Topic: Can RFID be used to track down wallets? (Read 283 times)

As I said, this isn't even possible on Android (on iOS I am less sure) because the factory reset protection will completely lock up the phone, prompting for password or Google Account login (the account must have signed in from Android settings for this to work).

So save security exploits, such phones are as good as sealed.

The good thing is that 99% of thieves will just try to reset the phone to factory settings, so they are able to sell it. In any case you should never have more than 500 USD in a mobile wallet, which means that it is not really worth it for a thief to buy specialized equipment. Also if you have a seed backup you can quickly send the coins if your device gets lost or stolen. This should be easily doable before anyone can crack the phone. Only if he targets you specifically than the coins could be stolen.

This is trivial thing for anyone who understand how this devices work and have proper tools and software to unlock them.
We shouldn't worry about most of the hypnotized masses, but you only need to lose phone once for some expert to find it.
I doubt anyone smart would ever keep anything really valuable on their smartphone.

You mean They Live?
There is nothing wrong in being a bit paranoid sometimes, and you don't have to speak to much about it in public.

A little bit off topic but I see people trusting the soft settings on your devices. Don't blindly trust that! Or at least I wouldn't (and I actually don't). To turn off geo locations, GPS, etc on your device's settings may or may not actually deactivate the feature and stop the hardware of still capturing data and possibly transmitting it without our knowledge/consent!

I maybe be overkilling with this but it's know that NSA requested router manufacturers to include backdoors in the hardware so that they could access those devices and snick into people's home networks and sniff everything they wanted. This may also be happening with phones. There is people removing microphones from their smartphones, I mean dessoldering them, and the same for cameras. When they need to use the phone to make phone calls, they use external devices such as USB microphones or USB cameras if needed! Just a reminder. Don't trust anything, mainly in this context of internet, communications, etc! They are among us, 5 Eyes, Prism and others!

That actually reminds me, if you set a passcode on a phone that has crypto wallets inside it and the phone is subsequently stolen, the thief is going to have a  hard time getting in there because practically all new smartphones make you wait enormous periods of time between unlocks if you keep entering the incorrect password. So at least the coins are as good as lost.

Sure, they could connect an OTG cable (at least in Android's case) and attempt to clone the /data partition with dd, and find the crypto wallets with that, but a responsible phone vendor should be encrypting the /data partition before shipping it to users. It's quite easy to do if you use things like LUKS.

I have no doubt that information, such as your interests, search results, visited sites, etc. are tracked, stored, and shared. I was mostly interested in seeing what they know about my movements and the location I am in. Where I was yesterday, or last month or year. But at least based on the timeline they are showing me, there is nothing there. Whether or not that info still gets recorded somewhere else without my knowledge is not something I would know.

It's not a secret and I mentioned the phone model a few times on the forum already. It's a Nokia 8 with Android 9. I have had it for several years already. I like playing around with settings and turn off everything I don't need. App permissions are also kept to a minimum if the app allows it of course.

You allow the application to access the GPS information, but your phone vendor probably knows it all the time. If you even allow a single app to use it, they know. Because just the GPS data doesn't help much; it's usually sent to Google / Apple servers to e.g. show your restaurants in your vicinity or for being able to find your phone if you lose it.
Even if you turn off location access for every single app, and even though the Android kernel is a (open-source) Linux kernel, you probably have a ton of closed-source vendor stuff in there (iOS is fully closed, of course), so there's not really any way to tell that that GPS data never leaves your device.
Best would be a hardware toggle or ability to remove GPS and WiFi (also used for location sensing) antennas, but I'm only aware of laptops that allow to do this.

Oh, now I got your question. Well, as far as I know there are some new data protection laws that mean (at least in the EU) they're required to hand you all the personal information they have on you. For Google there's a section in your account settings where you can request it. It also includes search history and such things.
Regarding sharing of any information they have about you; check the terms of service of their products and I'm sure all of them include something like 'we have the right to share (anonymized?) information with third parties'.

Wow; that's amazing! I fully understand if you don't want to disclose which exact phone you use, but is it degoogled or modified in any other way? Does it run stock Android or something like Samsung launcher (which might collect location and other information & share it with Samsung in this case instead of Google)?

Sure; I recommended hardware toggle earlier, too, since there is always some risk that they leave stuff on even if you turned it off, or collect information and tell you they don't have any, and such. It would be bordering on fraud in my opinion; but still being 'better safe than sorry' is always a good bet.

I believe the OP's question has been sufficiently answered, but I wanted to chime in, since you asked for it..
The original question is about RFID, not NFC; the two don't really have anything in common except maybe being both wireless communication systems. You can't track a NFC-capable wallet with RFID technology, but you can perform NFC tunnelling and other attacks (that's another story).

However, it appears to me his question was actually based on the belief that since Bitcoin is digital, Bitcoin wallets themselves can be detected and tracked in the real world through RFID technology. This is absolutely hilarious, since a normal Bitcoin wallet is pure software. So it's almost as if I asked 'can I check if you run Firefox or Chrome by RFID-scanning your laptop?'.

They will attach your name to it at some point.  If you use a phone for one year, I doubt they never collected your name from some website at one point.  Or, they have enough information about you from third parties that your name is easily attachable to your ID.  If they know customer A lives on address X and you are spending 99% of your nights on address X, they will know you most likely are customer A.

Then, remember your data is most likely floating in between corporations.  They likely all have at least one piece of information about you collected and stored.

This is why you should never trust a software trigger.  I never trust my phone with the Wi-Fi disabled or 'Airplane Mode'.  It is just a button on a display.  Same with Google.  It may remember your choice, but it does not mean it will stop doing tracking you just because you said no.

Behind the curtains, I think there are SO many things they track, collect and all that even with all these settings off, they will continue to collect the said information through other means.  Even if you de-Google because you do not want Google to know what you are looking for.  There are Google trackers and all of that, so they know anyway through that.  They are everywhere, it is like a virus you can never get rid of.  Sure.  There is DuckDuckGo and all of that.  But most of these are closed source and so you are probably only moving your data from one corporation to another really.

Edit, as I answered to some replies without actually replying OP.  I might say stupid things right now so someone chime in if that is the case.  Say you had a Bitcoin NFC 'Hardware Wallet' on you.  I think they do not even need a specific device to identify your wallet.  If you have an NFC Hardware Wallet sitting close enough to your phone, I would think the phone is more than enough to have an NFC Hardware Wallet tracked down long as the card is unsecured.

That may work if your phone is rigged or if you hold your NFC wallet in, say your jeans front pocket and some bad actor has the right device sitting close enough to your pocket, for the right amount of time, to do something malicious to it.  But then you ask what is the probability someone has a device created to steal Bitcoin coins or wallets specifically and they find exactly you in the middle of nowhere and get close enough to the place your NFC wallet is located for a few seconds to sweep information and or coins off it.  Probably none.  Moreover, if you have an NFC Hardware Wallet I hope you also have an anti RFID pouch for it.

Now if we are talking about larger distances.  For example you sitting home and someone trying to do this from the outside.  I would assume it might be possible to do this if you are a three letter agency's target but the equipment necessary is so expensive it is not worth it at all unless you are a HUGE red target.  But as far as I know, RFID works only in close ranges and one solid block of material like a wall should block the signal.  I do not know of any user end RFID tag that works from distances longer than say 10 - 15 inches.  Take a credit card for instance.  Remember how close you have to get it to a POS for the transaction to be seen, read and accepted.  Otherwise everyone would have dollars swept off their cards anywhere they go without an anti RFID pouch.

-
Regards,
PrivacyG

In reality, Google only claim they don't collect your data by not showing anything on Google Timeline. They still track you even after you opt-out[1], although AFAIK their ads/recommendation become less accurate after you opt-out.

[1] https://www.consumerreports.org/privacy/google-sued-for-tracking-consumers-after-they-opted-out-a2966481024/

I am happy to report that my Google Timeline is completely empty. According to Google, I have never even left my house and I am planning to keep it that way. No movements in my town, I have never travelled anywhere, visited any new cities, and they have no photos to connect me to any destinations. The less they have, the better.

I don't know if they are open or closed-source, but several years ago when I was travelling I used Magic Earth and Maps.me and they also worked offline.

I think that RFID chips can be stored in some personal documents, like ID cards or employee cards and devices used for accessing buildings and work places.
There is something similar used more these days for opening buildings instead of entering pass codes, they usually look like cheap keychains coming from China, and they also have RFID chips inside, that can be programmed.
They look like this:



That is true, but you can in some extent disable all this tracking and history settings in your google account and disable all this data collection, so even if your account gets hacked they wont have much information.
Even without that I would pot out and use some alternative options instead of google, for example there are complete full offline maps you can use for navigation, OsmAnd or OrganicMaps are Open Source and work offline.
If you combine that with some good de-googled phone, than you have usable tool without giving away all your information to big brother.

Google has all your movement data. You can access it yourself, just go to your google maps app or search for google timeline. It is actually very creepy to be able to see every step you took. This data is not sold with your name attached to it, but with a kind of customer ID. Still if somebody really wanted it would not be an issue to hack your account and see all your data or maybe even buy data and link some known movements of you to other unknown activities of you.


That is true and also only if you get back an RFID signal, you still don't know if a wallet software is on that device.

That's not what I meant. That requires me opening the app, activating GPS, and allowing it to track me.

That was kind of my point. It knows where I am if I give it the permissions. If you are travelling and don't know how to get from point A to point B, Google will track your current location and show you where to go. That's ok.

dkbit98 said Google knows my current location and shares it with anyone who asks. I would like to see where this info and location sharing is happening. I am not delusional and know that everything you do on your phone leaves digital evidence and you are tracked through every possible sensor. But if it's that easily accessible, I would like to see it.

Only if it has some sort of RFID antenna and chip which react to RFID scans, though. And it's not a normal feature to have RFID in regular computing devices such as computers or phones.

If I understand the question correctly you can maybe track a hardware wallet or a computer with a bitcoin wallet on it with RFID.

Yes, it's triangulation, so the location is approximated to a few hundred meters. It's not trivial to find someone using this technique especially in a populated area, but it's definitely a big hit on privacy if I know which city you are in and the rough location within that city.

You can check Google Maps app, for example. But any other app works, too. Both Google Android and Apple iOS applications make use of so-called 'location frameworks', which means even if you use OpenStreetMap on your phone, the manufacturer of your device still knows where you are. Because the application has to request the location you're at, and can't access the GPS chip directly.

I guess you are talking about cell tower triangulation, right? If it's that, can cell towers really tell the authorities the exact location, or do they create a triangle from where the signal comes from? Depending on where you are and what's the distance between the towers this triangle can be of different sizes and up to several kilometers I assume. That would tell the authorities that the person is somewhere in this 1km radius, for example. Unless they are able to get a precise fix on the phone based on the distances from each and every cell tower in that triangle. Do share more info if you have it.     

Where do I go to check my exact location? I want to see how accurate it is and if it works even if I haven't given it any permissions.

Who told you that?  
SIM card is automatically sharing your location with all cell towers and authorities can know your exact location at any time, if they want or if they suspect you for anything.
Google knows your exact location and they are sharing it with anyone who asks, including any third parties for commercial ads, and most of the people have default settings on their smartphones.
If you use Google maps your location is also known, and there are even tracker apps that can be install on phone that would turn average Joe into secret agent that can find location of other device.
In some cases even if your phone is turned off it can still be located, maybe that is why many new smartphone models don't have removable batteries.

You would need to have physical device with actual RFID chip inside, that is impossible for software wallets, and none of the hardware wallets I know have something like this installed in them.
Other components and devices could potentially be used for tracking, like wireless, wi-fi, nfc, and most smartphones are already voluntary tracked all the time with google, IP location and cell tower from SIM cards.
Having any wallet installed on smartphone probably means that your every step in tracked, and there is no need for some RFID chips at all, if you carry your phone with you.
Good way to protect form this is by using faraday bags and cases for your devices.

While a RFID tag is a physical device, software is not physical. You cannot place a tag onto software (you can place a tag onto a DVD, but you're tagging the physical DVD, not the software on it).
So your question makes no sense. Bitcoin, wallets and so on cannot be tracked with RFID. Hardware wallets (those are physical, yes), can have RFID tag on them, but that's to avoid shop lifting and cannot be read from a wider distance.

I hope this helps/clears up things.