Mythbusters RFID hacking episode canned by credit card company lawyers
By Nilay Patel 
posted September 2nd 2008 11:47AM
posted September 2nd 2008 11:47AM
Although it's no secret that RFID is easily hacked (see: train passes, passports, credit cards, one billion other cards, etc.) it's still not necessarily common knowledge, and it sounds like the major credit card companies want to keep it that way -- according to Adam Savage, Mythbusters was all set to do a show exposing the weak security behind most RFID implementations but was shut down by lawyers from "American Express, Visa, Discover, and everybody else... [who] absolutely made it really clear to Discovery that they were not going to air this episode." Since Discovery is an ad-supported channel, it's not surprising that it backed down, but we'd say that the credit card industry would be far better served spending money on actually improving security rather than lawyering up and trying to keep consumers in the dark. Video after the break.[Via Wired]
Welcome to last week Engadget
Enjoy the stay
while this is unnerving...its really a moot point...how many times have you given your credit card to a waitress or given it to a fast food vendor...its nothing different. We hand our cards to let people take them away and swipe behind our backs...not to mention, if your card info is stolen, any decent card company doesnt make you pay for it.
Man! That's my AMEX card in the photo!
*calls American Express*
Thanks, I'll enjoy reading a story I hadn't heard of previously.
Keep it to yourself next time and just move on to the next story.
Welcome to annoying cliche "hey this is teh oldd happenz like DAYS agoz!" shit.
I had nothing to do with the $750 that was charged to my card at www.indianbootyhunters.com
I was a victim of a hacked RFID card.
^^^^^^^^
Ha-ha!
Handing your card to the waitress exposes the card just to the person and restaurant, but with RFID, the guy at the table next to you can know your card information as well.
@Sean
RFID typically doesn't travel that far - usually a few inches only. However if someone was to brush up against your with a RFID reader, then they would get your card info.
I'll stick to chip + pin thanks.
If my bank ever "switched" me over to an unsecured RFID card despite my insistence, I'll simply stop dealing with them.
If the dude on Prison Break is to be believed, he could have read your credit card info wirelessly WITHOUT RFID anyway...
1. I don't use credit cards. 2. Who the %^$& watches prison break?
What's the point of RFID on CCs anyways? Since you probably need to buy something and enter your PIN, couldn't you just plug the card to the reader...
Credit Cards = Satan's flat plastic fingers.
you = uneducated.
I feel safer already. Because everyone knows that Mythbusters only tackles issues that no one's ever heard about or researched on their own so as long as they don't talk about it, it doesn't exist.
I'm also glad I build my ostrich house. It keeps other bad things from happening.
i don't think so.
MB tracks and try to prove myths, if a myth exist then some one must has been thought, lived or even tried to do it. For example the diet-cola and mentos.
Apparently, Sarcasm is a concept that is beyond the above responder...
@Magallanes
I think Anthony's sarcasm was lost on you.
Magallanes look up the definition of "Sarcasm" and you will understand why your comment is being marked down.
TavisJohn: Look up the definition of redundancy and you will understand why YOUR comment is being marked down.
I've seen things on RFID hacking of credit cards, and this was many moons ago before the stories about RFID hacking for bostons subway system were making news.
I'll give you the punch line: having an RFID credit card is only slightly safer than pinning a poster board to your chest with your all the cards info on it. The only reason it's slightly safer is because you need a sniffer to pull the RFID info.
Bottom line: Myth confirmed, RFID credit cards are the worst idea ever.
Is that you, Mr. Imahara? Excellent show, BTW!
Yes. If you implement RFID it should be on something with a tad more security. A cellphone, for instance, where you can disable the chip or PIN-protect it.
i dont know whats so hard about putting security on RFID, a simple encryption-decryption would halved the number of potential hacker
And probably doubled the cost of the card. It's cheaper for them to eat the cost of the fraud than to make all the cards more secure. We'll only see secure cards when the cost of the fraud is greater than the cost of the security.
"Banned Mythbusters Episode" you-tube leak? I hope, I really want to see this
What's there to see? If credit card companies are blocking it- then myth confirmed. They'd be more than happy for it to air if it was proven false.
They didnt make the episode. According to TFA they were all set to make it but got stopped before they could.
@getnate
The fact that the companies lawyered up to stop even a preliminary investigation proves the point even more. They kill off the idea before it even starts because they know they will end up ass flapping in the breeze. If they try to stop it before it's released then there is more of a chance of the footage being "leaked". Nothing exists, nothing to leak.
I think this is an actual problem. American Express's Blue card is marketed as being one of the most secure credit cards available, with a "Smart Chip" (which, correct me if I'm wrong, is apparently just RFID) keeping all your info safe. If nothing else this would prove that it's false and misleading advertising, which should be pursued by a law firm looking to make a lot of money.
I think AMEX on their blue cards uses a different account number for the RFID feature. I know on mine, the last four digits of the card on RFID transactions are completely different than my physical card.
Smartchip RFID
Smart chips are a modern form of contact transaction. Your other cards a use a magnetic strip. Smart chips are relatively secure and are primarily used for satellite decryption in DTV and DISH receivers.
They require direct contact with a reader in order for them to be powered up and functional.
Yeah rfid doesn't provide any type of encryption so it's pretty useless. That is why i will never own one. My question is who is the genious that thought, "hey nobody really wants to steal credit card numbers so we don't need any protection." Credit card companies really need to rethink security.
it will be in your passport
evil big companies, and that idea of ovens and pizza crusts at the end...only a woman would want to know...jk
I kinda wanted to hear how he responded to her question...not for any scientific value, more a political one.
It's perfectly safe if you keep your credit card under your tinfoil hat.
It's better if you take it to a forge and wrap a few inches of iron slag around it.
Just hope the tin foil doesn't act like an antenna ;-)
This is pretty old news, but the fact that the credit card companies would rather sue to keep the information "unknown" rather than try to fix the problem has driven me to cut the damn chip right out of my Blue card.
same in the UK - we have chip and pin which is piss easy to get past. The BBC aired a show ages ago showing how you could get someones card, some crap off of ebay and then nick all their cash but writing a new pin to the card - what a fucking joke.
No wonder...my father was a victim of that low security. gj Visa and others :(
What? You expect them to fix the problem when it's so much easier to just shut people up? That's craziness I tell you, craziness!
Why wouldn't all these corporations send their lawyers? After all, they spend all those multimillion $$$ in trying to convince us that RFID is secured, when in fact is has been shown by plenty of people that they're not.
So air it online?
"Security thru Obscurity". Welcome to the (dammed) real world ;o)
Are they still on?
Absolutely and its getting better because they have a significantly larger budget. I love Mythbusters and Smashlab. Just to see stuff blow up.
If you keep viewing the different parts of the fascination with the Dodo bird series on Youtube (damn time limits!) he even goes on that they did a show on teeth whiteners and even though they didn't show any brand names, Discovery got ripped a new one from Colgate et all and backed down like a little bitch.
But he already blew the top off the fact that those tooth whiteners don't do jack.
It would be GREAT to have banned MythBusters episodes released. Better yet to protect the Mythbusters franchise, they send some unknown private party the episodes and they re-create the episodes without any reference to MythBusters and then spew it all over the internet. Once its out the Mythbusters show is good to be shown because the lawyers don't have a leg to stand on the damage has already been done.