Print 26 comment(s) - last by Motoman.. on Sep 5 at 5:01 PM

Lawyers step in with the smack down

How easy is it to hack an RFID passport? Just how much knowledge is required to screw around with RFID-enabled credit cards or fare systems? The subject has received a lot of attention lately, what with Dutch and Bostonian researchers hitching free subway rides, and it appears the latest casualty in the resulting legal battle is the hit science show Mythbusters.

According to show co-host Adam Savage, speaking in a panel at hacker convention HOPE, the show’s production crew was virtually bound and gagged by a phalanx of credit card companies after they caught wind of an upcoming episode featuring the tech and just how easy it is to hack.

At the time, the episode was early in production, and it appears that at some point a researcher from the production crew contacted chipmaker Texas Instruments for assistance. TI and Mythbusters agreed to a conference call to discuss the technology involved, and upon meeting via telephone it became clear that instead of answers, the representatives from TI brought along a team of lawyers:

“I’m not sure how much of this story I’m allowed to tell,” he says nervously. “Texas Instruments comes on along with chief legal counsel for American Express, Visa, Discover, and everybody else...”

At this point, the audience lets out a muted laughter. “[Our team was] way, way outgunned and they absolutely made it really clear to [show owner] Discovery that they were not going to air this episode talking about how hackable [RFID] was, and Discovery backed way down being a large corporation that depends upon the revenue of the advertisers. Now it's on Discovery's radar and they won't let us go near it.”

The funny thing, I think, is that credit card companies have had a relatively easy time as far as public scrutiny goes. While there are indeed RFID chips embedded in some credit cards, as far as I’ve seen it really isn’t too common; indeed the push towards RFID-powered plastic money hasn’t gathered nearly as much attention as, say, RFID-powered passports and subway tickets.

Hackers, many of whom aren’t the type to let something like this slide, could change that very soon.

But why credit card lawyers? Are we about to see a wave of contact-free credit cards? (Judging by those insipid Life Takes Visa commercials, I consider it highly likely.) Or perhaps they appeared on behalf of retailers – many of which use RFID for inventory tracking purposes now, championed by Wal-Mart – and wanted to stave off a criminal revolution of sorts. (As if crooks don’t already have access to this information…)

Whatever the reasons, the sheer amount of lawyers involved with the technology is a clear indication that RFID is here to stay – flawed or not.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By maverick85wd on 9/2/2008 6:18:29 PM , Rating: 2
I can agree with all of that; what I'm saying is that their response is pretty jacked. Instead of finding a way to make it work securely or finding an alternative to the existing system, they want to hide and pretend like nothing is wrong. It's like putting money into a new material to build houses with and then finding out their new material is toxic... and then trying to keep it quiet so they can still build houses and make their money. What happens when the shit storm really hits the fan? It's another example of what happens when corporations allow themselves to be blinded to reality. Obviously a company's sole purpose is to make money and they want their investment back. I can agree, and even sympathize with that... but building a system, especially one as sensitive as a credit card system, on technology that's constantly being exploited is, in my opinion, criminal.

My point, as far as a lot of people in the tech world knowing about it, is that it's not uncommon knowledge. Dailytech isn't exactly an unpopular website and I've also seen it mentioned on engadget and that's without looking. While your non-tech friends may be easily impressed with wireless money transfers and such (as are mine, and I'll admit I think it's a cool idea), they also have you there to tell them it's unsecure and thus not a good idea for sensitive information to be put on RFIDs

I think you have a great point when it comes to Mybusters. It's just too bad corporate America is being allowed to censor the findings of researchers (hackers do research!) that found a serious vulnerability. Apparently, freedom of speech only lasts until too much money is involved.

"Nowadays you can buy a CPU cheaper than the CPU fan." -- Unnamed AMD executive

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki