The ghost in the machine
Apparently, I’m not alone in my paranoia. Back in Japan, where public-use RFID devices have been mainstream for longer than here, there’s an episode of the bonkers Japanese teen anime Sayonara, Zetsubo Sensei in which the eponymous main character expresses concern that passing his wallet over an RFID reader at the automated exit gates of his train station might allow hi-tech yakuza to scam all the credit cards in his wallet at the same time. This episode dates from 2007 - Japan’s been biting its fingernails over this for at least five years already.
Talking of anime, fans of the Ghost in the Shell sci-fi films and TV series will be familiar with the process by which the characters with cyberbrains can hold conversations remotely over the air but, when security is important, they connect brains by old-fashioned cable. Otherwise, as the clip above suggests, you metaphorically risk punching yourself in the face.
It’s not just me, Major Motoko and suidical Japanese schoolteachers, either: there appears to be a rapidly growing market in the West for metallic ‘RFID-shielded’ (so the claim goes) credit card wallets. The manufacturers would like you to believe that touchless cards can be hacked through your trouser pocket by digital thieves brushing past you in the street or when crushed against you on public transport. Is this really any more unlikely than the elaborate scams involving cash dispenser machines?
It all seemed such a good idea at the time... er, Flipside Wallet RFID shielding, anyone?
Look, the entire system of currency and exchange is based on trust, and we seem to be hell-bent on handing that trust to organisations who have been proven time and time again to be thoroughly untrustworthy. It’s bad enough that we have to deal with serial offenders such as the banks, but now we’re about to entrust our personal finances to mobile phone operators too. Come on, these guys can barely keep their own phone networks up and running, let alone secure from hacking by tabloid journalists, and you want to give them unchecked access to your current account?
Once your phone data and bank details are hacked simultaneously, you’ll be shafted by everyone from Russian gangsters to Nigerian scammers before lunchtime. If we’re going to drop our digital trousers, bend over and spread our digital butt-cheeks to the world, we shouldn’t be surprised to find ourselves being ruthlessly rogered. ®
Alistair Dabbs is a freelance technology tart, juggling IT journalism, editorial training and digital publishing. He would like to live in a carefree world of wireless but, unfortunately, there are bad people around. Some of them have even been known not to work for banks or mobile phone companies.
COMMENTS
Incomprehensible emails...
> Hi hope your well?
Um.. hi. I don't know who you are, and you appear to have prematurely hit the "Send" button before making the enquiry about my well. Yes, it's a standard stone-block lined well, and is currently up for sale (buyer collects).
No one ever heard of long range RFID????
I assume you have RFID for highway tolls in the UK like we have using "Easy Pass". Reads the card on the window or license plate as you drive 90 mph.
With a little hacking, those same large high power antennae can read your card right in your pocket as you walk down the street. The power for the card signal comes via induction from the reader not the card. The higher the power, the greater to distance between the card and reader can be.
What's to stop a slightly smaller high power version from scanning your card in a crowded subway or bar?
Absolutely nothing, and phone companies are not regulated like banks and credit card companies are so you stand a very good chance of never recovering that money.
"head across the Pacific ocean and turn left when you see the China coast”
Didn't you mean turn right?
I thought of making the same post, and then thought "Nah, that's too pedantic even for the Reg." I'm glad there's someone equally pedantic out there!
NFC Cards
Well I just got a replacement card from my bank with contactless payment technology in, interesting conversation with them about why I just wanted one without. Eventually they agreed to send one out without it (did mention closing all my accounts with them).
I do not understand why they think this is a secure way of making payments? The blurb that came with it said your pin will be requested for the first few transactions but after that probably not required, this is a recipe for fraud albeit only upto £15-20 per transaction at the moment. No doubt limits will go up same way as they do on your credit card.
This reminds me of the incidents that Tesco had when the automated tills were first introduced, they didn't need a PIN to be entered for small transaction values, they got ripped off and had to modify the tills to require a PIN for all transactions.
De Ja Vu all over again..
