Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Crime Privacy Security

RFID-Blocking Blazer and Jeans Could Stop Wireless Identity Theft 110

An anonymous reader writes A pair of trousers and blazer have been developed by San Francisco-based clothing company Betabrand and anti-virus group Norton that are able to prevent identity theft by blocking wireless signals. The READY Active Jeans and the Work-It Blazer contain RFID-blocking fabric within the pockets' lining designed to prevent hacking through radio frequency identification (RFID) signals emitted from e-passports and contactless payment card chips. According to the clothing brand, this form of hacking is an increasing threat, with "more than 10 million identities digitally pick pocketed every year [and] 70% of all credit cards vulnerable to such attacks by 2015."
This discussion has been archived. No new comments can be posted.

RFID-Blocking Blazer and Jeans Could Stop Wireless Identity Theft

Comments Filter:
  • signal blocking (Score:5, Insightful)

    by frovingslosh ( 582462 ) on Thursday December 18, 2014 @03:08AM (#48623979)
    If you build radio signal blocking into all of your pockets, doesn't that also screw up your cell phone from getting a call? And wouldn't it muck with my keyless entry system on my car where I just carry the fob in my pocket and the car will know when it is me trying to get in or start it?
    • by Anonymous Coward

      Agreed. I have a Samsonute wallet with rfid blocking material. It works nicely, and it doesn't mess with my cellphone.

      • Maybe I'm confused by the story, but what has RFID in it? I thought these new currency things used NFC which is normally able to be turned off.

    • by codeButcher ( 223668 ) on Thursday December 18, 2014 @03:50AM (#48624099)

      If you build radio signal blocking into all of your pockets, doesn't that also screw up your cell phone from getting a call?

      And the downside is?

      • by rvw ( 755107 )

        If you build radio signal blocking into all of your pockets, doesn't that also screw up your cell phone from getting a call?

        And the downside is?

        Phone getting hot and battery drowned.

      • by Anonymous Coward

        The weight of carrying a phone and expense of buying it when you didn't want to get any calls in the first place.

        • Re: (Score:3, Interesting)

          by TheCarp ( 96830 )

          I have a friend who is just flabbergasted at the idea that I sometimes just turn my ringer off and don't take calls.

          I like to be able to take calls or to make them when I want to. I like having a mobile gps device and all that.... um, I like having a phone, but sometimes, I don't want to be disturbed, and sometimes Iforget to turn that off for a day or two...oops... but I can still call out and thats what I pay the bill for.....

          • I have a friend who is just flabbergasted at the idea that I sometimes just turn my ringer off and don't take calls.

            I've seen people freak when in areas with no coverage. "What if someone tries to call or text me?"

            Smartphones are as addictive as meth.

      • TSA search at the airport

    • Re: (Score:1, Informative)

      by Anonymous Coward

      If you build radio signal blocking into all of your pockets, doesn't that also screw up your cell phone from getting a call?

      Yes and no.

      If the signal blocking is wide-band it will screw up your cell phone. It will probably increase signal strength to get through and drain the batteries more than necessary.
      The thing is that RFID typically works on the comparably low frequencies 125 kHz and 13 MHz while cell phones works higher up on 800 MHz and above.
      That means that you can create a grid that blocks the lower frequencies while letting the higher frequencies through.

      • The thing is that RFID typically works on the comparably low frequencies 125 kHz and 13 MHz while cell phones works higher up on 800 MHz and above.That means that you can create a grid that blocks the lower frequencies while letting the higher frequencies through.

        True, although it shouldn't matter in this case, because the spacing of the grid which controls the highest frequency blocked, means that on clothing, it's going to have to be pretty close. It's related to how Cell phones will work in Cars, because of those holes in teh metal cage of the car.

        It's possible to build a cage that will block lower frequencies but not cell frequencies, like my car example, but the reverse is not true. For human sized clothing, I'd wager that they just have closely spaced metal

    • by Z00L00K ( 682162 )

      If the wireless cards don't have ample protection against copying of information and forging then the platform design is flawed.

      A correctly designed public key infrastructure solution would be a lot harder to crack. Cards shall only reveal sensitive information to authorized readers, readers verify that the cards aren't forged.

      The only thing left is the human factor.

      • by jrumney ( 197329 )
        The wireless cards have ample protection against copying of the complete information to make clones. RFID Passports have sufficient protection against someone being able to get useful personal data without seeing the same info on the inside of the passport first. EMV cards however will cough up all the information from the front of the card unencrypted (or if not, encrypted using a fixed publically known key at least) to anyone within range.
      • by AmiMoJo ( 196126 ) *

        There is no need for payment cards to ever reveal any information that can be used for identity theft, except for the card number. That on its own isn't much use.

        All you need for a transaction is the card number and a challenge/response to confirm that the card is the one it claims to be.

      • If the wireless cards don't have ample protection against copying of information and forging then the platform design is flawed.

        Of course it's flawed. It's been flawed since it was introduced. This was introduced by credit/debit companies to make it more convenient so people would use it more so they'd collect more fees.

        The first time I saw one I thought it was dangerous and idiotic. I largely still do because it's un-authenticated. Sadly, pretty much every card comes with it now.

        When will people unders

      • If the wireless cards don't have ample protection against copying of information and forging then the platform design is flawed.

        Of course it is. When they design these things, security is last on the list.

    • If you build radio signal blocking into all of your pockets, doesn't that also screw up your cell phone from getting a call? And wouldn't it muck with my keyless entry system on my car where I just carry the fob in my pocket and the car will know when it is me trying to get in or start it?

      First off, yer not carrying that phone right. Both hands on the phone held out in front of you, head and eyes down, checking your facebook page. Style points for walking into traffic.

      But seriously, if you are wearing a Faraday cage, rf signals will be blocked. In addition, when in that state, the phone will be trying to "phone home to report it's position at it's highest available power, so will drain the batteries quickly.

      But to me, it just seems like a better idea is a Faraday wallet. Because if you

    • Plus you'd become the sort of douchebag who wears a blazer and trousers instead of a jacket and pants. No thanks.
  • while you are at it (Score:4, Informative)

    by ruir ( 2709173 ) on Thursday December 18, 2014 @03:17AM (#48624003)
    Why not trousers+condoms all built-in...this has to be the more stupid informercial I have seen here for a while.
  • Brilliant idea (Score:5, Insightful)

    by Hognoxious ( 631665 ) on Thursday December 18, 2014 @03:17AM (#48624007) Homepage Journal

    People will replace all their clothes, rather than buying one tinfoil case/pouch per device. Makes total sense.

  • For full garment

  • by Karmashock ( 2415832 ) on Thursday December 18, 2014 @03:21AM (#48624023)

    That's what I do.

    • That's what I do.

      "And that's why I no longer fly anywhere..."

    • by AmiMoJo ( 196126 ) *

      I wear a nylon sweater to build up some static charge. Zaps any RFID readers that try to steal my identity in a brush-up attack. I don't half go through a lot of phones though.

  • by Skylinux ( 942824 ) on Thursday December 18, 2014 @03:42AM (#48624077) Homepage

    Paid extra for an RFID blocking wallet. Tested it out the next time I had to pay for lunch with my RFID card.
    Placed wallet on reader, card is somewhere in the middle, beeep, thanks for you payment - fuck.

    My wallet is a "Protact" with the A written like a German AE. 100% rip off, hope these pants are better.

    • by Dr_Barnowl ( 709838 ) on Thursday December 18, 2014 @03:54AM (#48624111)

      I found the el-cheapo cardboard sleeves with a foil lining to be entirely adequate. 5 in a pack for a few dollars. I've not replaced the first one yet (I only have one NFC capable credit card).

    • by AmiMoJo ( 196126 ) * on Thursday December 18, 2014 @04:04AM (#48624133) Homepage Journal

      The solution is to make the cards secure. So far there have been no known contractless payment thefts via "walk by" attack, so it seems like the security works. I've been using such cards for a decade now without issue so at this point I trust them.

      It's things like passports that are more at risk, since an attacker can read some personal data from them (payment cards are either anonymous or don't provide things like your name, they only allow transactions). Fortunately I don't carry my passport most of the time.

      • Passports are easy. Just microwave the thing. Fries the chip but looks normal. "I don't know why it doesn't work,officer."

        • Passports are easy. Just microwave the thing. Fries the chip but looks normal. "I don't know why it doesn't work,officer."

          Got my passport in 2006, don't think it has RFID. My VISA card does - or did until I centered a hole punch over the chip and whacked it with a hammer. That was strangely satisfying :-)

          • by rdnetto ( 955205 )

            Got my passport in 2006, don't think it has RFID. My VISA card does - or did until I centered a hole punch over the chip and whacked it with a hammer. That was strangely satisfying :-)

            I really don't understand this logic. Yes, wireless connections to the card are a risk (and I say that as someone who took measures to shield my wallet), but that risk is minuscule in comparison to the risks associated with using the magstripe (vulnerable to skimming) instead of the chip (uses challenge and response).
            These days, if someone requires me to use magstripe, I look at the terminal extremely carefully before swiping.

            • Yes, wireless connections to the card are a risk ... but that risk is minuscule in comparison to the risks associated with using the magstripe (vulnerable to skimming) instead of the chip (uses challenge and response). These days, if someone requires me to use magstripe, I look at the terminal extremely carefully before swiping.

              The VISA Pay Wave doesn't have user challenge/response, it's simply a wireless magstripe. It's just a gimmick and really no faster than swiping the card. Skimming at a POS terminal - other than at a gas station or older ATM - is pretty rare (and/or ballsy) and I've personally never heard/read about it anywhere. I live in the US, so your mileage may vary elsewhere...

              • by rdnetto ( 955205 )

                The VISA Pay Wave doesn't have user challenge/response, it's simply a wireless magstripe.

                Do you have a citation for that? It seems odd to me that they would use such a weak mechanism, when the existing chip already uses challenge/response.
                The standard used is ISO/IEC 14443 [iso.org], which enables half-duplex communications, suggesting that challenge/response is at least plausible.

                Additionally, in my country (Australia), I found that when they introduced PIN-less transactions for contact less cards below a certain threshold ($100), PINs were no longer required when the chip was inserted, which is consist

                • The VISA Pay Wave doesn't have user challenge/response, it's simply a wireless magstripe.

                  Do you have a citation for that?

                  Sure, every TV commercial showing someone using Pay Wave - tap, (beep/flash), done. In addition, it's advertised as being faster than just swiping. Having to type in a PIN isn't faster. The US is supposed to move to Chip and PIN next year for CC - I think debit cards usually need a PIN already (not sure, I would *never* use a debit card). Often no signature/PIN is required for common purchases (like food) if under $50 - both CC and debit.

                  • by rdnetto ( 955205 )

                    Ah, I think you misunderstood me. When I said that it uses challenge-response, I was referring to the cryptographic challenge-response (e.g. the card receives a message, signs it with a private key, then transmits the signature), in contrast to magstripe, where data is simply read from the stripe.

    • by Anonymous Coward

      Place your credit card against a dolphin torch and turn it on. You'll see a dark outline inside the edge of the card. This is the antenna.

      Take a stanley knife, cut out a 4mm wide section across the entire antenna. Once you cut deep enough, you'll find wire tracks. Cut out an entire section of the antenna, making sure you get all the windings in that section (In my card it wrapped around the edge 4 times).

      Put a dab of superglue over the square you just cut out to stop the card from delaminating.

      The RFID on y

    • by Anonymous Coward

      I bought a wallet branded as "Traveler". Works like a charm. Put my RFID security card inside, couldn't get into the office without taking the card out.

    • I don't know why we persist with such horrible security for an unnecessary convenience. If you have to wrap your card in foil or use a stainless steel wallet or buy special clothes, isn't the convenience lost at that point?

  • by khchung ( 462899 ) on Thursday December 18, 2014 @03:53AM (#48624103) Journal

    You know what could completely stop identity theft? Holding banks responsible for the loss when they were tricked by some thief pretending to their customers. You will see them tightening their authentication and fraud detection overnight.

    You know why some countries don't have any identity theft at all? They held banks and companies responsible when they were defrauded, and won't let them pass the loss to their customers by claiming "identity theft".

    • by ArmoredDragon ( 3450605 ) on Thursday December 18, 2014 @06:07AM (#48624441)

      You know what could completely stop identity theft? Holding banks responsible for the loss when they were tricked by some thief pretending to their customers. You will see them tightening their authentication and fraud detection overnight.

      This is how it already works in the USA. By law, customers can only be held liable for up to $50 for credit card fraud, and almost all banks just offer the courtesy of reducing the liability to zero (you have to be with an incredibly shitty one and/or have a VERY shitty credit rating for them to not do this.)

      And if somebody steals your identity by taking out loans in your name, it's on the lender to prove that you were the one who actually took out the loan to begin with. It's inconvenient as hell granted because of all of the shit you have to go through to sort it out, but at the end of the day you don't have to pay anything to the banks if you're the victim, and the banks are the ones that lose.

      Identity theft still happens anyways because whether the thief steals from you or the bank, they still make money out of the deal (unless they get caught.)

      • by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Thursday December 18, 2014 @06:35AM (#48624505) Homepage Journal

        And if somebody steals your identity by taking out loans in your name, it's on the lender to prove that you were the one who actually took out the loan to begin with. It's inconvenient as hell granted because of all of the shit you have to go through to sort it out

        And that's why you're wrong. It's on YOU to prove that the loan is fraudulent. My identity was stolen by an illegal mexican who "bought" a car. Now that's on my record until I go to court and prove that it wasn't me.

        • by Anonymous Coward

          i think you need to reread your parent. i think the lack of a subjunctive that threw me off on the first read.

          "if a loan taken out by somebody else were automatically considered fraud, it would be up to the banks
          to document that you made the loan."

          i'm not sure if the reason cc transactions are covered in the way that they are is because fraud, though.

        • You're both right, you're both wrong.

          The burden is on the bank to force you, via the law, to repay them. The burden is on the person to clear their credit report of the issue.

          Now, the desirability of having a large system that operates under "guilty until proven innocent" and, while not having the force of law, is still pretty vital to living in America.... well, that's a different story.

    • by AmiMoJo ( 196126 ) *

      That's the way it is in the UK. The banks still try to trick the victim into saying that they made some kind of mistake, or argue that a lack of up to date anti-virus on your PC makes you liable, or that their security is perfect so it simply must have been your fault. In the end though if you stick to your guns they have to pay up.

    • by anegg ( 1390659 )
      I agree that calling it fraud could stop identity theft, and I'm completely baffled why this hasn't happened in the United States already. The victim is the bank or the store, and if they don't want to be victims they should do a better job of proofing their customers. As long as its called "identity theft" and we continue to consider the person whose name was used the "victim" we won't see a change. As soon as courts start telling businesses that unless they have iron clad proof of identity they (the b
  • by fuzzyf ( 1129635 ) on Thursday December 18, 2014 @04:08AM (#48624147)
    How about we stop using RFID to transfer important (identity theft type) data?
    • by Z00L00K ( 682162 )

      Or at least use a properly designed PKI solution?

    • The RFID/NFC tag on your passport requires a lot of your private information already as the private key to decrypt it. And even then, the biggest additional piece of information at the first level of encryption it gives you is your picture (the same picture that's already in your passport).

      Users with Android phones with NFC capabilities can check this for themselves [google.com].

      Every time an official checks your passport, that digital picture is only used to verify that the physical picture on the passport hasn't been

      • by fuzzyf ( 1129635 )
        It depends on the encryption being unbreakable. If it's possible to break the encryption you can get a passport-valid photo, fingerprints, social security id, and other personal identifiable information. It's a gold mine for identity thieves, and you only need to be close enough to read it. Just searching google gives a clear indication that the encryption is breakable.

        It might make the Passport safer, but it's certainly not preventing identity theft.
    • by AmiMoJo ( 196126 ) *

      Do any cards actually have that kind of data available over wireless comms? Passports do, but most people don't carry them regularly. Bank cards and the like usually don't, they only supply the card number and a challenge/response mechanism. The card number alone isn't enough to make fraudulent transactions.

  • by Plumpaquatsch ( 2701653 ) on Thursday December 18, 2014 @04:44AM (#48624227) Journal
    So there is clothing that makes it easier to steal clothing by blocking the RFIDs of the theft detection systems?
  • Well great idea. First, I chip me, my clothes, my belongings, my accessories. And then I use a tinfoil jacket and trousers to block them all. Great idea. On a second thought. Such clothes are the perfect addition to my tinfoil hat. However, for complete protection I would recommend tinfoil underwear, socks, and - because this is slashdot - condoms to be absolutely safe.

  • by SeaFox ( 739806 ) on Thursday December 18, 2014 @04:53AM (#48624249)

    When you're wearing the jeans your legs will only move at two-thirds normal speed. You have to have the blazer dry cleaned, and specifically by Norton, once a year otherwise it and the trousers may cease to function and leave you naked out on the street one day.

    • You forgot to mention that a month before your trousers disappear, every 10 minutes they shout YOUR SUBSCRIPTION IS ABOUT TO EXPIRE and you have to slap your leg to get them to shut up.
  • Every time this come up, its RFID ePassport this and RFID credit card that. None of these use RFID at all, the technology used is NFC. As for the RFID blocking jacked, pants, wallet etc. I have tried a number of these and yes they are good at blocking RFID access tags, but do only a little to reduce the range of NFC.

    • This bugs me too. I have an "RFID" meeting in an hour or so to discuss an RTLS deployment using various RFID tags and RTLS transponders. The sales team has no interest in improving the management's understanding of what they're buying, only pushing product.
  • These clothes will be easy to steal, because you can just wrap them up in a wad and they will block their own theft tag. And once you've stolen them, you can use them to steal other items, because they will block theft tags. Sounds awesome for theives and like total wankery for everyone else.

  • Just stop with all the RFID bullshit on credit and debit cards! Really, is that extra few seconds taken to insert and enter a PIN such an onerous burden? People in that much of a hurry aren't likely to use that precious sliver of time to stop and smell the roses anyway.

    For those worried about cell phones and the like, I suspect the new-style duds will do little or nothing to impede those signals. They're a couple of orders of magnitude higher in frequency than the current RFID payment systems, and they use

  • None of my credit cards are RFID. The only cards I have ever had that are RFID/NFC are hotel keys, and conference cards. My passport cover itself blocks RFID scanning - US passports only work if open.

    And of course the sensationalism of the quote "more than 10 million identities digitally pick pocketed every year [and] 70% of all credit cards vulnerable to such attacks by 2015" - really? There are many problems with statements like this - but I am sure the Marketing group came up with them:

    - stealing a credi

  • Especially ones lined with Original Reynolds(tm) material? They will have a huge market.
  • by Alain Williams ( 2972 ) <addw@phcomp.co.uk> on Thursday December 18, 2014 @08:30AM (#48624869) Homepage

    keeping a wallet in a back pocket is a silly thing to do anyway - easy for (physical) pick pockets to lift stuff from there.

  • I would like to buy a simple RFID blocking wallet. I can find a lot of them on Amazon, but none seem to have a coin compartment. I currently use a Lifeventure wallet [lifeventure.co.uk], and I would like to get something similar. Ideally it would have the outside blocked, the inside not. So when you open it, you would be able to hold the card to an RFID scanner, without having to take it out.

    All suggestions are welcome!

  • They have both bifold and trifold. Don't know how well they work, though.

  • Until you get charged with "Going equipped for stealing" an offence under the Theft Act. Since blocking RFID will block most shop security devices. Perhaps Blazers will become the new uniform for shop lifters.

  • ... this hardly has the cachet of tinfoil.
  • You know you can request Credit cards and IDs without the RFID chip in it. I do this all the time with Visa and AMEX. I request cards without the Chip.... problem solved.

  • by koan ( 80826 )

    Stupid idea, instead just make wallets, phone sleeves or other small item carriers with the lining.

  • ... I'm not an early adopter.

  • If the card companies are depending on the cardholder's pants for improving security, then their system is broken.

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Working...