Mythbusters RFID hacking episode canned by credit card company lawyers
by Nilay Patel 
posted Sep 2nd 2008 at 11:47AM
Although it's no secret that RFID is easily hacked (see: train passes, passports, credit cards, one billion other cards, etc.) it's still not necessarily common knowledge, and it sounds like the major credit card companies want to keep it that way -- according to Adam Savage, Mythbusters was all set to do a show exposing the weak security behind most RFID implementations but was shut down by lawyers from "American Express, Visa, Discover, and everybody else... [who] absolutely made it really clear to Discovery that they were not going to air this episode." Since Discovery is an ad-supported channel, it's not surprising that it backed down, but we'd say that the credit card industry would be far better served spending money on actually improving security rather than lawyering up and trying to keep consumers in the dark. Video after the break.[Via Wired]
Filed under: Misc. Gadgets
Reader Comments (Page 1 of 2)
Nick Catalano @ Sep 2nd 2008 11:50AM
Welcome to last week Engadget
Enjoy the stay
From My Cube @ Sep 2nd 2008 12:18PM
while this is unnerving...its really a moot point...how many times have you given your credit card to a waitress or given it to a fast food vendor...its nothing different. We hand our cards to let people take them away and swipe behind our backs...not to mention, if your card info is stolen, any decent card company doesnt make you pay for it.
gadjitmannn @ Sep 2nd 2008 12:32PM
Man! That's my AMEX card in the photo!
*calls American Express*
Big John @ Sep 2nd 2008 1:52PM
Thanks, I'll enjoy reading a story I hadn't heard of previously.
Keep it to yourself next time and just move on to the next story.
phanbouy @ Sep 2nd 2008 2:34PM
Welcome to annoying cliche "hey this is teh oldd happenz like DAYS agoz!" shit.
Flashpoint @ Sep 2nd 2008 2:50PM
I had nothing to do with the $750 that was charged to my card at www.indianbootyhunters.com
I was a victim of a hacked RFID card.
phanbouy @ Sep 2nd 2008 2:53PM
^^^^^^^^
Ha-ha!
Sean @ Sep 2nd 2008 3:04PM
Handing your card to the waitress exposes the card just to the person and restaurant, but with RFID, the guy at the table next to you can know your card information as well.
Andrew @ Sep 2nd 2008 3:25PM
@Sean
RFID typically doesn't travel that far - usually a few inches only. However if someone was to brush up against your with a RFID reader, then they would get your card info.
r3loaded @ Sep 2nd 2008 6:27PM
I'll stick to chip + pin thanks.
If my bank ever "switched" me over to an unsecured RFID card despite my insistence, I'll simply stop dealing with them.
Brandon @ Sep 2nd 2008 6:30PM
If the dude on Prison Break is to be believed, he could have read your credit card info wirelessly WITHOUT RFID anyway...
OneLove @ Sep 2nd 2008 6:37PM
1. I don't use credit cards. 2. Who the %^$& watches prison break?
avester @ Sep 3rd 2008 5:33AM
What's the point of RFID on CCs anyways? Since you probably need to buy something and enter your PIN, couldn't you just plug the card to the reader...
Scott @ Sep 2nd 2008 11:52AM
Credit Cards = Satan's flat plastic fingers.
samurai1200 @ Sep 4th 2008 4:51PM
you = uneducated.
Anthony @ Sep 2nd 2008 11:58AM
I feel safer already. Because everyone knows that Mythbusters only tackles issues that no one's ever heard about or researched on their own so as long as they don't talk about it, it doesn't exist.
I'm also glad I build my ostrich house. It keeps other bad things from happening.
Magallanes @ Sep 2nd 2008 12:05PM
i don't think so.
MB tracks and try to prove myths, if a myth exist then some one must has been thought, lived or even tried to do it. For example the diet-cola and mentos.
Ultatryon @ Sep 2nd 2008 12:23PM
Apparently, Sarcasm is a concept that is beyond the above responder...
DonatoM3 @ Sep 2nd 2008 12:24PM
@Magallanes
I think Anthony's sarcasm was lost on you.
TavisJohn @ Sep 2nd 2008 12:51PM
Magallanes look up the definition of "Sarcasm" and you will understand why your comment is being marked down.
Eric Leung @ Sep 3rd 2008 4:19AM
TavisJohn: Look up the definition of redundancy and you will understand why YOUR comment is being marked down.
Grant @ Sep 2nd 2008 12:02PM
I've seen things on RFID hacking of credit cards, and this was many moons ago before the stories about RFID hacking for bostons subway system were making news.
I'll give you the punch line: having an RFID credit card is only slightly safer than pinning a poster board to your chest with your all the cards info on it. The only reason it's slightly safer is because you need a sniffer to pull the RFID info.
Bottom line: Myth confirmed, RFID credit cards are the worst idea ever.
spam_free @ Sep 2nd 2008 3:51PM
Is that you, Mr. Imahara? Excellent show, BTW!
Jamar @ Sep 3rd 2008 9:40AM
Yes. If you implement RFID it should be on something with a tad more security. A cellphone, for instance, where you can disable the chip or PIN-protect it.
BratPAQ @ Sep 2nd 2008 12:03PM
i dont know whats so hard about putting security on RFID, a simple encryption-decryption would halved the number of potential hacker
Peter @ Sep 2nd 2008 12:28PM
And probably doubled the cost of the card. It's cheaper for them to eat the cost of the fraud than to make all the cards more secure. We'll only see secure cards when the cost of the fraud is greater than the cost of the security.
James @ Sep 2nd 2008 12:04PM
"Banned Mythbusters Episode" you-tube leak? I hope, I really want to see this
Anthony @ Sep 2nd 2008 12:12PM
What's there to see? If credit card companies are blocking it- then myth confirmed. They'd be more than happy for it to air if it was proven false.
getnate @ Sep 2nd 2008 1:28PM
They didnt make the episode. According to TFA they were all set to make it but got stopped before they could.
kal326 @ Sep 2nd 2008 10:27PM
@getnate
The fact that the companies lawyered up to stop even a preliminary investigation proves the point even more. They kill off the idea before it even starts because they know they will end up ass flapping in the breeze. If they try to stop it before it's released then there is more of a chance of the footage being "leaked". Nothing exists, nothing to leak.
Brad I @ Sep 2nd 2008 12:05PM
I think this is an actual problem. American Express's Blue card is marketed as being one of the most secure credit cards available, with a "Smart Chip" (which, correct me if I'm wrong, is apparently just RFID) keeping all your info safe. If nothing else this would prove that it's false and misleading advertising, which should be pursued by a law firm looking to make a lot of money.
Jesse @ Sep 2nd 2008 12:24PM
I think AMEX on their blue cards uses a different account number for the RFID feature. I know on mine, the last four digits of the card on RFID transactions are completely different than my physical card.
Danlor @ Sep 3rd 2008 11:10AM
Smartchip RFID
Smart chips are a modern form of contact transaction. Your other cards a use a magnetic strip. Smart chips are relatively secure and are primarily used for satellite decryption in DTV and DISH receivers.
They require direct contact with a reader in order for them to be powered up and functional.
livinonnosleep @ Sep 2nd 2008 12:11PM
Yeah rfid doesn't provide any type of encryption so it's pretty useless. That is why i will never own one. My question is who is the genious that thought, "hey nobody really wants to steal credit card numbers so we don't need any protection." Credit card companies really need to rethink security.
ishism @ Sep 3rd 2008 7:47AM
it will be in your passport
Steven M @ Sep 2nd 2008 12:11PM
evil big companies, and that idea of ovens and pizza crusts at the end...only a woman would want to know...jk
mike @ Sep 2nd 2008 1:12PM
I kinda wanted to hear how he responded to her question...not for any scientific value, more a political one.
sidemouse @ Sep 2nd 2008 12:13PM
It's perfectly safe if you keep your credit card under your tinfoil hat.
BigD145 @ Sep 2nd 2008 2:04PM
It's better if you take it to a forge and wrap a few inches of iron slag around it.
Andrew @ Sep 2nd 2008 3:37PM
Just hope the tin foil doesn't act like an antenna ;-)
Brodie @ Sep 2nd 2008 12:26PM
This is pretty old news, but the fact that the credit card companies would rather sue to keep the information "unknown" rather than try to fix the problem has driven me to cut the damn chip right out of my Blue card.
David @ Sep 2nd 2008 12:27PM
same in the UK - we have chip and pin which is piss easy to get past. The BBC aired a show ages ago showing how you could get someones card, some crap off of ebay and then nick all their cash but writing a new pin to the card - what a fucking joke.
Paradox @ Sep 2nd 2008 12:28PM
No wonder...my father was a victim of that low security. gj Visa and others :(
Jason @ Sep 2nd 2008 12:39PM
What? You expect them to fix the problem when it's so much easier to just shut people up? That's craziness I tell you, craziness!
Rob @ Sep 2nd 2008 12:39PM
Why wouldn't all these corporations send their lawyers? After all, they spend all those multimillion $$$ in trying to convince us that RFID is secured, when in fact is has been shown by plenty of people that they're not.
AlphaTeam @ Sep 2nd 2008 12:39PM
So air it online?
Alexandre Souza @ Sep 2nd 2008 12:41PM
"Security thru Obscurity". Welcome to the (dammed) real world ;o)
Eric @ Sep 2nd 2008 12:49PM
Are they still on?
MadMike @ Sep 2nd 2008 12:53PM
Absolutely and its getting better because they have a significantly larger budget. I love Mythbusters and Smashlab. Just to see stuff blow up.
MadMike @ Sep 2nd 2008 12:50PM
If you keep viewing the different parts of the fascination with the Dodo bird series on Youtube (damn time limits!) he even goes on that they did a show on teeth whiteners and even though they didn't show any brand names, Discovery got ripped a new one from Colgate et all and backed down like a little bitch.
But he already blew the top off the fact that those tooth whiteners don't do jack.
It would be GREAT to have banned MythBusters episodes released. Better yet to protect the Mythbusters franchise, they send some unknown private party the episodes and they re-create the episodes without any reference to MythBusters and then spew it all over the internet. Once its out the Mythbusters show is good to be shown because the lawyers don't have a leg to stand on the damage has already been done.