8 Ways to Sunday

Yesterday’s episode of Boing Boing TV shows how to steal credit card information with a laptop and an $8 peripheral. Just walk up next to someone with an RFID-enabled card, and you’ve got it. As the hacker being interviewed points out, with a larger antenna you could set up in Starbucks and walk out with a dozen or more credit card numbers.

I first expressed my concern about this exact thing in a post four years ago:

It poses a grave privacy concern, exposing your [information] to anyone who can pick up a radio signal. I imagine high-tech identity thieves prowling the club with RFID receivers disguised as cell phones or pagers, culling ID info…

It’s amazing to me just how much I called it. An anonymous commenter on the BBTV post says that RFID-reading cell phones are already on the market:

You do not need to hack anything. Nokia and others are currently putting RFID readers in cell phones — you can already buy models with this feature in the open market (google for “6131nfc” for example).

So what can you do to protect yourself? There are a lot of recommendations out there, from drilling a hole through the chip to breaking it by striking your credit card with a hammer. On the less destructive side, this video from Popular Science magazine shows how to make an aluminum foil barrier in your wallet that blocks the radio signals from getting out.

Yes, aluminum foil. When the alien overlords come, you can turn it into a stylish hat to block their mind control rays.

I don’t have any RFID-enabled cards right now, but if I get one I’ll probably give it the tinfoil hat treatment. What about you?

(Props: Boing Boing TV)

Update: How to Destroy an RFID Chip

Added 5/6/2008 — How-to website Instructables has a run down of the various ways to destroy or completely disable RFID chips in passports, credit cards, and elsewhere. (via The Big Noob and Boing Boing)

Microsoft Anti-Spyware has hit the beta 2 milestone, but now it’s called Windows Defender. MS Anti-Spyware won’t notify you of the upgrade as part of its automatic update process, but it’s an important one to make. If you’re an MSAS user, download and install the new version.

The American Medical Association wants doctors to own your electronic medical records. The reason? Their “tremendous economic value.”

(Props: The Medical Blog Network)

There’s finally an easy way to protect yourself against Sony Music’s security-crippling copy protection rootkit. Anyone with recent Sony CDs in their collection should check this out pronto.

If the security scare about Sony’s over-zealous DRM efforts is news to you, Les Jenkins offers a good run-down in a recent entry. The very latest news can be found at Mark’s Sysinternals, where they’re waging an all-out crusade against Sony’s actions.

Other noteworthy links about the Sony rootkit fiasco:

• The latest release of Microsoft’s anti-spyware tool will also remove the rootkit.
• The state of Texas is suing Sony for breaking the state’s anti-spyware law.
• The Electronic Freedom Foundation has a list of CDs that are affected by the rootkit.
• Sony is pulling CDs with the controversial copy protection from store shelves, and offering customer’s who’ve already purchased “infected” discs a swap for clean ones.

(Props: Stupid Evil Bastard, Talking Spyware, Mr. Tweak, and SEB again)

Tech giants Hewlett-Packard and Microsoft are working together to make the jobs of overbearing governments everywhere just a little bit easier. In late May HP rolled out the National Identity System, based on Microsoft’s .Net technologies. The system is designed to make implementation of, say, a national ID card much simpler. It appears from HP’s press release that NIS can be made to work with either biometric data such as fingerprints, or more traditional tracking mechanisms like bar codes. No doubt support for RFID, everyone’s favorite nascent Orwellian technology, can’t be far behind.

With the passage early this summer of the REAL ID Act — tucked sneakily into a sure-to-pass appropriations bill for the war effort — technology like this will soon be making its way into American wallets.

(Props: “Hot for Data,” by Annalee Newitz)

More Info

• InfoWorld and eWeek offer some additional details on the HP-Microsoft project
• Wikipedia article on the REAL ID Act
• A summary and analysis of the REAL ID Act (PDF format) compiled by the Congressional Research Service and made available to the public by the Electronic Frontier Foundation
• FAQ: How REAL ID Will Affect You
• Security expert Bruce Schneier talks about why REAL ID is a really bad idea.
• This eWeek article discusses fears among some security experts that the enactment of REAL ID’s provisions could lead to skyrocketing identity theft in the United States.
• After the passage of REAL ID, Wired News ran an interesting follow-up that covers the politics of the bill’s passage and the continuing struggles of state governments against the legislation.
• FindLaw’s legal commentary section offers up Noah Leavitt’s “The REAL ID Act: How It Violates U.S. Treaty Obligations, Insults International Law, Undermines Our Security, and Betrays Eleanor Roosevelt’s Legacy.” When a relatively stodgy site like FindLaw offers up an article title worthy of MoveOn.org, one should pay attention.