RFID Can Be Hacked: Here’s How, & What You Can Do To Stay Safe

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.


How much do you know about RFID chips? Do you know how many you’re carrying at any given moment? Do you know what information is stored on them? Do you know how close a hacker needs to get to you in order to steal that information? Have you considered any form of RFID protection? And most importantly, do you know what RFID protection will be effective?

These days, RFID chips are present in all sorts of items, such as credit cards, library books, grocery goods, security tags, implanted pet details, implanted medical records, passports and more. Some schools now require their students wear RFID tags. The amount of information which could be learned about you from your RFID chips is quite a lot! Plus, you never know what those information thieves are planning on doing with your information, either. So, it’s best to understand the risks of RFID hacking and limit your exposure to harm. Here’s the basics of what you need to know.

What Is RFID?

RFID stands for Radio Frequency IDentification and it’s used for short-distance communication of information. It does not require line of sight to work, meaning that the RFID chip and the reader merely need to be within range of each other to communicate.

There are a few main types of RFID chip:

  • Passive Tags require a radio signal to be emitted from the receiver in order to be read. This also means they operate on a small distance and can’t transmit a lot of data. Examples of these can be found in credit cards and door passes.
  • Active Tags have on-board batteries and can therefore actively transmit their data over a larger distance. Also, they can transmit a larger amount of data than passive tags. Examples of active tags include toll passes mounted in cars.

rfid hacking

RFID frequencies vary according to the device and country, but usually operate in this range:

  • Low Frequency RFID is <135 KHz
  • High Frequency RFID is 13.56 MHz
  • Ultra High Frequency (UFH) RFID is 868-870 MHz or 902-928 MHz
  • Super High Frequency (SHF) RFID is 2.400-2.483 GHz

How Easy Is It To Scan RFID Chips?

RFID hackers have repeatedly shown how easy it is to get hold of information contained in RFID chips. As some chips are re-writable, it’s even quite easy for hackers to delete or replace RFID information with their own data.

It has been said that on eBay hackers can get hold of all the equipment they would need to build an RFID scanner for less than $20. This means that anyone anywhere could be trying to read your RFID chips – and that’s worrying.

There are also numerous articles online showing exactly how one might go about making your own RFID reader, such as this article using basic parts and some Arduino skills.

Here’s an interesting article about RFID hacking which will give you a lot to think about, where Wired talks to RFID hackers about various exploits, including breaking into an internet security company, changing the prices on grocery items before purchasing, cloning RFID tags and using grocery items to open hotel rooms, deleting information from library books, getting free petrol, breaking into cars, tracking where people drive and reading medical data.

How To Block RFID Signals

In general, metal and water are the best ways to block radio signals to and from your RFID chip. Once that radio signal is blocked, the data cannot be read.

Now, we need to dispel a myth. Some people think that wrapping your credit cards in aluminium foil will be enough to protect them from RFID scanners. This is not true! A foil wrapping will help, but it won’t stop the scanner. It just means the scanner has to be a lot closer to you to get the information.

If you haven’t yet bought some decent RFID protection, foil will help you somewhat, but it’s not a real solution to the problem. A neat idea is to line the money pouch of your wallet with foil, so that all of your cards contained within are somewhat protected from RFID scanning.

It should also be mentioned that many sellers of RFID protection are basically just selling foil sleeves. Be wary of these as they won’t protect you fully.

In some countries, governments have begun to give accreditation to RFID protection that complies to certain standards. Be on the lookout for this accreditation when you purchase RFID protective wallets, passport pouches and sleeves.

The most effective RFID-protecting sleeves, pouches and wallets on the market are those that use a Faraday Cage within a leather exterior. Faraday cages in paper sleeves are also very effective, but will be less durable. Search for protection that contains the words “Electromagnetically Opaque” and you should be on the right track.

It’s also possible to break your RFID tags. To disable an RFID chip, common practices involve a large electromagnetic pulse (such as microwaving the chip) or hitting it with a hammer. Note that most disabling methods could ruin the rest of the item too, which is not ideal.

rfid hacking

Another important thing you can do to protect yourself is to ensure your security plan does not rely on RFID only. For instance, contact your credit card issuer and see if they will disable RFID-only purchases on your card. Then if someone were to clone the RFID tag in your card you would still be safe from theft. Another example would be to not rely on RFID door passes alone for your office and to ensure there is another robust security system in place.

If you are paranoid about your RFID presence, you could make your own RFID reader and regularly check your household to see what is readable and check how well your RFID protection is working. For the extremely paranoid, you could also check the data on each item to see if anything has been changed.

Have you got any other great tips to protect yourself against RFID exploits? Or do you have a horror story to share?

Image Credit: Shutterstock, Shutterstock, Shutterstock

Whatsapp Pinterest

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Lucas DoCarmo
    February 10, 2018 at 2:56 am

    Many people are thinking of implanting these chips into their bodies. How would they defend from hacking in this situation?

    • deko
      November 9, 2018 at 8:35 am

      what is there to hack ?
      I have a nfc implants and the distance required to read the chip hasn't be less than 1cm. I've tried with various readers and never able to read with 1+CM.

      also even if "they" hack my chip, what use could they have ? to track me with this tag is a silly thought as well, how would one know it is ME who has the chip, cause there are no visual clues on my hand to reveal that I have a implants.

      if people are so scared of surveillance and privacy they they really need to rethink the causes. ones mobiles are constantly being tracked, visa and MasterCards with nfc contain more damageble data (from theft POV) and so on.
      not to.mention all the cookies our browsers store and can be tracked down to what we have searched on the web and which wites we have been visiting.

      so honestly, there are more risks in our general everyday-behaviours than these implants :)

  2. D. Mc
    April 20, 2016 at 4:37 pm

    I have personally found that a neodymium magnet (found in hard drives) completely disable RFID when physically pressed together.

  3. Mary Blacksheep
    March 16, 2016 at 8:25 pm

    I am a Leather Smith and would like to find the right product that I can incorporate into my wallets to protect people from this sort of theft If anyone know anything about using the right material to help protect people from this mess please send me a reply thank you..

    • Jona Marie
      July 30, 2016 at 9:05 pm

      I was looking for a product for my own personal wallets/bags, after researching just what works and doesn't. The article above concurs with what I've found from multiple sources.
      After knowing what to look for, I found this:
      Kryptronic Technologies, Munich, Germany
      Produces a sheet product called CryptAlloy. http://www.cryptalloy.de/en/cryptalloy/
      They seem to answer all questions, and provide a quasi-Faraday cage and electromagnetic reflection/attenuation product. Reading all the pages on the site will give you a great knowledge of the topic.
      The bad news is they show no dealers in the Americas, I wrote, but no response.
      Perhaps someone should ask who can speak German?
      Let me know if you track down any source where we can buy in small supply, please.
      You can write me at KnowHound and the domain is AOL com.

  4. Christopher Webb
    November 29, 2012 at 8:42 pm

    So, what is stopping criminal from using devices similar to skimming on ATMs to steal info?

    • Angela Alcorn
      November 30, 2012 at 3:14 pm

      ATM skimming relies on you actually putting the card into a slot and having the magnetic strip or chip read. But similar devices could easily be built for the RFID chips in credit cards, for sure. That's precisely why you need to protect all your RFID chips.

  5. Priya
    November 2, 2012 at 4:41 am

    Thanks for the informative article.

  6. Douglas Mutay
    October 31, 2012 at 9:57 am

    These pretty cool things are not yet among us in Africa...but they sound awesome!

    • Jona Marie
      July 30, 2016 at 9:07 pm

      Why do they sound "awesome" - the article was a cautionary tale. Are you amongst the nasty buggers in Nigeria always trying to find new ways to rip off the law-abiding world?

      • Douglas Mutay
        July 30, 2016 at 9:18 pm

        I was talking about the RFID protective wallets. Did you read the whole article or where you just going through the comments to find out about the subject?! And for your info I'm not from Nigeria but stop thinking that low about this country. These "nasty buggers" are everywhere in the world. Thanks.

  7. Joy2b
    October 30, 2012 at 5:49 pm

    Accessory shops sell small metal wallets quite cheaply. The small ones are about the size of a stack of six cards, and could fit in a large wallet. I was surprised when I started getting compliments on mine, as I thought of it as just functional.

    • joy2b
      October 30, 2012 at 6:06 pm

      By the way, think twice before destroying your rfid chips, or preventing them from being used for transactions.
      You may wish to disable your debit card's rfid, but keep a rfid credit card, so you can do small transactions while you travel. In Europe and Japan, you may be assumed to have one of these.

      • Angela Alcorn
        November 3, 2012 at 3:51 pm

        Good point! Thanks for sharing.

  8. Gabriel Barron
    October 27, 2012 at 5:19 pm

    they want to put this into peoples arms???

    • zolar1
      November 2, 2012 at 2:22 am

      yes, in your right hand or forehead.

      Those without can't buy or sell anything nor do banking or hold a job.

      As soon as the next global disaster hits, nearly everyone will have to have one for food rationing...

    • Angela Alcorn
      November 9, 2012 at 10:37 am

      I know. Nuts, isn't it?

  9. Tim Brookes
    October 27, 2012 at 1:49 am

    Really interesting article Ange. I find that the best way to block an RFID chip from being read is to store all your RFID cards together. Whenever I try and get on a tram or train by touching my RFID-enabled pre-paid card, at least 50% of the time I will get an error because my bank card is too near it and the signals interfere...

    I'm not sure whether this actually counts as "blocking" or even security but it definitely prevents the card from being read.

    • Angela Alcorn
      November 3, 2012 at 3:53 pm

      It would certainly muddle the signal, but you're not guaranteed safety this way. If you lined your wallet with foil as well, the two things together would be better. Still not 100% though!

    • Eric
      January 19, 2017 at 1:21 pm

      Putting cards together is not protecting you from hackers. Each card can still be read individually. A hacker will choose to read all the information from all the cards. The reason that tram or train devices don't read multiple cards at the same time is a choice they made when they wrote the software on the device. This is so that tram/train company don't have to pick a card to use and then they possible use the 'wrong' card.

    • Eric
      January 19, 2017 at 1:36 pm

      Putting multiple cards together does not do anything to prevent a hacker from reading cards. The hacker can read all the cards individually even when they are together. The reason why the cards don't work on a train /tram validator is because they chose to implement their software that way. The train company want to be sure they take money from the correct card.

  10. Keith D.
    October 27, 2012 at 1:08 am

    Great article Angela! Very informative yet very troubling. Thank you & thank MakeUseOf.com for publishing you! By the way, I live in Alcorn County, Mississippi. The county in which the city I really live is located, was named to honor the first Republican Gov of the state - his last name was Alcorn! Enough on the history already!

  11. Igor Rizvi?
    October 26, 2012 at 9:04 pm

    Very interesting stuff.Point taken,thanks for sharing this.

  12. Alex Perkins
    October 26, 2012 at 7:25 pm

    A metal credit card holder in a wallet would help.

  13. Efi Dreyshner
    October 26, 2012 at 5:08 pm

    The thinking about hacking RFID is just scary XD

  14. kendall sencherey
    October 26, 2012 at 1:51 pm

    that is good to know we will keep our eyes open.thanks a lot

  15. Kaashif Haja
    October 26, 2012 at 12:11 pm

    Advanced Technology! With it's pros and cons.
    Nice Article. Thanks

  16. Vivek Kumar
    October 26, 2012 at 10:11 am

    very useful info thanks../

  17. Anonymous
    October 26, 2012 at 9:07 am

    Grate and useful, thanks 'makeusof'.

  18. Adrian Rea
    October 26, 2012 at 8:07 am

    A very interesting article, thank you. I am glad that I prefer to use older style authentication methods for my banking now :) but as said above, no system is perfect. Vigilance and awareness of possible risk helps promote safety. Beep! now what rfid set that off?!!

  19. Stephanie w
    October 26, 2012 at 3:07 am

    This is really useful information to have. Would the Sony Smart Tags have rfid chips in them?

    • Angela Alcorn
      November 3, 2012 at 3:54 pm

      I don't know exactly what you mean by Sony Smart Tags, sorry. By the sounds of the name though, it is an RFID tag. Keep it protected!

    • Daniel Mclean
      November 7, 2012 at 1:36 am

      yes they have

  20. Achraf Almouloudi
    October 26, 2012 at 1:04 am

    Getting an Arduino costs more than $65 and it's not that easy to deal with, so probably, not REALLY everyone could be reading your cards .

    • Angela Alcorn
      November 3, 2012 at 3:55 pm

      Not everyone, but certainly plenty of people are capable. :)

    • random
      February 27, 2013 at 9:56 pm

      you can buy the chip for $2, get a programmer for $10, wolah, cheap arduino.

  21. Ahmed Khalil
    October 26, 2012 at 12:56 am

    their is no system 100% safe, all the system has a weak point, the different is how to hide it

  22. Jesse Manalansan
    October 26, 2012 at 12:49 am

    Thanks for sharing us this info .

  23. RG
    October 25, 2012 at 10:48 pm

    Distance is moot, the fact that it's possible is an issue in itself

  24. Javier Vega
    October 25, 2012 at 10:39 pm

    wow...so useful nowadays, thanks.