Mythbusters RFID hacking episode canned by credit card company lawyers
By Nilay Patel 
posted September 2nd 2008 11:47AM
posted September 2nd 2008 11:47AM
Although it's no secret that RFID is easily hacked (see: train passes, passports, credit cards, one billion other cards, etc.) it's still not necessarily common knowledge, and it sounds like the major credit card companies want to keep it that way -- according to Adam Savage, Mythbusters was all set to do a show exposing the weak security behind most RFID implementations but was shut down by lawyers from "American Express, Visa, Discover, and everybody else... [who] absolutely made it really clear to Discovery that they were not going to air this episode." Since Discovery is an ad-supported channel, it's not surprising that it backed down, but we'd say that the credit card industry would be far better served spending money on actually improving security rather than lawyering up and trying to keep consumers in the dark. Video after the break.[Via Wired]
Its pretty sad that what they are interested in is profit at the cost of identity theft, financial risk to consumers, the major hassles of trying to straighten out your credit history...
I just received two new cards to replace my old and they both came with new RFID chips that the previous card did not have; I'd rather have my old card back.
How to hack RFID-enabled Credit Cards for $8:
http://www.youtube.com/watch?v=vmajlKJlT3U
Its funny how the "news" went ahead and ran a story about bump keys and even referred people to YouTube to "learn how to do it" yet these large corps are making Discovery channel sit silent. They never think about the fact that by knowing how things work and how they're vulnerable, we can be more educated in protecting ourselves.
To protect themselves they could release the episode on flash drives. Just deposit flash drives around the country (When they travel) and BAM it will hit the internet soo fast, that no lawyer will be able to stop it!
on a side note, wtf was with that lady going crazy about pizza at the end there.
speaking of mythbusters, everyone seen this?
http://www.hackaday.com/2008/08/29/1100-barrel-paintball-gun/
I think we all need to look at the bigger picture here.
Transunion, Equifax, etc. all make a killing off of people's fear of stolen identities and ensuing bad credit. These companies are all in bed with your run of the mill credit institution, Visa, Mastercard, AMEX. Where's the incentive to actually MAKE people's data secure, when they ASSUME its secure in the first place?
Poor Security + Public fear of bad credit = Profit
Personally, I feel that RFID is less secure than Physical Security (i.e. in your wallet). How long do you really think it will take for someone to setup up shop with a sniffer in the food court at the mall?
Hell, they might even be a drone from Discover.
So give the designs to Revision 3 and let them do it on 'The Broken' :)
Jeeeez! If you watch to the end of the video, some woman goes off on some crazed rant about pizza! Anyone know what she was on about?
That woman really likes pizza!
hear the passion in her voice when she says "CRUST!"
JABBA NO BAAATHA
The Passion of the Crust
Pizza the Hut!
They can't do anything because the idea was squashed in the planning stage. They called the companies as part of the fact finding portion and the companies had their lawyers at the meeting. The lawyers made it VERY clear that they were NOT to do anything on this subject. So there was never any filming to be released or leaked.
Microsoft has been using this 'security though obscurity' model since the DOS days, and I think that the thousands of viruses, trojan horses, and key loggers that infest the Windows world give an accurate accounting for the success of this model.
http://www.learnucd.com/kevlar/why-is-the-iphone-popular
Welcome to free speech in the US
Umm dude. They are free to talk all they want. However the ramifications, obviously outweighed the right to air this show. Nothing was stopping them. Not the FCC, not some court. They backed down because it would have hit the Discovery channel in the coin purse. If you think this doesn't go on all around the world you are the most ignorant person on the planet. If a company feels like they are being jeopardized they will sick the legal dogs on anyone inside or outside the US. It doesn't matter.
I'm pretty fortunate my Credit card doesn't have such a great feature.
How would one go about frying the RFID? We use RFIDs here at work in order to gain access to the building/floors. A friend of mine apparently went down some of those plastic slides and reported his RFID no longer works. Is destroying the RFID portion of the credit card an option? They should still have the regular metallic swiping mechanism in place (I'd HOPE!).
Hearing this makes me more and more curious to ebay some RFID readers and mess around with it myself. Screw the Credit Card Companies and their crap tactics.
guys. digg this. get the word out about the shortcomings of this technology.
http://digg.com/security/Mythbusters_RFID_hacking_episode_canned_by_credit_card_compa
When I got my new Visa last year it had a RFID chip. I called to ask if I could get one without it and they said no. So, I drilled a hole in through the chip with a dremel to disable it. It's a great conversation starter with baristi, waiters, etc...
I love how when he said Smash Labs everyone booed :P
Hell yeah. Smash Labs makes me very, very sad.
My MAIN problem with Smashlabs is that they don't even bother to do basic research on what they want to "fix" at least half of their "ideas" are either in use successfully somewhere (Crash barrier=SAFER Barrier in Autosports) or have been thought of, tested and if discarded, done so for either cost/practical reasons (Train Airbag, I KNOW that was looked into years back)
Mythbusters has however many people officially doing research, as well as probably every crew person/ personality.
If they miss something it is NOT because they did not try and look for everything they could on whatever they are doing
As for the RFID, passports got themselves hacked AGAIN, about 2 weeks ago, just by being NEAR (don't remember link sorry)
Bittorrent the episode >:)
A story is only old if you've heard it before. What a bunch of try-hard elitist snobs we have on this site. Whatever you do, don't let other people invade your turf. Got your gang colours on? Over-sized glasses from too much web-surfing - check. Bad hair - check. Poor health and hygiene - check. A high intelligence to common-sense ratio - check. No luck with the girls - priceless.
I don't consider my lack of luck with the girls priceless :(
I suppose it's similar to the situation with lock "bumping". where they proved that most locks, even very expensive locks can be simply bypassed with simple tools and little practice. Having worked in a locksmith shop for years, this is partly a "security through obscurity" issue. We could have 2 dormrooms keyed to the same door, or 2 offices that are adjacent to eachother that are keyed alike, and the occupants never knew. They are right though.,, it is screwed up, but if this episode aired, exploits would more than 100-fold IMO.
Perhaps the folks who wrote this article should spend more time understanding the technology and less time hyping the implied weaknesses in things they don't understand. There are a myriad of reasons why it would not be a good idea to broadly broadcast specifics of how some information is used and/or protected and it not ALWAYS because it may expose people to bad things.. Sometimes it is and sometimes it's NOT. The "writer" makes the assumption of the reason why this was not aired and implies it is because RFID is hackable. However, the "writer" does not know this is true nor apparently does he or she care to do enough research to understand anything about the technology and report factually about it. So don't be so easily led by yet another "journalist" looking to make a big story and sensationalize things. Unfortnately it seems they only want to, as the song goes, "get the widow on the set"and not stick to reporting the facts.
wtf? we know RFID is hackable, just look at the links. as for why credit card companies don't want this aired, give us one BETTER reason why they don't want this aired.
I think that if I had the chance to ask Adam Savage a question, it wouldn't be about pizza.