Last chance to enter The Hackaday Prize.

DIY RFID shielded wallet keeps data thieves at bay

diy_rf_shielded_wallet

[Serge] was in search of a new wallet, but he was concerned about ne’er do wells with RFID readers stealing his data. He could have gone out to the store and plunked down $20-$30 for a shielded walled, but where’s the fun in that? Instead, he decided to make his own.

Using Kevlar-Nomex fabric, he laid out the general structure for his wallet. This ultra-strong fabric has a breaking strength of 500lbs, but blocking RF isn’t exactly its forte. To provide some electromagnetic shielding, [Serge] added a nice uniform layer of silver epoxy to the Kevlar, which carries an added bonus of strengthening the material. He fired up the sewing machine, adding a nylon strip to the exterior of the wallet for reinforcement, then he worked on forming the bill pouch and card holders.

The final result is a plain yet incredibly rugged wallet that’s sure to keep his various RFID-enabled cards safe. We really dig how unassuming the wallet is – no flash, all function. Nice job, we’ll take one!

Comments

  1. rasz says:

    rf and fire safe

  2. KillerBug says:

    I went a slightly different route…I simply turned off the accounts for cards with these chips; any bank that would give you a mobile security risk like that without asking first cannot be trusted enough to keep an account with.

  3. fartface says:

    RFID wallet keeps fake thieves at bay.

    They have to be on top of you to read the RFID’s in your wallet.

    I personally pop all my cards in the microwave for 3 seconds. Poof, all the rfid’s are toasted.

    and yes, I tested it, I have a RFID reader and they did not read afterwards.

    I did it to stop skimmers who have the card in their hands. the current skimmer trick is to have the rfid reader in the pocket and simply put the card near it to read instead of having a swiper that can be seen.

    • smoker_dave says:

      Take it you don’t have chip and pin?

    • DoktorJ says:

      Actually, with the right antenna and power levels rfid can be read from a fairly long distance. I don’t know the exact limitations, but it’s definitely possible from more than a few feet away.

    • Morgauxo says:

      Yes, well, some people have strangers on top of them more often than others.

    • JD says:

      I hadn’t thought of putting my cards in the microwave. After I asked my bank to disable the chip and they refused saying they couldn’t. I asked then if the card was damaged would it be refused and he said no. So I examined the card for any surface changes. Sure enough there is a slightly raised square bump that can be seen easily in the right light. A hammer + a tiny finishing nail later and the chip was crushed. Checked it at McDonalds and a 76 gas station where the payPASS systems confirmed it was dead.

  4. smoker_dave says:

    Did he actually test to see if the wallet prevented his card being accessed?

    It would be a simple matter to test this out with an RFID tag of the same frequency and your own reading device…

  5. jim says:

    New technology, new market for paranoid consumers.

  6. steve says:

    Why would I want to do this? It is probably not shielding against 125 kHz RFID, which is the only stuff with only a number. All the RF RFIDs have some sort of security mechanism.
    Isnt one of the benefits of it, that you dont have to pull the card out of the wallet? When I go to the Zoo with my little daughter, I enjoy it quit a bit not to have to fight with the huge card stack inside the wallet but rather just walk through the entrance. Stupid paranoia.

    • pfargtl says:

      and that is precisely the issue these people have with it. it’s not hard to find a good spot to place a reader. densely packed pedestrian paths often have people passing inches from trashcans and whatnot. we’ve seen home-made readers here that can scan cards from 20+ feet away in one direction, you need only walk by with the card in your pocket to get robbed like this. a targeted attack against one single type of card like this is still going to get results. as we all know, theres no such thing as data security, everything gets hacked and exploited eventually.

    • Aaron says:

      …so you’d rather have all your credit cards be exploitable, than maybe take a few of them out of your wallet? Brilliant!

    • tylo says:

      I know a few people with “RFID shielded wallets”, usually with thin steel plates or mesh, and none of them work with frequencies as low as 125kHz

      I decided to build a wallet out of solid copper instead. Holds up like a champ, and definitely can’t be read by an RFID reader at any reasonable distance.

      If you want to protect against lower frequencies, you really need something quite a bit thicker than some mesh or silver epoxy though.

      • KillerBug says:

        Copper? It must be very heavy.

        Why would you want these chips anyway? I mean, other than to get mugged without the bother of removing your credit cards from your wallet. Heck, if you have more than one of them, you still have to remove the card from your wallet to pay for something (but not to get robbed).

  7. Aarcain says:

    I do not believe people are over paranoid about the RFID’s. 60 minutes did a report and showed that with a RFID scanner and an external antenna, one can hack the cards from 50 feet away (with them still in a wallet and purse). My RFID reader and antenna can read from about 25 feet away. Those who blame paranoia usually are not well informed enough to properly make a judgment abuut the issue.

  8. steaky says:

    all very interesting but it is a shame he doesnt go into testing the RF shielding effectiveness.
    article would be 10x more useful with empirical data.

    Also, assuming this would block any useful RFID – for example Oyster cards

    • Greenaum says:

      Just to add, since this article’s been dug up again…

      Bryan mentions a few posts down, a bit of folder paper with some foil stuck on. Why not put this in your wallet, with your “private” cards on the inside, and stuff like your Oyster cards left outside the foil-paper layer? So the outer cards work, the inner ones are private. For the outer cards the layer of foil might even act as an antenna, or a ground plane or something. Might improve the signal!

      Haven’t done it, don’t own any RF cards. Or a wallet. In the UK most things are smart cards now, needing physical contacts. Except for bus passes which have mostly gone RF. Should work tho right?

  9. _matt says:

    @smoker_dave
    If fartface is from ‘murrica like I am, then chip and pin is pretty non-existant here.
    Hell, non of my credit cards even have rfid, and I’m glad they don’t.

    • gth says:

      lol. last time I was in “‘murrica”, as you say, they were still accepting paper cheques (sorry, ‘checks’). US spelling supplying further irony given that antiquated form of payment involves no check that the money actually exists.

      If they can’t get rid of those, don’t expect contactless to disappear in a hurry either.

  10. Bryan says:

    Take a manilla folder and cut out a piece to fit the cash area of your wallet. Next, wrap one side of the piece with aluminum foil. Coat both sides of the piece with packing tape. Place this in the cash area of your wallet.

    This seems to work well. My proxy card for work now can’t be read until the wallet is opened.

  11. FrMac says:
  12. Max says:

    “breaking strength of 500lb”
    Silver epoxy reinforcing the material.

    How much small change does this guy carry? I’ve occasionally found that I get a handful of coppers weighing me down a bit, but in excess of 500lbs of wallet contents would need someone with legs like tree trunks to haul it around in the back pocket not to mention the extremely large bulge in your trousers…

  13. smoker_dave says:

    You wouldn’t even need a solid piece of material to block the RF, you could use good quality material in a well designed grid pattern. Spacings of the grid can be designed to block out the frequencies you are working with. Good info on Google, no doubt.

  14. Drake says:

    Heh, wouldnt it be better to shield what needed to be shielded then have a fake tag outside the shield. This way the skimmer gets “data” and leaves you alone. Atlas the data he got is fake “Card number 1111-1111-1111-1111 Epiration 13/32/00 Address 123 Fake St Fakerson Fakeia, 11111″

    From what I have read the skimmer has no way of seeing your data until they upload it.

    Just had another massively bad idea. Go to a con or other populated area and set up imitation shoplift detectors … just tune them to the bands of cred cards – place them in a doorway and bam mo’ money mo’ money mo’!

  15. gdogg says:

    Easier still: Put a garbage rfid card next to your credit card in the wallet. BAM.

  16. Rachie says:

    Faraday cages don’t inherently block radio waves. The concepts are similar, but still very different. Real radio shielding is much more complex to design. Unfortunately, I can’t find any guides on practical radio shielding.

  17. Vonskippy says:

    Wow, that’s just plain ugly. I’m guessing he went for the same style as his tinfoil hat.

  18. paul says:

    I’m more interested in the wallet itself… I go through wallets at the rate of about three a year, might try and make me one of these.

  19. JamieWho says:

    He didn’t want to spend $30 on a commercial product, so he spent $60 on a homemade option that may or may not work as well.
    Bravo! Successful hack.

    Personally, I like these: all-ett.com
    However, I have no RFID cards.

  20. Erik Johnson says:

    When I travel I just wrap my passport and cards in aluminium foil. Airport security once asked me about it lol.

  21. randy says:

    I wouldn’t like to be seen with this in some shops. It used to be a common trick to shoplift jewellery with rfid security tags with these.

  22. haineux says:

    This is a real website that sells real products. I have no actual evidence that the products really work, however, but if you simply must have a ball cap that shields against RF, this is the place to look: http://www.lessemf.com/personal.html

  23. Whatnot says:

    That silver epoxy is $35 then eh, that does not seem the best choice to me.
    Surely there is some way to get a copper mesh material like you find in shielded cables? Or if need be you could perhaps, if you have the patience, just open up shielded cables and use that.
    And if you are lucky and find some discarded old fat cables that give a large swath all the better.

    In fact, look what amazon has: http://www.amazon.com/Copper-Mesh-Rats-Birds-Control/dp/B0001IMLTO/ref=pd_sbs_misc1

    (don’t buy at amazon though, remember what they did)

  24. Nancy says:

    Way overkill. The solution is as simple as locating the RFID chip in the card (if it has one) which easy to see in the right light. Firmly press a push pin into the chip until you hear a cracking sound. Problem solved for free.

    • Whatnot says:

      Unless you want to withdraw some cash from an ATM of course.
      I don’t like RFID’s either since they are used to track people in unwelcome ways, but to not make your bankcard work at all so you cannot access your own money seems a bit fighting yourself.
      Same for entry cards for your job for instance, disabling them leaves you standing on the street.

      • Nancy says:

        Haven’t seen an ATM that relies exclusively on RFID, though I suppose they might exist. Every credit card that I’ve seen with RFID also has a magnetic stripe. That’s all you need.

        As for an RFID badge at work…you are absolutely correct. If you have one of those, you can easily test your shielding techniques. :)

  25. Cherix Aanders says:

    I paid $4.99 for my shielded wallet at a Ross store. Somewhat less than kevlar-nomex and a LOT less than a tube of silver epoxy. lol

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 91,230 other followers