Print 26 comment(s) - last by Motoman.. on Sep 5 at 5:01 PM

Lawyers step in with the smack down

How easy is it to hack an RFID passport? Just how much knowledge is required to screw around with RFID-enabled credit cards or fare systems? The subject has received a lot of attention lately, what with Dutch and Bostonian researchers hitching free subway rides, and it appears the latest casualty in the resulting legal battle is the hit science show Mythbusters.

According to show co-host Adam Savage, speaking in a panel at hacker convention HOPE, the show’s production crew was virtually bound and gagged by a phalanx of credit card companies after they caught wind of an upcoming episode featuring the tech and just how easy it is to hack.

At the time, the episode was early in production, and it appears that at some point a researcher from the production crew contacted chipmaker Texas Instruments for assistance. TI and Mythbusters agreed to a conference call to discuss the technology involved, and upon meeting via telephone it became clear that instead of answers, the representatives from TI brought along a team of lawyers:

“I’m not sure how much of this story I’m allowed to tell,” he says nervously. “Texas Instruments comes on along with chief legal counsel for American Express, Visa, Discover, and everybody else...”

At this point, the audience lets out a muted laughter. “[Our team was] way, way outgunned and they absolutely made it really clear to [show owner] Discovery that they were not going to air this episode talking about how hackable [RFID] was, and Discovery backed way down being a large corporation that depends upon the revenue of the advertisers. Now it's on Discovery's radar and they won't let us go near it.”

The funny thing, I think, is that credit card companies have had a relatively easy time as far as public scrutiny goes. While there are indeed RFID chips embedded in some credit cards, as far as I’ve seen it really isn’t too common; indeed the push towards RFID-powered plastic money hasn’t gathered nearly as much attention as, say, RFID-powered passports and subway tickets.

Hackers, many of whom aren’t the type to let something like this slide, could change that very soon.

But why credit card lawyers? Are we about to see a wave of contact-free credit cards? (Judging by those insipid Life Takes Visa commercials, I consider it highly likely.) Or perhaps they appeared on behalf of retailers – many of which use RFID for inventory tracking purposes now, championed by Wal-Mart – and wanted to stave off a criminal revolution of sorts. (As if crooks don’t already have access to this information…)

Whatever the reasons, the sheer amount of lawyers involved with the technology is a clear indication that RFID is here to stay – flawed or not.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: To paraphrase Mr. Hyneman
By maverick85wd on 9/2/2008 3:30:53 PM , Rating: 2
I don't see how train systems and the like would matter too much considering it's just transportation... but why would they still be considering it for credit cards and passports?

One thing people never seem to realize is that, no matter how secure you make it, if the incentive is there someone will find a way to manipulate the system. RFIDs are apparently no exception... and they aren't even as widely used yet as they will be, or were going to be. Obviously this system was flawed from the beginning. When I first heard about it, I assumed security features would be built in considering they were to be put in passports - I was honestly quite baffled and confused to learn they had made it as easy as it is to hack.

I can understand why these companies are so upset to find out the all wonderful technology they were planning to utilize in up and coming systems is quite vulnerable... but why try to hide it? Anyone that pays attention to the tech world already knows.

RE: To paraphrase Mr. Hyneman
By TomCorelis on 9/2/2008 4:37:11 PM , Rating: 4
Well, just because the tech world knows about this stuff doesn't mean the general populace does. My non-tech friends would be easily wooed by the concept of merely waving around your wallet to make a credit card transaction, for example. I went skiing earlier this year and the lift system at the slopes uses RFID to open its turnstyles. "That's pretty cool," they said.

This is why Mythbusters might be so important ... Mythbusters has mainstream appeal: pop science at its best. If Mythbusters says its true, then I'd surmise that there's a good chance that the mainstream world will quickly be repeating what they say soon thereafter -- because Adam Savage says so.

Right now any of the "fears" of this "newfangled wireless card stuff" are more or less blind speculation... once you put a face, or a methodology, to that speculation, you might find public openness towards it begins to dwindle. Which, of course, goes back to the whole 'our super duper expensive rfid R&D is broken!!' response from the companies with a financial stake in it.

By maverick85wd on 9/2/2008 6:18:29 PM , Rating: 2
I can agree with all of that; what I'm saying is that their response is pretty jacked. Instead of finding a way to make it work securely or finding an alternative to the existing system, they want to hide and pretend like nothing is wrong. It's like putting money into a new material to build houses with and then finding out their new material is toxic... and then trying to keep it quiet so they can still build houses and make their money. What happens when the shit storm really hits the fan? It's another example of what happens when corporations allow themselves to be blinded to reality. Obviously a company's sole purpose is to make money and they want their investment back. I can agree, and even sympathize with that... but building a system, especially one as sensitive as a credit card system, on technology that's constantly being exploited is, in my opinion, criminal.

My point, as far as a lot of people in the tech world knowing about it, is that it's not uncommon knowledge. Dailytech isn't exactly an unpopular website and I've also seen it mentioned on engadget and that's without looking. While your non-tech friends may be easily impressed with wireless money transfers and such (as are mine, and I'll admit I think it's a cool idea), they also have you there to tell them it's unsecure and thus not a good idea for sensitive information to be put on RFIDs

I think you have a great point when it comes to Mybusters. It's just too bad corporate America is being allowed to censor the findings of researchers (hackers do research!) that found a serious vulnerability. Apparently, freedom of speech only lasts until too much money is involved.

"I mean, if you wanna break down someone's door, why don't you start with AT&T, for God sakes? They make your amazing phone unusable as a phone!" -- Jon Stewart on Apple and the iPhone

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki