RFID Wallets/Sleeves. How much Security do they provide?

MIGA-Identity-Thief-Georgia

With the increasing amount of RFID technology creeping into everyday life.  Just how much data can be obtained from your wallet?  At Pentura we undertook a small experiment where using standard off-the-shelf products, we would attempt to obtain personal information leaked from RFID enabled devices:

  • UK Passport
  • UK Bank Cards Debit/Credit
  • Access Control Tokens

Our experiment used standard unmodified off-the-shelf RFID equipment:

  • 13.56MHz ACR-122U Reader
  • Proxmark3 with LF antenna
  • Proxmark3 with HF antenna
  • Parallax LF EM4x Reader

Our experiment would also collect information on the effectiveness of various defensive technologies, where RFID data exfiltration was not possible:

  • Various paper wallets from eBay
  • Stainless-Steel Wallet(s) from Electronics providers

Our experiment found that the average distance to read HF (Mifare type) cards was approximately 2cms.  Whereas the average distance to read LF (HID,EM4x) cards was more generous at 4inches (10cm).

Pentura observed an almost balance sample of : 49% LF ( 35% HID, 14% EM4x), 51% HF (47% Mifare (45% Mifare 1K or 4K, 2% Mifare DESFire), 4% other).

The 49% of LF cards are easily clone-able using the Proxmark3 and Atmel’s programmable AT55x7 cards, easily affordable from eBay.

Out of the 45% Mifare 1K or 4K cards, 40% used default keys meaning the cards contents could be fully extracted within 5 secs, this time was significantly decreased as the majority of Access Control Data is usually stored in sector 14.  Where 5% of Mifare cards use non-default keys the initial ‘cracking time’ increased to 45secs.  However, once all keys were recovered, they were added to a database that facilitated future cracks of cards containing the same key in under 5 secs.

Only 6% of cards were uncrackable, due to obscure unfamiliar data formats, or the use of Mifare DESFire with a sufficient secret key.

Note: All data was securely destroyed at the end of our experiment!

We found from our sample that 96% of people have RFID enabled devices in either their devices or pockets.  From this sample of people with RFID enabled devices 99.6% are vulnerable to attack.  Our study actually found that 96% used no protection. It was found that 6% used (or thought they used) adequate protection, but in reality the protection offered was merely a simple paper shield, offering no real benefit.  Further studies into the paper-based shields available at affordable prices on eBay revealed  that some shields (possible manufacture error) offered no protection (so be careful what you buy).  Other shields from highly approved sellers offered more protection but circumstances prevail:

  • If at least  a 1/3 of a Credit Card is unprotected it can be scanned
  • If at least 1/2 a passport is unprotected it can be scanned.
  • If the paper-wallet is damaged (creases etc) its protection is ultimately weakened.
plain-white-card-sleeve-paper-cropped
Plain White Card Sleeve – Offering No/Little Protection
$T2eC16NHJIQFHH)3BrNBBSKnKsZJlQ~~60_35
The Stainless-Steel coated paper wallet, provides protection (but not long term)

So what technology were the most savvy security conscious people utilising?  Turns out that some Electronic retailers/re-sellers offer stainless-steel wallets.  Back at our Lab under strict testing conditions, it proved hard to extract RFID data from these wallets. Again we used standard off-the-shelf equipment, referred to above. Even if these wallets were open; fully open, half open, ajar. It still proved difficult to extract any meaningful data for any emanating RF signals.  It was confined that these wallets held up stronger when compared to their paper-based counter parts and are more durable to normal wear and tear.

RFID Wallet 1
RFID Passport Wallet – Stainless-Steel
RFID Wallet 2
RFID Wallet (Cash/Cards) Stainless-Steel

Stress testing the stainless-steel wallets, with random impacts and excessive wear weakened the integrity of the wallet; meaning they are not impervious.  However, they still provided more protection when compared to paper-based protection.  It is important to know that wear and tear, age is a natural progression that will affect the security of these products over time.  But in the short-fall these more durable wallets offer longer term benefits, as opposed to paper-based solutions which are relatively short term.

Note: The more durable and slightly more expensive wallets may have come up trumps in our research.  But paper-based solutions are cheaper and work well in the short-term; if you use paper-based protection we advise replacing the wallet as soon as it shows signs of wear or damage, this may mean replacing them every 3-6months.

IMPORTANT: If you use NO PROTECTION, we advise implementing one of the above methods to shield your RF data from potential attackers/prying eyes!

7 thoughts on “RFID Wallets/Sleeves. How much Security do they provide?

  1. Interesting report, we have done similar tests on these passive ‘blocking or shielding’ rfid wallets & sleeves and have been able to penetrate alloy RFID wallets as well as other types, we dialled up the power on the reader & amped the antenna strength, we where often able to still penetrate these RFID wallets, also look at the report “Passive Shields or metallic wallets – Only reduce the signal strength, this will not block a high-powered RFID reader” – Source: Credit Card Fraud – The contactless Generation | Kristin Paget | Chief Hacker, Recursion Ventures. There is a full report on her findings & tests.

    We have invented & patent pending the the 1st ‘Active RFID & NFC Protective Device’ called Armourcard, By active we mean, when someone tries to interrogate your cards or passports, Armourcard will instantly power up (with own power source) and actively jam all signals trying to communicate on the frequency these smart cards & ePassports operate on (13.56Mhz).

    Armourcard is a similar size to a regular credit card and creates a jamming forcefield approx 20mm each side of the card so protects multiple cards within your wallet with ease. If your interested then google Armourcard or head across to our website http://www.armourcard.com.au happy to discuss further.

    Tyler
    Co-founder | Inventor | Director

    1. This current research was performed by off-the-shelf standardised equipment, if you could recommend, or help me build a more powerful antenna, I would appreciate your help.

Comments are closed.