MythBusters RFID show cancelled

The place for what's new and going on in the tech, innovation, and science world.
Post Reply
User avatar
cemetric
Corporate Spy
Posts: 3641
Joined: Tue Dec 27, 2005 12:33 pm
Location: Paradise Corrupt

MythBusters RFID show cancelled

Post: # 119518Post cemetric
Wed Sep 03, 2008 12:05 pm

Although it's no secret that RFID is easily hacked (see: train passes, passports, credit cards, one billion other cards, etc.) it's still not necessarily common knowledge, and it sounds like the major credit card companies want to keep it that way -- according to Adam Savage, Mythbusters was all set to do a show exposing the weak security behind most RFID implementations but was shut down by lawyers from "American Express, Visa, Discover, and everybody else... [who] absolutely made it really clear to Discovery that they were not going to air this episode." Since Discovery is an ad-supported channel, it's not surprising that it backed down, but we'd say that the credit card industry would be far better served spending money on actually improving security rather than lawyering up and trying to keep consumers in the dark. Video after the break.
Link to youtube video: http://blog.wired.com/sterling/2008/08/ ... ch-my.html

Typical ... When there's money involved (pun not intended) ...This goes to show that Banks have only your best interest in tow :roll:


Image

User avatar
cemetric
Corporate Spy
Posts: 3641
Joined: Tue Dec 27, 2005 12:33 pm
Location: Paradise Corrupt

MythBusters RFID show cancelled

Post: # 119519Post cemetric
Wed Sep 03, 2008 12:05 pm

Although it's no secret that RFID is easily hacked (see: train passes, passports, credit cards, one billion other cards, etc.) it's still not necessarily common knowledge, and it sounds like the major credit card companies want to keep it that way -- according to Adam Savage, Mythbusters was all set to do a show exposing the weak security behind most RFID implementations but was shut down by lawyers from "American Express, Visa, Discover, and everybody else... [who] absolutely made it really clear to Discovery that they were not going to air this episode." Since Discovery is an ad-supported channel, it's not surprising that it backed down, but we'd say that the credit card industry would be far better served spending money on actually improving security rather than lawyering up and trying to keep consumers in the dark. Video after the break.
Link to youtube video: http://blog.wired.com/sterling/2008/08/ ... ch-my.html

Typical ... When there's money involved (pun not intended) ...This goes to show that Banks have only your best interest in tow :roll:
Image

User avatar
dinowuff
I've posted HOW many
Posts: 5330
Joined: Sun Dec 25, 2005 11:26 pm
Are you a Spammer: No
Location: galactic longitude 359° 56′ 39.4″, galactic latitude −0° 2′ 46.2″
Contact:

Re: MythBusters RFID show cancelled

Post: # 119486Post dinowuff
Wed Sep 03, 2008 7:06 pm

Not common knowledge?

Google hacking RFID for such uncommon knowledge :roll:
Image
No lusers were harmed in the creation of this Taz Zone Post.
AND I WANT TO KNOW WHY NOT!
09:F9:11:02:9D:74:E3:5B:D8:41:56:C5:63:56:88:C0

User avatar
dinowuff
I've posted HOW many
Posts: 5330
Joined: Sun Dec 25, 2005 11:26 pm
Are you a Spammer: No
Location: galactic longitude 359° 56′ 39.4″, galactic latitude −0° 2′ 46.2″
Contact:

Re: MythBusters RFID show cancelled

Post: # 119487Post dinowuff
Wed Sep 03, 2008 7:06 pm

Not common knowledge?

Google hacking RFID for such uncommon knowledge :roll:
Image
No lusers were harmed in the creation of this Taz Zone Post.
AND I WANT TO KNOW WHY NOT!
09:F9:11:02:9D:74:E3:5B:D8:41:56:C5:63:56:88:C0

User avatar
Morganlefay
I've posted HOW many
Posts: 3718
Joined: Sun Jan 08, 2006 7:36 am
Are you a Spammer: No
Location: Avalon Canada

Re: MythBusters RFID show cancelled

Post: # 119470Post Morganlefay
Wed Sep 03, 2008 8:01 pm

Looks like there is some back peddling going on

http://news.cnet.com/8301-13772_3-10031 ... 47-1_3-0-5

amazing how much power corporations have

MLF
A computer once beat me at chess, but it was no match for me at kickboxing.

User avatar
Morganlefay
I've posted HOW many
Posts: 3718
Joined: Sun Jan 08, 2006 7:36 am
Are you a Spammer: No
Location: Avalon Canada

Re: MythBusters RFID show cancelled

Post: # 119468Post Morganlefay
Wed Sep 03, 2008 8:06 pm

This is interesting

http://www.youtube.com/watch?v=vmajlKJlT3U&NR=1

amongst many others....too many to count really

:roll:


MLF
A computer once beat me at chess, but it was no match for me at kickboxing.

User avatar
Kwiep
Field Marshal Von Uber Tazmaniac
Posts: 1093
Joined: Wed Dec 28, 2005 2:43 pm
Location: The Netherlands

Re: MythBusters RFID show cancelled

Post: # 119461Post Kwiep
Thu Sep 04, 2008 12:17 am

Stupid thing is, I actually walk arround with a bunch of cards that have rfid chips in em and whilst knowing they're not secure, still do anyway. Apparently I don't care, and it just has to go terribly wrong some time to make me and everybody else aware if that.

I'm not sure on the precise scope of rfid chips, but in the dutch ID card there's a chip embedded in the card. And since it has no connectors I can only assume it's ment to be read "through the air" and as far as my definition goes, it quailifies as rfid. With all the critisism recently I'm quite sure these chips just can't be secure yet. If some device can with minimal error read the chip from, say, 10 cm (what's that, ~4 inches), it can also read it from 1 metre, altough possibly with some adjusted parameters and a higher error rate. I don't know much about the specifics of RFID chips, but I do know some bit about electromagnetic fields, background (white) noise, filters and signal processing; and therefor I know limiting (or extending for that mather) the range of some antenna like device is never exact and is influenced by so many factors I will never believe someone who says 10 cm is the dead distance. Antenna's don't roll like that.

And when you have the raw data, cracking it is semantics. They said bruteforcing an MD5 hash would take a few hundred years, but apparently finding weaknesses in the algorythm only took five. Crypthographics isn't about making the key a hard as possible to crack, it's about making the algorithm last long enough to make it possible to implement a successor.

edit: fixed some typo's/grammaro's, had a little drink so there might be plenty more
Double Dutch

User avatar
rapier57
I've posted HOW many
Posts: 3127
Joined: Thu Mar 02, 2006 10:43 pm
Are you a Spammer: No
Location: Spokane, WA USA
Contact:

Re: MythBusters RFID show cancelled

Post: # 119456Post rapier57
Thu Sep 04, 2008 6:27 am

OK. This story about RFID has been brewing for some time. Of course, the corporate hired guns are going to make threats and intimidate the researcher or anyone who will question the veracity, security or functionality of the RFID technology. C'mon, the largest retailer in the US forced the RFID technology on every producer and manufacturer of goods--all under threat of losing that retailer's business. MalWart. Thus, an immature, unsecure, questionable technology is forced into general acceptance without adequate research or testing.

So, now we have this technology applied across more of our day-to-day functions: access security, fare cards, credit and debit cards, driver licenses and (God help us) passports.

Questions about the security of the devices and their application are quickly quashed with threats of litigation. Those with an interest in preserving the perception that the devices have adequate security deployed armies of attorneys and henchmen who are highly mobile and surely expensive. Much more expensive than just fixing the damned technology in the first place. But, as it turns out, we've invested too much into the technological infrastructure around this flaky technology. So, defending stupidity and gagging critics seems to be the most effective method of self preservation.

Case in point: IOActive a couple years ago was threatened with legal action if they presented their research at BlackHat/DefCon on how simple it was, with easily obtained electronics, to clone the HID RFID-based security access cards and replay them. The premise of the threat was that the presentation would reveal trade secrets and violate patents. Yeah, right. Basically, IOActive had to cave to the pressure because they didn't have the deep pockets required to defend themselves against this kind of frivolous lawsuit.

The recent case in The Netherlands was a great relief, but then a court in the US pushed us right back to square one.

This recent pressure to quash a TV episode on MythBusters (one of the all time great TV shows, BTW), is another example of the industry heavily invested in this flaky tech protecting itself. After all, security is all about secrets, right? That is how HID views it, anyway.

Washington State recently adopted an RFID-based driver license that we are supposed to be able to use in place of passports to cross the border into Canada (sad that we must now have passports to visit friends and family in Canada). We have been repeatedly assured that the RFID will not contain anything more than a specific code that will refer back to a database somewhere in Olympia, WA with all the data in it. This makes the device secure, since the data doesn't reside in the device, but in a database elsewhere. And, we are also assured that database can't be hacked.

Right.

Then there are the idiots who are implanting RFID chips in their bodies. These chips hold the person's complete medical file. That is just nuts.
Rapier57.

Jayne: Testing. Testing. Captain, can you hear me?
Mal: I'm standing right here.
Jayne: You're coming through good and loud.
Mal: 'Cause I'm standing right here.


@rapier57

User avatar
Aspman
Frustrated Mad Scientist
Posts: 8868
Joined: Mon Jan 09, 2006 10:07 am
Location: Scotland

Re: MythBusters RFID show cancelled

Post: # 119447Post Aspman
Thu Sep 04, 2008 11:30 am

All your waves are belong to us
"Man will never be free until the last king is strangled with the entrails of the last priest."
- Denis Diderot (1713-1784)

Post Reply