backtop


Print 26 comment(s) - last by Motoman.. on Sep 5 at 5:01 PM

Lawyers step in with the smack down

How easy is it to hack an RFID passport? Just how much knowledge is required to screw around with RFID-enabled credit cards or fare systems? The subject has received a lot of attention lately, what with Dutch and Bostonian researchers hitching free subway rides, and it appears the latest casualty in the resulting legal battle is the hit science show Mythbusters.

According to show co-host Adam Savage, speaking in a panel at hacker convention HOPE, the show’s production crew was virtually bound and gagged by a phalanx of credit card companies after they caught wind of an upcoming episode featuring the tech and just how easy it is to hack.

At the time, the episode was early in production, and it appears that at some point a researcher from the production crew contacted chipmaker Texas Instruments for assistance. TI and Mythbusters agreed to a conference call to discuss the technology involved, and upon meeting via telephone it became clear that instead of answers, the representatives from TI brought along a team of lawyers:

“I’m not sure how much of this story I’m allowed to tell,” he says nervously. “Texas Instruments comes on along with chief legal counsel for American Express, Visa, Discover, and everybody else...”

At this point, the audience lets out a muted laughter. “[Our team was] way, way outgunned and they absolutely made it really clear to [show owner] Discovery that they were not going to air this episode talking about how hackable [RFID] was, and Discovery backed way down being a large corporation that depends upon the revenue of the advertisers. Now it's on Discovery's radar and they won't let us go near it.”

The funny thing, I think, is that credit card companies have had a relatively easy time as far as public scrutiny goes. While there are indeed RFID chips embedded in some credit cards, as far as I’ve seen it really isn’t too common; indeed the push towards RFID-powered plastic money hasn’t gathered nearly as much attention as, say, RFID-powered passports and subway tickets.

Hackers, many of whom aren’t the type to let something like this slide, could change that very soon.

But why credit card lawyers? Are we about to see a wave of contact-free credit cards? (Judging by those insipid Life Takes Visa commercials, I consider it highly likely.) Or perhaps they appeared on behalf of retailers – many of which use RFID for inventory tracking purposes now, championed by Wal-Mart – and wanted to stave off a criminal revolution of sorts. (As if crooks don’t already have access to this information…)

Whatever the reasons, the sheer amount of lawyers involved with the technology is a clear indication that RFID is here to stay – flawed or not.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

To paraphrase Mr. Hyneman
By Chris Peredun on 9/2/2008 8:20:59 AM , Rating: 5
quote:
Whatever the reasons, the sheer amount of lawyers involved with the technology is a clear indication that RFID is here to stay – flawed or not.

"Well there's your problem!"

I predict a significant increase in the number of "How to hack RFID" videos springing up on YouTube. Despite the "Don't try this at home" disclaimer, the mention that the Mythbusters were going to take this one on and weren't allowed should gather enough attention.

And I recall it being mentioned as an aside in an earlier episode involving RFID tags (I think it was the "RFID + MRI = Explosion?" myth) that they wanted to do more experiments with RFID credit cards, passports, etc, but "we're probably on enough government watch lists already."




RE: To paraphrase Mr. Hyneman
By Bender 123 on 9/2/2008 9:50:07 AM , Rating: 5
Wouldn't the more intelligent thing for a credit card company (based on the business of selling trust over your finances...), be to box up the lawyers and call your R&D tech staff in charge of deploying RFID to work WITH these folks?

What a fantastic marketing point to say we have worked with professional hackers to make your wireless credit card the most secure device in the industry!

Stupid business people never seem to understand the risks of tech...


RE: To paraphrase Mr. Hyneman
By Flunk on 9/2/2008 11:19:14 AM , Rating: 3
It does seem completely ridiculous to bury your head in the sand and shout "la la la" when someone tries to show you how flawed your technology is. They are just opening themselves for bigger lawsuits in the future. Big business tends to be short-sighted but this is really stupid.


RE: To paraphrase Mr. Hyneman
By porkpie on 9/3/2008 11:53:15 PM , Rating: 2
I'm sure they're working on the problem internally. They just want to shut people up long enough to solve the problem.


RE: To paraphrase Mr. Hyneman
By Motoman on 9/5/2008 5:01:28 PM , Rating: 3
...$100 on the "head in sand" option rather than the "we're working on it" option.


RE: To paraphrase Mr. Hyneman
By mmntech on 9/2/2008 2:58:12 PM , Rating: 2
That costs money. lol

I think somebody needs to "accidentally" release the episode on Youtube.


By PhoenixKnight on 9/5/2008 1:29:43 PM , Rating: 2
Exactly, because we all know that paying R&D people costs a lot more than paying high-priced lawyers.


RE: To paraphrase Mr. Hyneman
By idconstruct on 9/4/2008 10:36:38 AM , Rating: 2
i would hardly call the mythbusters professional-anything... except maybe actors


RE: To paraphrase Mr. Hyneman
By TomCorelis on 9/2/2008 2:58:00 PM , Rating: 3
I agree that a Mythbuster special is a good indicator of RFID's easy hackability, but I find the lawyers to be a much better indicator of the sheer financial weight being thrown behind the tech.


RE: To paraphrase Mr. Hyneman
By maverick85wd on 9/2/2008 3:30:53 PM , Rating: 2
I don't see how train systems and the like would matter too much considering it's just transportation... but why would they still be considering it for credit cards and passports?

One thing people never seem to realize is that, no matter how secure you make it, if the incentive is there someone will find a way to manipulate the system. RFIDs are apparently no exception... and they aren't even as widely used yet as they will be, or were going to be. Obviously this system was flawed from the beginning. When I first heard about it, I assumed security features would be built in considering they were to be put in passports - I was honestly quite baffled and confused to learn they had made it as easy as it is to hack.

I can understand why these companies are so upset to find out the all wonderful technology they were planning to utilize in up and coming systems is quite vulnerable... but why try to hide it? Anyone that pays attention to the tech world already knows.


RE: To paraphrase Mr. Hyneman
By TomCorelis on 9/2/2008 4:37:11 PM , Rating: 4
Well, just because the tech world knows about this stuff doesn't mean the general populace does. My non-tech friends would be easily wooed by the concept of merely waving around your wallet to make a credit card transaction, for example. I went skiing earlier this year and the lift system at the slopes uses RFID to open its turnstyles. "That's pretty cool," they said.

This is why Mythbusters might be so important ... Mythbusters has mainstream appeal: pop science at its best. If Mythbusters says its true, then I'd surmise that there's a good chance that the mainstream world will quickly be repeating what they say soon thereafter -- because Adam Savage says so.

Right now any of the "fears" of this "newfangled wireless card stuff" are more or less blind speculation... once you put a face, or a methodology, to that speculation, you might find public openness towards it begins to dwindle. Which, of course, goes back to the whole 'our super duper expensive rfid R&D is broken!!' response from the companies with a financial stake in it.


By maverick85wd on 9/2/2008 6:18:29 PM , Rating: 2
I can agree with all of that; what I'm saying is that their response is pretty jacked. Instead of finding a way to make it work securely or finding an alternative to the existing system, they want to hide and pretend like nothing is wrong. It's like putting money into a new material to build houses with and then finding out their new material is toxic... and then trying to keep it quiet so they can still build houses and make their money. What happens when the shit storm really hits the fan? It's another example of what happens when corporations allow themselves to be blinded to reality. Obviously a company's sole purpose is to make money and they want their investment back. I can agree, and even sympathize with that... but building a system, especially one as sensitive as a credit card system, on technology that's constantly being exploited is, in my opinion, criminal.

My point, as far as a lot of people in the tech world knowing about it, is that it's not uncommon knowledge. Dailytech isn't exactly an unpopular website and I've also seen it mentioned on engadget and that's without looking. While your non-tech friends may be easily impressed with wireless money transfers and such (as are mine, and I'll admit I think it's a cool idea), they also have you there to tell them it's unsecure and thus not a good idea for sensitive information to be put on RFIDs

I think you have a great point when it comes to Mybusters. It's just too bad corporate America is being allowed to censor the findings of researchers (hackers do research!) that found a serious vulnerability. Apparently, freedom of speech only lasts until too much money is involved.


By lukasbradley on 9/2/2008 5:14:20 PM , Rating: 2
Nice reference, by the way.


In one word...
By Justin Case on 9/2/2008 8:50:19 AM , Rating: 3
Streisand Effect.

Okay, that's two words.




RE: In one word...
By JasonMick (blog) on 9/2/2008 9:02:58 AM , Rating: 2
Singer: Bar-bura, Bar-bura… [she crushes the sushi bar with her foot]
…kirai no hito.
....
Singer: Ultura Lenardu Marutin! [as Leonard Maltin transforms]
...
Singer: Megara Poatia, Megara Poatia, sokuroi da ne. Megara Poatia, Megara Poatia-

Chef: [annoyed] Is that really necessary?


RE: In one word...
By therealnickdanger on 9/2/2008 10:35:12 AM , Rating: 2
LMFAO

ULTURA-MEKKA-BARBURAH-STREIZANDA!


RE: In one word...
By FITCamaro on 9/2/2008 12:14:29 PM , Rating: 2
Lost here....this something from South Park? Might have missed one.


RE: In one word...
By Bender 123 on 9/2/2008 12:48:55 PM , Rating: 2
Google is your friend...except when they are trying to invade on your privacy...

http://en.wikipedia.org/wiki/Streisand_Effect


RE: In one word...
By therealnickdanger on 9/2/2008 2:21:26 PM , Rating: 2
Yeah, it's sorta like the Chewbacca Defense.


RE: In one word...
By Bender 123 on 9/2/2008 2:37:47 PM , Rating: 2
Why would Chewbacca, a seven foot tall Wookie from Kyshyyk, want to live with a group of three foot tall Ewoks? It does not make sense...just like prosecuting my client.


RE: In one word...
By Spivonious on 9/2/2008 5:13:59 PM , Rating: 2
Kashyyyk...gosh, get it right! lol


Flawed by design
By BAFrayd on 9/2/2008 7:48:54 PM , Rating: 2
Maybe RFID is "flawed" by design...

http://www.spychips.com/




RE: Flawed by design
By Flunk on 9/2/2008 9:31:24 PM , Rating: 2
I think you're just buying in to consipiracy theories. If the government really wanted to keep better tabs on you they could design a much better system. What's the point in deploying a spy system that is so easy for criminals and other countries to hack into. It just doesn't make sense.

Just like Chewbacca...


RE: Flawed by design
By MrJustin5 on 9/4/2008 5:11:32 AM , Rating: 1
I find it particularly disturbing that this article, among MANY others such as Time Magazine all declare that RFID is here to stay. That there is NO pulling it back. Whats the DailyTechs excuse as it why its here to stay? The sheer number of lawyers behind it?

It is to implant you with the idea that RFID will NEVER go away and you MUST accept it. YOU MUST accept that information about you person, your fingerprints, biometric data, personal information, Social Security Number all can be stored on such devices in the future and will be used to TRACK YOU WHEREVER YOU GO and serve as a substitute for a credit card when its in your body... totally engaging you in a CASHLESS SOCIETY.

1984 is here, its just about 20 years late.

You notice that Government officials, such as Homeland Security (in Nazi Germany they called it FATHERLAND SECURITY) loses a laptop with say, 50,000 names and addresses in it? Along with social security numbers and plenty of other information that can be used for Identity Theft?

RESEARCH THIS: The government has been caught many times, such as FBI, Homeland Security, etc. stealing and then SELLING the information or DIRECTLY COMMITTING IDENTITY THEFT to steal money. But you might say: "Doesn't the government get enough of my money? Why would they do this? You're a kook!" I respond: RESEARCH IT!

There is a global plan to push RFID chips into everyone and everything, including USA, Europe, Canada, etc. Don't believe me!

RESEARCH IT! You'll notice every mainstream article about RFID all declare ITS HERE TO STAY. And even PC magazine has an article on how to "RFID CHIP YOURSELF" in your arm! "Its here to stay."

THE MOST EFFECTIVE AND SIMPLISTIC FORM OF BRAINWASHING IS: REPETITION.

Say after me: "RFID IS HERE TO STAY. RFID IS HERE TO STAY. RFID IS HERE TO STAY."

There is a HUGE reason why RFID Mythbusters isn't going to air. The REASON why they're pressured so badly not to air it is because #1: RFID is so "hackable" and can easily violate your privacy and make it even easier for someone to do identity theft.

#2: THEY WANT EVERY PERSON IN THE USA, EUROPE, CANADA, ETC. TO HAVE AN RFID CHIP IN THEIR BODY FOR A CASHLESS, TRACK YOU WHEREVER YOU GO SOCIETY.

BEFORE YOU BASH ME!!! I REPEAT: BEFORE YOU RESPOND AND BASH ME.

GO TO GOOGLE.COM AND RESEARCH: "INFOWARS.COM RFID" that's ALL you need to type and read a few articles! Its all RESEARCHED AND FACTUAL. ITs all accredited press!

I AM NOT A "CONSPIRACY THEORIST"

YOU ARE A "COINCIDENCE THEORIST"

x Justin


Buncha morons behind RFID
By Darkk on 9/4/2008 10:15:42 PM , Rating: 2
It's sad to know this been known issue for over TWO years now and Mythbusters proved this still being the case.

If my credit card company sends me a new card with RFID I'd call them up to request a new card without it or simply close the account.

I think by doing that will send a message to the credit card companies to say we know about the problems with RFID and have Mythbusters try it again to see if it's STILL hackable.

Until then my cards will be RFID free.




Fraud
By Siki on 9/5/2008 3:45:55 PM , Rating: 2
The credit card companies pay out billions of dollars each year to fraudulent charges. I don't see why they would want to use a technology that has been proven to be easily hackable if it raises the potential for more credit fraud. They do make obscene amounts of money off their customers though, so maybe they don't really care.




"If you can find a PS3 anywhere in North America that's been on shelves for more than five minutes, I'll give you 1,200 bucks for it." -- SCEA President Jack Tretton

















botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki