“…When Brenden Walker got his new MasterCard PayPass ATM card in the mail, he headed to the gas station to try it out. To test the card’s “Tap N Go” convenience, he passed it in front of the scanner, which activated with a beep and displayed the word “Authorizing …” on its LCD screen. That was quite enough for Walker. Without completing the transaction, he put the card down on the pavement and took a hammer to it. “I gave it a couple of good whacks, he said…”
Zapped, Slashed and Nuked: Fear of Radio Frequency ID Chips Prompts Simple, Effective Methods to Deactivate the Technology
Hon. Dr. Ron Paul Of Texas
June 19, 2006
By Susan Warren
THE WALL STREET JOURNAL
June 5, 2006
As posted at SignOnSanDiego.com
When Brenden Walker got his new MasterCard PayPass ATM card in the mail, he headed to the gas station to try it out.
To test the card’s “Tap N Go” convenience, he passed it in front of the scanner, which activated with a beep and displayed the word “Authorizing …” on its LCD screen.
That was quite enough for Walker. Without completing the transaction, he put the card down on the pavement and took a hammer to it.
“I gave it a couple of good whacks,” he said.
The PayPass card, which contains an embedded radio chip, had worked perfectly. Other companies have their own versions: Exxon (SpeedPass), American Express (ExpressPay) and Visa (Contactless and Blink). In each case, the card uses an embedded electronic chip with a miniature antenna. When activated by a scanner, the chip transmits the user’s account number via radio signals. In just the wave of a hand, the purchase amount is automatically drawn from an account.
But Walker, a 37-year-old software engineer in Canton, Ohio, is one of a growing number of computer and technology experts who are becoming anxious about possible abuses of the technology. He fears that thieves will be able to eavesdrop on the radio transmission and buy gas at his expense. He also figures that he himself could walk past the pump and accidentally pay for somebody else’s gas, though the card companies say he would have to get within 2 inches of the scanner to accomplish that feat.
In any event, Walker wants no part of it. Hammering the card destroyed the chip. “I tried it again and … nothing,” he said. “I might as well have been holding up a salami sandwich.”
As the chips become more widespread, other militants are seeking them out and destroying them. And a little industry is springing up on the Internet to pitch an array of devices meant to protect consumers from abuses of the technology, called radio frequency identification, or RFID.
Radio chips have been around for decades performing other tasks, mostly related to security access. They’re the invisible passports that allow motorists to breeze through highway tollbooths and let employees open office doors.
Pets and people are getting chip implants under their skin that carry identification or medical information. Governments are beginning to use radio chips in driver’s licenses and passports. Retailers use them to track inventory. The banks that are now using chips in their credit and cash cards say they make transactions more efficient – and more convenient for customers.
Critics such as Walker worry that sensitive information will be intercepted. Some privacy advocates envision businesses and government furtively gathering personal data on unsuspecting consumers and criminals.
A German group called FoeBud, which describes itself as a civil rights group for the digital age, is featuring an array of RFID-busting products at the organization’s online store. Items include “deactivator nippers,” which look remarkably like a common hole-punch, priced at about $7.
The most popular item in the store has been a copper bracelet with a red light that blinks when it’s near an RFID scanner, said Rena Tangens, FoeBud’s founder. The store claims to have sold some 1,000 bracelets so far for about $18 each. “People think this is a cool gadget,” Tangens said.
Others are using do-it-yourself methods for disabling radio chips, including microwaving them. The electromagnetic energy emitted by a microwave oven fries the chip and renders it useless. The downside: Tagged items might burst into flames in the process, warns Caspian, a consumer group campaigning against the widening use of radio tags. The group suggests cutting out the chip with a pair of scissors, puncturing it with a straight pin, crushing it or pulverizing it.
Several Web sites boast about – but don’t yet sell – devices with names like TagZapper and RFIDWasher, which are supposed to make disabling the tags easier. Technology experts say some of these “zappers” work by emitting a burst of electromagnetic energy that permanently destroys the tag. Unfortunately, they say, it might also fry other nearby electronics, including iPods and cell phones.
Some techies in Germany figured out how to make a zapper by modifying a disposable camera. When you hit the switch, instead of taking a picture, it emits a burst of electromagnetic energy that fries any nearby electronics. They’ve posted an extensive description of their project on the Internet. Several technology experts contacted say it should work, but the developers didn’t respond to e-mails requesting comment.
A Web site describing the gadget listed several potential hazards, including electric shocks and Federal Communications Commission law violations. It also warned, “Don’t try it near your grandpa’s pacemaker.”
Makers of products using RFID say privacy and security safeguards are being built into the chips to prevent abuses. MasterCard International says multiple layers of security are available to prevent MasterCard data from being stolen by electronic eavesdropping. It’s up to the companies that issue the card to decide which security measures to adopt, said Art Kranzley, MasterCard’s executive vice president in charge of new payment technologies.
Customers who don’t want RFID in their PayPass payment cards can ask to be issued an chipless card.
Kelly Lum, 23, a computer-network engineer in Eatontown, N.J., recently bought a wallet online from a site called DIFRWear (RFID backward). The wallet has a metal insert designed to shield her radio-chip bank card from being read without her knowledge.
Lum said the card she carries came without any information about security safeguards, so she decided to take no chances. “It’s maybe a little bit of a paranoia thing, but hey, it’s my credit rating,” she said.
Eric Caraszi, 26, a computer programmer in Albany, N.Y., recently bought an RFID-proof wallet after having a conversation with a co-worker about different ways criminals might be able to exploit RFID-chip cards – from sneaky scans on crowded elevators to high-powered scanners on the roadside that could mine passing traffic.
As Caraszi sees it, “For every smart person trying to make a lock, there is going to be an equally smart person trying to unlock that lock.”