth. You can put the cell phone in an outer pocket if you want it to work.

Using shielded pockets and bags instead of shielded wallets makes sense for convenience when using RFID systems like the Washington, DC Metro cards.

Davi OttenheimerDecember 29, 2005 4:35 PM

Funny. The words "duct tape" and "instructions" somehow seem like they don't belong together. Plus it seems like its really the aluminum foil, not tape, that does the trick...perhaps an aluminum origami wallet will surface.

Mike WDecember 29, 2005 9:28 PM

Hmm, interesting question. What's more relevant, monitoring physical location with RFID, or tracking website usage with the NSA cookies reported today, or with meters like sitemeter.com (what shneier.com uses), doubleclick.net (what my bank uses), googleads, or blogads?

DDecember 30, 2005 1:06 AM

@Ari Heikkinen

Placing them in licenses has been discussed, and one must carry their license (or other government-issued ID) when they drive, apply for a job, or to conduct most non-cash business.
(My own license already has a facial identification mapping, and my electronically-stored fingerprint, and so adding RFID doesn't seem too far-fetched.)

Many businesses are moving toward using these instead of keys.

For some, it will become almost unavoidable if one chooses to interact "normally" in society.

@everyone
That said, most people don't realize that when they carry a cellphone (even with it off, apparently), they are basically carrying an identifying beacon.

AzeDecember 30, 2005 2:23 AM

@D (on cell phones)

a) I think most people realise it. b) it's of course not true when it's off (-: though YOUR cell phone might be customised not to be off when you think it is :-)

c) when we discuss GSM cell phones and more particularly UMTS ones; there's a very big difference. The phone takes much care not to give away your identity to casual observers and only normally sends a random identifier (TMSI) in the clear. Very occasionally it will send the IMSI which is personally identifying, but should not be easy to link to a particular subscriber.

It's the difference between your bank knowing what you spent on your credit card and the whole of the world being able to read it on the internet.

Clive RobinsonDecember 30, 2005 6:43 AM

A problem does spring to mind...

How many times do you open/close the wallet untill the aluminium foil cracks and starts to reduce the sheilding...

You could also improve the design a bit by adding padding with the old "Hundred ohm foam" that is used to put DIL ICs on (if you can remember back before surface mount ;)

daveDecember 30, 2005 7:06 AM

@D

"when not in use" isn't the same as turned off - the article says the former meaning when the phone isn't making a call. It's true that when a (GSM) mobile is on it regularly communicates with the network - you can hear this as interference on e.g. a radio (or in my case the laptop).

Dave

AGDecember 30, 2005 8:30 AM

Great link Bruce: A couple of things though.

1. Why not use aluminum tape? available at any Home Depot.

2. What about the RFID signals the government is trying to put into my brain from their obitial mind control laser?
I would like to see a follow up to this link on the process for Duct taping my head to protect my frontal lobe. (:-D lol I am completely joking, cheers.)

EricDecember 30, 2005 9:22 AM

I would expect this may result in a resurgence in the marketing of wallets made from the skins of "electric" eels.

Eric

Milan IlnyckyjDecember 30, 2005 11:52 AM

I keep my Oyster card for the London Underground system in my wallet and am glad that I am able to do so, just placing the wallet beside the reader to get let in and out. It's good because I never forget the thing and I really can't see what the security risk here is.

DDecember 30, 2005 6:01 PM

I may be wrong.

I did a little bit of looking up online and came up with a list of links discussing the cellphone issue, but unfortunately it tripped Bruce's spam filter and ear-marked it for "human review," and I suppose whomever human-reviewed it didn't wish to post it. It *is* a bit off-topic, so I understand.

What struck me about one post was that a cellphone technician told someone "that your phone is never truely off unless you have removed the battery and discharged this capacitor," and apparently some phones are designed to be "on" even if they are "off" (like Blackberrys--sound forensic analysis of those suckers are a pain.) But my something tells me that the power should not be enough for adequate transmission.

I may be wrong and have stumbled upon an urban myth. I just thought it interesting.

Anyway, I am being a bit off-topic and should return to the RFID discussion at hand. RFID has been controversial in my geographical area because we were one of the original major test areas for its development, and I have found them to be an annoyance when they are not disabled at the register (as they are supposed to be) as I have set the alarms off in other stores (than the origin store...which shouldn't happen since they supposedly use "unique ids," but it did) due to a concealed RFID tag in my clothing, which I ultimately had to cut out of the lining.

ChrisDecember 31, 2005 12:22 AM

One of the Packetwars sponsors make this type of product. They provided thermal protection laptop pads as prizes. They have RF shielded passport holders and other stuff.

Ed T.December 31, 2005 12:49 PM

@Alun Jones:

I guess you can make a hat out of duct tape, but I can't see anyone actually wanting to take one of them off after putting it on ;-)

-EdT.

jammitDecember 31, 2005 1:18 PM

Can you see Homeland Security someday outlawing duct tape? How will I ever put up my plastic to protect me from evil terrorists and their evil dirty bombs? I know, even that's a stretch for me to make a joke. I find the anti-RFID wallet cute, just like the tinfoil (or carbon absorbing) hats. Although I would like an on/off switch for the darn things. I only need to use them at certain times and don't need them "broadcasting" all the time. Not that I'm nervous about it, but why ask for trouble?

Clive RobinsonJanuary 2, 2006 12:25 PM

@D

"that your phone is never truely off unless you have removed the battery and discharged this capacitor,"

That is correct in that the cap keeps some of the memory and clock chip up and running and can also keep the CPU on in low power mode (which it is anyway for the soft on off button).

What is also true is that the phone company can download software into your phone and this can be used to keep it on sufficiently to be used for various activities (such as waking up at predetermind times).

I have known about the software download issue for many years and actually wrote a paper back in 1998 about using the (then) latest crypto enhanced sim cards as a massively parrellel decryption engine (ala Chinese TV Lottery).

LittleMissJanuary 3, 2006 7:16 PM

I like the material option personally, considering duct tape gets all sticky after awhile, especially in hot temp.

DougJanuary 4, 2006 11:42 AM

@Bryan W
I was going to suggest just making an insert out of aluminum foil to keep with the bills, but I guess this company beat me to it. The advantage here is that it's compatable with your current, attractive wallet.

RogerJanuary 4, 2006 7:23 PM

@D
"that your phone is never truely off unless you have removed the battery and discharged this capacitor,"

Yes, when "off" there is still some minor functionality (updating the clock, monitoring the on/off button which is not a true switch, etc.) But the question of course is whether the _transmitter_ is turned on at this time. Cell phone makers do all sorts of tricks to maximize battery life by minimizing power consumption, and transmission is the most energy hungry thing modern phones do. It is extremely unlikely that a phone would transmit unnecessarily unless its firmware had been modified by a hostile party (which, however, is possible with many models of phone).

If the phone was transmitting when powered off (whether due to tampering, or a bad design), it would be detectable through the increased battery drain. For example when my "spare" phone is left on "standby" (i.e. no calls, but contacting the cell controllers every few minutes so they know where to route its incoming calls) it will flatten the battery in about 8 days, but when I left it turned off in a drawer for three months the battery level didn't drop so much as one bar. Clearly, the transmitter is not active when turned off.

Bruce SchneierJanuary 4, 2006 7:43 PM

"If the phone was transmitting when powered off (whether due to tampering, or a bad design), it would be detectable through the increased battery drain."

I'm not sure that's true. The receieve still works when the phone is on hook, and the cord still acts as an antenna. I don't know what kind of power drain this exhibits, but I do know that it's true.

RogerJanuary 5, 2006 12:14 AM

@Bruce:
"The receieve still works when the phone is on hook, and the cord still acts as an antenna."

Cord? I'm not following you. This is a cell phone I'm talking about, not a cordless handset.

Mike B.January 9, 2006 7:01 PM

There is and has been a solution to protecting your wallet and the cards inside. This is a very real problem and when the consumer realizes that your name, address, banking info etc. could easily be placed onto your RFID equipped cards, they will need this device. It is also very possible to erase or worse, change the data on your cards from several yards away. Check out www.walletgard.com

AngieJanuary 9, 2006 7:32 PM

I am a vice-president of an east coast bank and I know for a fact that we are using chips in our cards to identify customers when they walk through the door. I am not sure what information is on the card but the thrust behind this is that major retailers who happen to have accounts at our bank are also reading you and your card when you walk into the store. Who knows what information they are getting. I checked out walletgard from the previous post and it seems like a good solution to protect my credit cards so I am placing my order today. In my opinion it's a lot better than alluminum foil or duct tape. Who needs that mess?

JamesJanuary 11, 2006 7:34 PM

I just looked at the latest talk on the "Spychips" blog. These people at "Spychips" have no clue what is really going on. RFID tags are here to stay. They believe that they can stop ALL chips from entering the marketplace. They shouldn't flatter themselves. RFID is a great technology and will make all of lives easier and reduce costs of certain products/services. But, we must protect ourselves from unauthorized reading of the cards in our wallet. There is a great solution to this. I recently purchased WalletGard inserts and hey fit directly into my wallet, very sturdy, and gives me a feeling of protection. Spychips - give it up. RFID is here and going nowhere fast!

RogerJanuary 11, 2006 9:54 PM

Okaaaay....
we've just had 3 posts in a row endorsing the same company. This is starting to look like spam, walletgard dudes.

BTW I had a look at your website and it looks like an interesting an useful product, however I'm somewhat puzzled as to how you claim to have patented this. These sorts of techniques for blocking RF leakage have been known for many years.

HansjoachimApril 4, 2006 12:05 PM

Here is a company who has a solution to protect your privacy blocking your identity cards with RFID.
www.pointprotect.de
At this time in German, but soon also in English.

BlockRFIDSeptember 12, 2006 1:12 PM

Actually an anti-static bag fails when the card is moved into the magnetic range of around less than an inch. Identity Stronghold sells shielded card sleeves very cheap that block 13.56Mhz. See www.idstronghold.com

Winston SmithOctober 24, 2007 4:27 PM

I've seen some postings that demonstrate that aluminum foil does not "foil" RFID readers all the time. How about copper or lead foil? Any more effective, all you EEs out there?

MattMarch 19, 2009 3:06 PM

A real RFID Blocking Faraday cage is made of copper mesh, not steel or aluminum. I would be leary of steel or aluminium Faraday cages. They maybe effective against low powered RFID readers, but not high powered active antennas.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..