How easy is it to hack an RFID passport? Just how much knowledge is required to screw around with RFID-enabled credit cards or fare systems? The subject has received a lot of attention lately, what with Dutch and Bostonian researchers hitching free subway rides, and it appears the latest casualty in the resulting legal battle is the hit science show Mythbusters.
According to show co-host Adam Savage, speaking in a panel at hacker convention HOPE, the show’s production crew was virtually bound and gagged by a phalanx of credit card companies after they caught wind of an upcoming episode featuring the tech and just how easy it is to hack.
At the time, the episode was early in production, and it appears that at some point a researcher from the production crew contacted chipmaker Texas Instruments for assistance. TI and Mythbusters agreed to a conference call to discuss the technology involved, and upon meeting via telephone it became clear that instead of answers, the representatives from TI brought along a team of lawyers:
“I’m not sure how much of this story I’m allowed to tell,” he says nervously. “Texas Instruments comes on along with chief legal counsel for American Express, Visa, Discover, and everybody else...”
At this point, the audience lets out a muted laughter. “[Our team was] way, way outgunned and they absolutely made it really clear to [show owner] Discovery that they were not going to air this episode talking about how hackable [RFID] was, and Discovery backed way down being a large corporation that depends upon the revenue of the advertisers. Now it's on Discovery's radar and they won't let us go near it.”
The funny thing, I think, is that credit card companies have had a relatively easy time as far as public scrutiny goes. While there are indeed RFID chips embedded in some credit cards, as far as I’ve seen it really isn’t too common; indeed the push towards RFID-powered plastic money hasn’t gathered nearly as much attention as, say, RFID-powered passports and subway tickets.
Hackers, many of whom aren’t the type to let something like this slide, could change that very soon.
But why credit card lawyers? Are we about to see a wave of contact-free credit cards? (Judging by those insipid Life Takes Visa commercials, I consider it highly likely.) Or perhaps they appeared on behalf of retailers – many of which use RFID for inventory tracking purposes now, championed by Wal-Mart – and wanted to stave off a criminal revolution of sorts. (As if crooks don’t already have access to this information…)
Whatever the reasons, the sheer amount of lawyers involved with the technology is a clear indication that RFID is here to stay – flawed or not.
quote: Whatever the reasons, the sheer amount of lawyers involved with the technology is a clear indication that RFID is here to stay – flawed or not.