RFID Can Be Hacked: Here’s How, & What You Can Do To Stay Safe

shutterstock 115451119 rfid square   RFID Can Be Hacked: Heres How, & What You Can Do To Stay SafeHow much do you know about RFID chips? Do you know how many you’re carrying at any given moment? Do you know what information is stored on them? Do you know how close a hacker needs to get to you in order to steal that information? Have you considered any form of RFID protection? And most importantly, do you know what RFID protection will be effective?

These days, RFID chips are present in all sorts of items, such as credit cards, library books, grocery goods, security tags, implanted pet details, implanted medical records, passports and more. Some schools now require their students wear RFID tags. The amount of information which could be learned about you from your RFID chips is quite a lot! Plus, you never know what those information thieves are planning on doing with your information, either. So, it’s best to understand the risks of RFID hacking and limit your exposure to harm. Here’s the basics of what you need to know.

What Is RFID?

RFID stands for Radio Frequency IDentification and it’s used for short-distance communication of information. It does not require line of sight to work, meaning that the RFID chip and the reader merely need to be within range of each other to communicate.

There are a few main types of RFID chip:

  • Passive Tags require a radio signal to be emitted from the receiver in order to be read. This also means they operate on a small distance and can’t transmit a lot of data. Examples of these can be found in credit cards and door passes.
  • Active Tags have on-board batteries and can therefore actively transmit their data over a larger distance. Also, they can transmit a larger amount of data than passive tags. Examples of active tags include toll passes mounted in cars.

shutterstock 110032547 credit card rfid   RFID Can Be Hacked: Heres How, & What You Can Do To Stay Safe

RFID frequencies vary according to the device and country, but usually operate in this range:

  • Low Frequency RFID is <135 KHz
  • High Frequency RFID is 13.56 MHz
  • Ultra High Frequency (UFH) RFID is 868-870 MHz or 902-928 MHz
  • Super High Frequency (SHF) RFID is 2.400-2.483 GHz

How Easy Is It To Scan RFID Chips?

RFID hackers have repeatedly shown how easy it is to get hold of information contained in RFID chips. As some chips are re-writable, it’s even quite easy for hackers to delete or replace RFID information with their own data.

It has been said that on eBay hackers can get hold of all the equipment they would need to build an RFID scanner for less than $20. This means that anyone anywhere could be trying to read your RFID chips – and that’s worrying.

There are also numerous articles online showing exactly how one might go about making your own RFID reader, such as this article using basic parts and some Arduino skills.

Here’s an interesting article about RFID hacking which will give you a lot to think about, where Wired talks to RFID hackers about various exploits, including breaking into an internet security company, changing the prices on grocery items before purchasing, cloning RFID tags and using grocery items to open hotel rooms, deleting information from library books, getting free petrol, breaking into cars, tracking where people drive and reading medical data.

How To Block RFID Signals

In general, metal and water are the best ways to block radio signals to and from your RFID chip. Once that radio signal is blocked, the data cannot be read.

Now, we need to dispel a myth. Some people think that wrapping your credit cards in aluminium foil will be enough to protect them from RFID scanners. This is not true! A foil wrapping will help, but it won’t stop the scanner. It just means the scanner has to be a lot closer to you to get the information.

If you haven’t yet bought some decent RFID protection, foil will help you somewhat, but it’s not a real solution to the problem. A neat idea is to line the money pouch of your wallet with foil, so that all of your cards contained within are somewhat protected from RFID scanning.

It should also be mentioned that many sellers of RFID protection are basically just selling foil sleeves. Be wary of these as they won’t protect you fully.

In some countries, governments have begun to give accreditation to RFID protection that complies to certain standards. Be on the lookout for this accreditation when you purchase RFID protective wallets, passport pouches and sleeves.

The most effective RFID-protecting sleeves, pouches and wallets on the market are those that use a Faraday Cage within a leather exterior. Faraday cages in paper sleeves are also very effective, but will be less durable. Search for protection that contains the words “Electromagnetically Opaque” and you should be on the right track.

It’s also possible to break your RFID tags. To disable an RFID chip, common practices involve a large electromagnetic pulse (such as microwaving the chip) or hitting it with a hammer. Note that most disabling methods could ruin the rest of the item too, which is not ideal.

shutterstock 113504671 rfid door   RFID Can Be Hacked: Heres How, & What You Can Do To Stay Safe

Another important thing you can do to protect yourself is to ensure your security plan does not rely on RFID only. For instance, contact your credit card issuer and see if they will disable RFID-only purchases on your card. Then if someone were to clone the RFID tag in your card you would still be safe from theft. Another example would be to not rely on RFID door passes alone for your office and to ensure there is another robust security system in place.

If you are paranoid about your RFID presence, you could make your own RFID reader and regularly check your household to see what is readable and check how well your RFID protection is working. For the extremely paranoid, you could also check the data on each item to see if anything has been changed.

Have you got any other great tips to protect yourself against RFID exploits? Or do you have a horror story to share?

Image Credit: Shutterstock, Shutterstock, Shutterstock

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

31 Comments -

0 votes

Javier Vega

wow…so useful nowadays, thanks.

0 votes

RG

Distance is moot, the fact that it’s possible is an issue in itself

0 votes

Jesse Manalansan

Thanks for sharing us this info .

0 votes

Ahmed Khalil

their is no system 100% safe, all the system has a weak point, the different is how to hide it

0 votes

Achraf Almouloudi

Getting an Arduino costs more than $65 and it’s not that easy to deal with, so probably, not REALLY everyone could be reading your cards .

0 votes

Angela Alcorn

Not everyone, but certainly plenty of people are capable. :)

0 votes

random

you can buy the chip for $2, get a programmer for $10, wolah, cheap arduino.

0 votes

Stephanie w

This is really useful information to have. Would the Sony Smart Tags have rfid chips in them?

0 votes

Angela Alcorn

I don’t know exactly what you mean by Sony Smart Tags, sorry. By the sounds of the name though, it is an RFID tag. Keep it protected!

0 votes

Daniel Mclean

yes they have

0 votes

Adrian Rea

A very interesting article, thank you. I am glad that I prefer to use older style authentication methods for my banking now :) but as said above, no system is perfect. Vigilance and awareness of possible risk helps promote safety. Beep! now what rfid set that off?!!

0 votes

Anas Al-Taji

Grate and useful, thanks ‘makeusof’.

0 votes

Vivek Kumar

very useful info thanks../

0 votes

Kaashif Haja

Advanced Technology! With it’s pros and cons.
Nice Article. Thanks

0 votes

kendall sencherey

that is good to know we will keep our eyes open.thanks a lot

0 votes

Efi Dreyshner

The thinking about hacking RFID is just scary XD

0 votes

Alex Perkins

A metal credit card holder in a wallet would help.

0 votes

Igor Rizvi?

Very interesting stuff.Point taken,thanks for sharing this.

0 votes

Keith D.

Great article Angela! Very informative yet very troubling. Thank you & thank MakeUseOf.com for publishing you! By the way, I live in Alcorn County, Mississippi. The county in which the city I really live is located, was named to honor the first Republican Gov of the state – his last name was Alcorn! Enough on the history already!

0 votes

Tim Brookes

Really interesting article Ange. I find that the best way to block an RFID chip from being read is to store all your RFID cards together. Whenever I try and get on a tram or train by touching my RFID-enabled pre-paid card, at least 50% of the time I will get an error because my bank card is too near it and the signals interfere…

I’m not sure whether this actually counts as “blocking” or even security but it definitely prevents the card from being read.

0 votes

Angela Alcorn

It would certainly muddle the signal, but you’re not guaranteed safety this way. If you lined your wallet with foil as well, the two things together would be better. Still not 100% though!

0 votes

Gabriel Barron

they want to put this into peoples arms???

0 votes

zolar1

yes, in your right hand or forehead.

Those without can’t buy or sell anything nor do banking or hold a job.

As soon as the next global disaster hits, nearly everyone will have to have one for food rationing…

0 votes

Angela Alcorn

I know. Nuts, isn’t it?

1 votes

Joy2b

Accessory shops sell small metal wallets quite cheaply. The small ones are about the size of a stack of six cards, and could fit in a large wallet. I was surprised when I started getting compliments on mine, as I thought of it as just functional.

0 votes

joy2b

By the way, think twice before destroying your rfid chips, or preventing them from being used for transactions.
You may wish to disable your debit card’s rfid, but keep a rfid credit card, so you can do small transactions while you travel. In Europe and Japan, you may be assumed to have one of these.

0 votes

Angela Alcorn

Good point! Thanks for sharing.

0 votes

Douglas Mutay

These pretty cool things are not yet among us in Africa…but they sound awesome!

0 votes

Priya

Thanks for the informative article.

0 votes

Christopher Webb

So, what is stopping criminal from using devices similar to skimming on ATMs to steal info?

0 votes

Angela Alcorn

ATM skimming relies on you actually putting the card into a slot and having the magnetic strip or chip read. But similar devices could easily be built for the RFID chips in credit cards, for sure. That’s precisely why you need to protect all your RFID chips.