back to article Mythbusters RFID episode axed after 'pressure' from credit card firms

Update: Since we published this story MythBusters host Adam Savage has backtracked on claims that Discovery Channel caved into commercial pressure in canceling a planned show on RFID technology. See new story here. Discovery Channel prevented the exploration of RFID security by Mythbusters, the popular science television show, …

COMMENTS

This topic is closed for new posts.
  1. Brian Milner

    Damn the security ...

    Think of the profits!!

    I'm reminded of this quote from Robocop:

    Dick Jones: "I had a guarantee military sale with ED 209. Renovation program. Spare parts for 25 years. Who cares if it worked or not?"

  2. Anon Koward
    Black Helicopters

    YouTube Clip

    It looks like it has been pulled too, ahh bless that silly American legal system in action again..

    A cynic may point out that America is actually governed not by a government dictatorship but more so by a legal dictatorship.

  3. Fab De Marco

    @Brian

    Good Quote. The Texas Instruments Lawyers may have also used a Robocop quote when addressing the Discovery Chanel People

    "Bitches Leave"

  4. J
    Thumb Down

    Security through obscurity

    Sure, it will work as well as it always does... Ban the information, great idea. Not.

  5. censored

    Which is why....

    any RFID passport or credit card I'm forced to have will accidentally be placed in a cloth bag and hit several times with a mallet.

  6. Bryce Prewitt
    Thumb Down

    Threatening with loss of advertising...

    Is just about the only thing these twats have at the moment. Academic presentations on RFID will almost always be protected by the courts, so when a TV show decides to address the matter, they're of course going to target the pocket-books of the corporation that funds the program. How else can they prevent the information from getting out? Discovery would win every time in court with their legal team, but they can't sue the advertisers for pulling out...

    Also, the lot of boos thrown at Smash Lab were hilarious! So was Savage's reaction. That show is awful. The hosts are brainless and lack personality. It's almost as if all Discovery took away from the Mythbusters' success were explosions and fratboy humor; nevermind the fact that the explosions are almost always the result of Adam and Jamie's big brains a turnin' and the humor of the second team is the result of genuine youthful enthusiasm for science. Smash Lab gets it all so very wrong...

  7. jake Silver badge

    Security through obscurity ...

    Yeah, that works.

    Ask Microsoft or Oracle or Diebold or Cisco.

    --

    many eyes make all bugs shallow

    --LT

  8. David Hicks
    Thumb Up

    So as usual...

    ... the blackhats will work it out and abuse it, whilst those that seek to bring legitimate security concerns to the public are silenced.

    Hurrah for lawyers!

  9. Anonymous Coward
    Anonymous Coward

    As I Recall on One Episode...

    ...of MB, they tested a door lock w/ fingerprint scanner. The device claimed to use very sophisticated technology/techniques to determine whether a human finger is actually being used (measures finger temperature, perspiration, etc). The result? EPIC FAIL! Not only was the device fooled by a latex fingerprint, but was also fooled by a simple photocopy/print-out (on paper) of a fingerprint!

    Ofcourse, that was just a single device from a single manufaturer, but can anyone else guess how big of an epic fail it would/could be if RFID's security is scrutinized?

    I hope they get to do this episode w/o pressure from industry.

  10. Vendicar Decarian

    No wonder American Fascists are so Ignroant.

    I am reminded that corporations will engage in any and every evil that is tollerated by the public in persuit of money. Keeping the consumer ignorant is therefore Job #1.

  11. David

    errrr

    Walks past

    glances left

    turns head back to face forward, takes a bite of chicken

    keeps walking as there is obviously nothing to see here.

    good chicken though :D

  12. Sergie Kaponitovicz
    Black Helicopters

    This is big

    UK.GOV is ramming National ID Cards and RFID Passports down our throats as part of the War on Terror as designed by Bush and subscribed to by Bliar (that not misspelled).

    Rather than accepting the privilege of paying double-plus for a passport, and another wedge for an ID card, it may well be that The Mythbusters are able to lend more to No2ID's campaign against this lunatic central government initiative than any other research programme.

    Inevitably UK commercial channels will also bend under pressure from TI and the CC companies, so it's down to the BBC.

    What a golden opportunity the BBC now has to prove that it is not a lapdog of Governments, is truly independent, and worthy of the respect it enjoyed a couple of decades ago as an impartial investigator of the real truth.

    I am not a licenced bookmaker. If I was I'd lay 10/1 on the Beeb not running with this. Call me Mr Cynical ......

  13. Anonymous Coward
    Unhappy

    I reject your reality and substitute my own

    This is a bad outcome. I so wanted to see buster blown up by a stick of dynamite when they try to see how explosion-proof smart cards are.

  14. Anonymous Coward
    Anonymous Coward

    Hmm

    No offense meant to Mr. Hyneman and Mr. Savich (god bless them with his noodley appendages) but they aren't programmers really and if something seems easy to them then I am worried. On the other hand if it is easy then we will all be finding out the hard way soon enough. Just let it drop and let the people burn no use trying to forewarn anyone what good would it do.

  15. Matthew Speed

    How sad

    So now instead of people knowing how unsafe this technology is so they can demand it be made better, the masses will be left unaware and at the mercy of the people smart enough to figure this out anyway.

  16. Joe K

    Best show ever

    I love Mythbusters, though it didn't sound like a very exciting myth anyway.

    How come no-one stopped that one where they completely busted the claims of an "completely uncrackable, never been fooled" fingerprint lock with PHOTOCOPIES of their fingerprints?

    http://www.youtube.com/watch?v=E20lHqbWqN4

  17. LaeMi Qian
    Black Helicopters

    BUSTED

    Freedom of the press in the land of the free.

    MYTH BUSTED

  18. Anonymous Coward
    Anonymous Coward

    Security by obscurity doesn't work

    Nor does "security by threatening the people who were about to blow the whole thing open".

    So as far as I'm concerned the credit card companies can take their RFID cards and shove them. Good luck to anyone who places convenience above security, hope getting your cards pwned doesn't hurt too much.

    /Mine's the one that only has real cash money in the pockets.

  19. Mike Powers
    Paris Hilton

    But what about the PIZZA STONE?

    From the looks of that YouTube clip, something involving both pizzas and stones makes women go crazy!

  20. Pete Silver badge

    @censored

    > any RFID passport or credit card I'm forced to have will accidentally be placed in a cloth bag and hit several times with a mallet.

    That's fine - your choice and no-one forces you to have a CC or a passport.

    However, I hope you like having to use cash only - obviously you've never (yet) applied for a university place, worked for "the man" or had to prove your identity. In the future, you'll never have a foreign holiday and when the time comes, forego a driving license and becoming a "non-person" without an ID card.

    To paraphrase Ian Dury "Sometimes you have to bend with the wind. Sometimes you have to break with it, and sometimes you just have to break wind."

  21. Gordon Fecyk
    Stop

    'MythBusters' co-host backpedals on RFID kerfuffle -- C|Net

    From Adam Savage:

    "There's been a lot of talk about this RFID thing, and I have to admit that I got some of my facts wrong, as I wasn't on that story, and as I said on the video, I wasn't actually in on the call," Savage said in the statement. "Texas Instruments' account of their call with Grant and our producer is factually correct. If I went into the detail of exactly why this story didn't get filmed, it's so bizarre and convoluted that no one would believe me, but suffice to say...the decision not to continue on with the RFID story was made by our production company, Beyond Productions, and had nothing to do with Discovery, or their ad sales department."

    Blinders off, people. This was Savage overreacting, as he often does on his show for effect.

    http://news.cnet.com/8301-13772_3-10031601-52.html

  22. Roy
    Flame

    @ Gordon Fecyk

    Or maybe, just maybe some calls were made, some people didn't want bad press, some people told some other people to retract their statements, and maybe someone did.

    It certainly wouldn't be the first time.

  23. Lawrence "Dee' Holtsclaw

    Land of Hype and Glory

    Back in high school, we watched a video tape of a show titled "America: The Land of Hype and Glory" which had been aired on one of the major networks. At the beginning of the show, they had an introduction explaining how none of their advertisers wanted the show to air and so it was aired anyway without any commercials as a public service.

    The subject of the show was how products were presented in commercials so that they'd look better than they really were. The only items I really remember were breakfast cereal using glue instead of milk and hams being varnished (give me a break, this was back in the mid 70's and I've slept a few times since then).

    It's a real pity that no network is willing to do this anymore.

  24. Anonymous Coward
    Black Helicopters

    You Guys

    Oh you guys crack me up with your conspiracy theories - like the Wikipedia article that used to maintain Visa and Mastercard were actually the same company... nobody's forcing you to use RFID debit/credit cards. I can't wait until somebody cracks the security features on paper money - you'll be running for the hills then! Oh, wait....

  25. Stevie

    Yes but

    Now we'll never know what happens when a RFID is subjected to the "30 Sticks of Dynamite" phase of the test.

    Bah.

  26. Sabine Miehlbradt
    IT Angle

    Does anyone take that show serious?

    Mythbusters? The show that wanted to prove that a car door is no protection in firefights as shown in typical TV detective series?

    How they did that? By firing assault rifles from close distance at a car door and proudly claiming Myth busted when bullets made to penetrate armour at 800 meters actually did penetrate a car door at 30m. After all, military assault rifles are typically used by and against police in real life or TV. No small arms, no sir.

    Science that ain't. Cheap show fits better.

  27. Richard
    Stop

    Whatever happened to..?

    Publish and be damned?

    I know mythbusters sometimes simplifies a bit, but surely there's a principle involved whereby if they haven't done anything against the law then the knowledge is redistributable (with certain exceptions, like how to make nuclear bombs - which is a bit stupid given the widespread availabliliy of uranium from Niger ;)

    Where's the "the other side is talking utter bollocks and are plainly making this case to protect a vested interest" verdict. Why is it not cheap to get one of them?

    [Apart from the obvious "lawyers are involved" answer]

  28. Anonymous Coward
    Anonymous Coward

    @censored

    Just zap it in a microwave for a few minutes

  29. Quirkafleeg
    Thumb Up

    Re: This is big

    http://www.google.co.uk/search?hl=en&q=rfid+faraday

  30. Charles Manning

    Not really a big deal

    These technologies are not 100% secure. So what: they're still more secure than the current technologies.

    People have been forging signatures on CC transactions and cheques, forging passports, driver's licenses, etc etc since granny was a girl.

    All locks that are used to secure bikes, houses or safes are "hackable".

    RFID and similar don't have to be invulnerable, just better than current technology. "Better" does not just relate to security but also cost, convenience etc.

    So what if people can "hack" a tube ticket? They could do the same by doing a forging job on an old technology cardboard one too. Either way, forgery is illegal.

    Crims are generally lazy bastards (or they'd work for a living). All you need to do is make the effort + risk greater than the potential gains.

  31. Jims

    @Pete

    >To paraphrase Ian Dury "Sometimes you have to bend with the wind. Sometimes you have to break with it, and sometimes you just have to break wind."

    I think you missed the point of the last part of that quote, it means sometimes you have to break the wind, ie put your RFID cards in a bag and smash them with a hammer and stick two fingers up at the establishment

  32. Edward Clarke
    Black Helicopters

    Another "Youtube" demo of RFID security... or lack thereof

    This one shows a guy walking up behind a woman and scanning her AmEx card with an eight dollar RFID scanner that he got on ebay.

    http://www.youtube.com/watch?v=vmajlKJlT3U

    It captured enough data to go online and make purchases. Some of the comments say that you could never get away with this because people would get suspicious if someone waves a wand around your rear end. To which I say - put it in a briefcase or purse and scan from within a crowded bus, elevator or subway.

  33. stizzleswick
    Alert

    @everybody

    Somehow, nobody here seems to have gotten the real mess(age) here.

    @Anon Koward: The clip is there for all to see, at least from Europe. Maybe not from the Land of the Fee, I wouldn't know about that.

    The real mess is that there is truth out there which rather obviously is being prevented from being aired for purely financial reasons. OK, so that's not exactly news these days. But think of it the hard way: the companies relying most heavily on RFID obviously have no vested interest in having its security put under scrutiny.

    That's a little like an ostrich having no vested interest in viewing its surroundings, hence putting its head in the ground.

    Think on that, next time you use your credit card.

  34. M. Burns Silver badge
    Boffin

    @LaeMi Qian

    The First Amendment to the US Constitution which guarantees Freedom of Speech and Freedom of the Press, simply says that the government cannot a priori stop you from saying/printing an article/opinion/whatever about something. It does not mean that once spoken/printed, you cannot be sued by other citizens for slander, libel, etc. With Freedom comes Responsibility.

  35. Anonymous Coward
    Boffin

    RE: Land of Hype and Glory

    > The only items I really remember were breakfast cereal using glue instead of

    > milk and hams being varnished (give me a break, this was back in the mid

    > 70's and I've slept a few times since then).

    Eh, they shown this on an episode of Ripley's Believe It Or Not.

  36. Anonymous Coward
    Anonymous Coward

    Jeez!

    Jamie and Adam SHOULD do the show but behind closed doors with only the credit card companies and card manufacturers in attendance. Let them show everyone how easy it is to defraud the CC company or clone a card with only the barest of equipment. Okay, they may already know but they can at least get some ideas of how to combat the problem PROPERLY and stop resorting to burying their collective heads in the sand.

    mmmmmmm Kari ... I'd buy that for a dollar! using a fake CC of course :)

  37. Anonymous Coward
    Coat

    "The time has come," the Walrus said..

    presumably, the mythbusters show was going to cover making devices that copy and clone tags

    http://cq.cx/proxmark3.pl

    --

    hacking the encyption on tags

    http://www.ru.nl/ds/research/rfid/

    --

    and the fact that a radio based device does not magically stop transmitting after merely a few feet

    http://www.rfid-radar.com/introduc.html

    --

    Mines the one with the em shielded wallet in it

    http://www.difrwear.com/

  38. Seán

    Sickening

    I couldn't watch the clip because there seemed to be a bunch of escaped mental patients laughing and whooping completely out of sync with what was being said.

  39. Alan W. Rateliff, II
    Paris Hilton

    Couple of thoughts

    @Charles Manning, the problem is not of forgery (and there are a lot of things which violate the law but are practiced en mass on a daily basis,) it is a problem of no longer needing physical possession to commit the forgery. The fact that RFID information can be elicited and scanned from a distance greater than the small proximity security claimed by RFID proponents has been proved more than once, implicitly and explicitly. The former by way of Bluetooth eavesdropping from hundreds of yards away or WiFi connections spanning several miles, and the later by way of demonstrations showing how easily one can sit in a lobby and capture the session between a security card and the security pad.

    Physical contact such as smart-chip to reader, magnetic strip to head, or auditory/visual recognition of an object, is the only way to prevent out-of-proximity interception of credentials. Absconding with credentials would then again require physical possession and duplication of the credential objects. And, of course, even this is no guarantee of absolute security.

    But I digress. How long until this "lost episode" shows up on the P2P networks?

    Paris, for physical possession and duplication.

  40. Alan Fisher
    Black Helicopters

    Doubt if you will...

    No smoke without fire? The episode is pulled, lawyers werer involved, fuffs were kuffled, confusion reigned. No panic by certain interested parties?

    Point is that RFID is in it's infancy right now and there are plans to widen it's use considerably. Passports, id cards, prisoner tags, clothes....you've all seen the planned uses for these things....if the Mythbusters have worked it out, you can bet your ass that less honest folks with less altruistic motivations have also done so and we have a right to make an informed choice, not have it forced upon us by ignorance and bully boy tactics

  41. TeeCee Gold badge
    Stop

    @Gordon Fecyk

    Doesn't matter now, this one will run and run. The tinfoil hat boys will just say he's been leant on to produce that retraction.

    This is how most good conspiracy theories get started. Someone fairly credible says something that's complete bollocks, a conspiracy theory is formed around it and then shit loads of ever more convoluted "evidence" is produced to back up the original bullshit. Before we know it this will be a CIA plot funded by Big Oil and there will be proof that the Mythbusters are actually alien infiltrators employed by NASA to fake the Moon landings.

    Time to dig the Illuminati set out, get some mates round and beer in to get a sense of proportion methinks. Of course, the premise of Illuminati is actually real and Steve Jackson was hired by the NSA on the orders of the Bavarian Illuminati to produce it as misdirection......

  42. Anonymous Coward
    Anonymous Coward

    Wouldn't it be good....

    .... if the BBC had the cahones to air a show like this? No advertisers to worry about

  43. Andy Worth

    Myth.....

    .....Confirmed!!!

    You really can hack all of this shit quite easily, otherwise why all the fuss?

  44. Anonymous Coward
    Happy

    Ostriches

    Never put their heads in the ground, ever, never have, never likely to as they can run bloody fast

  45. Chris Hamilton
    Boffin

    Attention : Contenu Scientifique!

    I was so looking forward to seeing the lovely Kari Byron doing some ass-modelling again in order to ascertain whether RFID enabled cards are better off in a side or back pocket.

    As for Adam retracting his statement... do you not think he was maybe gently nudged by Beyond and/or Discovery? Maybe with the line "Retract your statement, or you will be replaced"? After all, he is one of the few on the show that doesn't actually work for M5I (Jamies SFX company), making him much easier to replace with a loyal drone.

    In the meantime, I will go back to some harmless obsessing about Kari.

  46. DW

    @ Sabine Miehlbradt

    - "Mythbusters? The show that wanted to prove that a car door is no protection in firefights as shown in typical TV detective series?

    How they did that? By firing assault rifles from close distance at a car door and proudly claiming Myth busted when bullets made to penetrate armour at 800 meters actually did penetrate a car door at 30m. After all, military assault rifles are typically used by and against police in real life or TV. No small arms, no sir.

    Science that ain't. Cheap show fits better."

    Assault rifles generally get used in firefights of 300 metres or less, and are designed as such.

    800m is a bit rare for a modern assault rifle.

    30m firefight in FIBUA pretty common.

    Also assault rifles are classified as "small arms".

    Maybe a cheap show but at least they do check their facts

  47. Chris

    Historical note

    Are my memory cells failing? But wasn't RFID technology developed as a stock control system?

    Could it be that the uptake hasn't met expectations, so now it's being forced into use in areas where it just isn't suited - and not doing terribly well?

  48. Anon Koward
    Thumb Up

    @stizzleswick

    How dare you imply that I live in that lawyer infested land! (No offence to those people that have no choice and were born in America :). (I am in the UK btw)

    When I went to watch the clip yesterday it kept displaying that YouTube message saying it was no longer available, I assumed they must have pulled it *shrug*, works fine for me too today.

  49. D@v3

    @ stizzleswick

    There have been no observations of Ostriches putting their heads in the sand.

    Myth Busted!!

    (but i do see your point)

  50. Stephen Gray

    @you guys by AC

    So you think getting the correct paper, inks and the relevant printing press is no more difficult than buying a PC and a scanner and surfing some forums, excellent lets put you in charge of security

  51. David Hicks
    Unhappy

    @you guys by AC

    Who cares about counterfeit money, so long as there's not too much of it? The effect of that is to slowly dilute the value of money.

    RFID allows someone to read my card details, clone them and then directly drain *my* bank account.

    Different scales of consequence. One is national and slow, the other is personal and immediate.

  52. James Anderson
    Flame

    You can read RFIDs -- duh!

    Reading between the lines they seem to have been trying to prove that you can read information on an RFID chip.

    This is not very surprising as this is what they were designed to do.

    Why do people panic and apply a totaly different set of criteria when a computer or chip is involved.

    My paper/cardboard passport is designed to be read as well, and read it has been , by immigration, check in staff, hotel receptionists, spanish supermarket checkout operatives etc. etc.

    Furthermore its very easy to obtain a copy with a photocopier -- something European hotel receptionists seem to enjoy doing.

    So whats the big deal if you can buy an RFID reader and read the data on a passports RFID chip?

    If they could alter or update the data on the chip that would be a bigger issue, although this does happen quite regularly with paper documents (but dont try this at home doctoring passports requires considerable skill and expertise!).

    Its like the fuss over MiFId chips - no one seemed bothered that any school child could forge/alter the tickets when they were bits of paper -- but suddenly it was an issue when Phd students with access to specialist equipment could forge/alter the electronic version.

  53. Anonymous Coward
    Thumb Down

    Not a conspiracy theory

    I work for a major card processor that does not start with M and yes they were leant on. It has been discussed at length at water coolers and smoking points.

    AC for obvious reasons.

  54. Anonymous Coward
    Coat

    @Sabine Miehlbradt

    Assault rifles punching through armour at 800m? Maybe on a range or a publicity film (or in Hollywood-land), but there aren't many reliable reports of your average Joe Soldier doing it - the ones I am familiar with generally include sniper rifles with 7.62mmN ammo or larger, not the dinky little 9mmP stuff American police are normally issued with, or the 5.56 used by SWAT assault rifles (since you don't seem to know, there is more powder - and so more power - in the 7.62mm round than the 9mm, and the smaller diameter makes for better penetration, but there's less powder in the 5.56mm).

    Assault rifles *are* small arms - the name refers to the size of the projectile, not if you can hold it in one hand. "Big guns" tend to rearrange scenery.

    The impression I got was that you thought firefights between the law enforcement people and the criminals only ever happen like in the films, where the bad guys stand in the open - normally without body armour or any sort of cover - and the Plods take shelter behind anything they can find (and please bear in mind that car doors are normally a piece of aluminium little stronger than kitchen foil as well).

    Never wondered how it takes dozens of cops (or one HERO!) to shoot the bad guys in the middle of the street while the bad guys mow down the cops with no regard for such minor details as ballistics or the way concrete walls tend to stop bullets, or why REAL footage of soldiers in combat show trained, professional soldiers shooting hundreds of rounds between them and still not killing the bad guys just across the road?

    To get back on-topic, there have been plenty of reports of criminals swiping and cloning cards here in the UK, but the banks still insist that the tech is totally secure and the only way to get someone's PIN is for them to give it to you.

    But wait, the PIN is coded into the chip, is it not? So if Bad Guy Boss goes and gets a card with an RFID chip and reads it, he gets a load of encrypted data (in an ideal world) which he cannot read. So he goes and changes his PIN, then re-reads the chip. Comparing the two sets of encrypted data will show just one difference- his new PIN. So he goes and changes his PIN again. Now three sets of data, and he can see how the encrypted values were changed. And if three sets aren't enough, he can keep changing the PIN until he works out how to decode the encryption. Then he sends out his flunkies who scan your card... but you're safe because they only get encrypted data, right? And since it's encrypted, he can't read it, right?

    Oops...

    Mine's the jacket with ceramic armor inserts, kevlar lining and wads of cash...

  55. Mark

    @M. Burns

    But when they take you to court over it, the government steps in and FORCES you to accede to the demands. Or face criminal charges.

    So how come this doesn't count as the government abridging free speech?

  56. Anonymous Coward
    Anonymous Coward

    USA or EU

    I'm assuming that this is only really an issue in the USA where they don't have C&P? I don't know how the cards work there, but in the UK/EU proximity cards require your PIN once every 10ish uses (randomised). The card can only be used wirelessly for transactions up to a about £10. AFAIK the PIN is only encoded into the chip'n'pin portion of the chip (AKA 'application') and the wireless 'application' donsen't transmit or contain the PIN, or any information that can be used to obtain it encrypted or not.

    This means that even if the card can be cloned, which with an EU card is _highly_ unlikely, the perp would only be able to get £10 at a time. Up to a max of 100 where the card would be locked out because the perp doesn't have your pin. Followed by refunds etc from the bank and the rozzers being called in.

  57. Mark

    re: You can read RFIDs -- duh!

    You can read a barcode too.

    So why isn't a barcode good enough? Why must it be RFID?

    To make reading it automatically easier?

    Well, that's also a problem because it makes snooping your card easier too: the only difference is why you're reading the chip, not how.

  58. M. Burns Silver badge
    Boffin

    @Mark

    "But when they take you to court over it, the government steps in and FORCES you to accede to the demands. Or face criminal charges.

    So how come this doesn't count as the government abridging free speech?"

    I presume you mean accede to the demands of the Court. It's called Rule of Law. If you slander or libel someone, in other words, say or print stuff that is damaging to someone and is untrue, and they sue you in Court and win damages, the Court can order you to pay those damages. If you don't pay, then the Court can go after you for Contempt of Court which is a separate legal matter. At no point has the Government abridged your right to Free Speech. It simply is enforcing the other party's right to get compensation from you if you tell lies about that other party and those lies damage them. Seems kind of hard to come up with a logical defense for allowing people to damage others by any means and not allow the damaged party to ask the Courts to grant them compensation paid for by the party who committed the damage.

  59. Cortland Richmond

    Radio is the problem

    The radio part is the problem. One you put critical information over the air it becomes vulnerable to interception. If intercepted, it becomes vulnerable to decoding or decryption. Most governments forbid attempts to do either -- except when they do it.

    In the United States it is a felony to attempt to recover information even from unsecured radio signals whose modulation parameters have been withheld to prevent it. Saudi Arabia used to (maybe still does) forbid unlicensed private ownership of single-sideband receivers. Governments can also require receiver licenses and restrict the frequencies they are allowed to tune.

    But for security, radio -- and by inference, RFID -- is like writing on the wall of the nearest public WC!

    For a good time, charge to 1234-...

  60. Anonymous Coward
    Flame

    SmashLab

    The reaction of the audience to the SmashLab mention was telling. SmashLab is not only bad technically, its probably prosecutably fraudulent.

    Deanne Bell – “The Scientist” has no degrees in any scientific discipline. She merely has a Bachelor’s in Mechanical Engineering which she only got a few years ago. So despite her not being a Scientist, and knowing what menial tasks would be assigned a BSME at any decent aerospace company, the producers have tried to put a lot of lip stick on this pig.

    Chuck Messer – “The Engineer’ Has no degrees in any discipline of Engineering or Science according to the bio Discovery Channel has on their website. In California where the show is filmed, he could be prosecuted under the PROFESSIONAL ENGINEERS ACT (Business and Professions Code §§ 6700 – 6799):

    http://caselaw.lp.findlaw.com/cacodes/bpc/6700-6706.3.html

    California Business and Professions Code Table of Contents:

    http://caselaw.lp.findlaw.com/cacodes/bpc.html

    Don't know about the other two, except they come off as not being very knowledgeable nor bright..

  61. Hugh_Pym

    No no no no no

    Too much confusion here.

    1. Chip and Pin is not the same as RFID.

    2. (for our American brethren). Chip and pin cards are subject to much less fraud than magnetic strip cards and the biggest opportunity for the fraudster is letting the card out of your sight. If you want security on your card leave the chip, rip of the mag strip and signature.

    2. Your PIN is not available from the chip. (that was on the first generation magnetic strip cards, but thats another story).

    3. RFID is not a way of hiding information it's a way of making the information available.

    4. the big story is not about security of credit cards but about how much information is already held on all of us gathered from RFID tags already used in food packaging, clothes purchases and electronic goods.

  62. Anonymous Coward
    Anonymous Coward

    @Mark

    There is a difference between freedom of speech and free speech.

    Freedom of speech (in this context) basically means that the government cannot just prevent things being said / reported just on a whim. Free speech implies that anyone can say anything anytime without any fear of consequences from doing so.

    However there are a number of really important things you have not taken into consideration:

    -Freedom of speech only counts with respect to the Government and does not include advertisers etc.

    -The same rules of freedom of speech etc. also protect advertisers' rights to elect not to spend advertising cash with anyone they choose (with a few provisos)

    -It is perfectly acceptable to gain a court order to prevent people publishing things that are libellous

    -It is also OK to sue libellers after the fact

    -Being found guilty of libel ensures a prohibition on repeating infringing claims

    -If you are sued / have a legal injunction against you by a third party it will be *enforced* through the courts. The courts are not themselves restricting your freedom, they are simply upholding the law. The courts cannot sue you on behalf of someone else.

    -In most western societies government and courts are not the same thing.

  63. Tom

    @Sabine Miehlbradt

    Others have already posted on REAL firefights, let's go back to the statement nof the myth, as you yourself put it: "as shown in typical TV detective series?" Now, the last time I watched a typical TV detective series was quite some years ago, but as I recall, the bad guys IN THE TV SERIES usually had full-fledged, military quality, fully automatic weaponry. Against of course the hero with his trusty revolver, who took cover behind a car door. Not the engine portion of the car where there is at least the possibility of hitting substantial metal (not necessarily high mind you, but at least possible). No, I'd say the myth was busted. And so are you.

  64. Robin Bradshaw
    Alert

    RFID wasnt designed with security in mind

    The basic problem with RFID is it was never intended to be secure, It was initally planned to be a radio barcode so it had no security features at all, ill it did was respond to its ID number and maybe send back a few hundred bytes of data, the reason for this simplicity is that it is constrained by the available power (it has to run on energy from the radio waves) and the cost of silicon.

    So in essence it didn't do anything more than you could do with a sticker and pen, just stick a label on a box marked "box number 987654321, contents 100 pairs of socks, black" the information the chip was meant to hold was as secret as the label on the box.

    Then when company's tried to move this technology into new areas they ran up against problems when they tried to store sensitive data on the chips, the chips were too small and to power starved to do any sensible sort of cryptography.

    This is a problem and potentially more so than with paper tickets or banknotes, whilst the effort to break the security might be quite high once it is done it can be repeated for very little cost, as an example of this look at modchips for consoles, the first few revisions of the nintendo Wii could be chipped for a total cost of about £10, appx 90p for the blank pic chip and the rest to make a programmer, at least with a ticket or banknote the equipment to create a reasonable forgery still has a fairly high cost of entry, with electronics the equipment is always cheap so a hack can go from a small nuisance to out of control very quickly.

  65. Steve
    Unhappy

    Security through censorship

    It's been going on for some time, it's better not to ask the companies first if you want the info to get out...

    http://news.bbc.co.uk/1/hi/sci/tech/1296384.stm

  66. fifi

    More secure, harder to copy, harder to disupute when it is copied

    @ Charles Manning:

    "These technologies are not 100% secure. So what: they're still more secure than the current technologies."

    I agree, to SOME extent. But when the new more-secure techologies ARE abused, and they will be, and they have been touted as being secure as an absolute, not a relative. Take chip and pin. Now the onus is on the card holder to PROVE they didn't make that payment. Yes, credit card fraud may have decreased, but to those who are affected by the new forms of fraud, it's FAR more difficult to prove it IS fraud.

    it's quite likely that this will be the case with any other new secure technology in passports and the like. Your RFID passport was cloned and used as ID in some crime. Since this technology is being touted as secure, it MUST have been you.

  67. Bloodwin
    Black Helicopters

    Oyster?

    RFID = Oyster cards in London. The thing we use to pay for our bus train tube and tram fares (yes I am from flippin Croydon). I have read articles about these things being hackable in theory. I have also seen stuff on the news about fake credit card factories (we had one of them in Croydon too ^^ ).

    I thought everyone knew that all electronic swipe cards weren't 100% secure just like them key fob thingys, they have an alogorithm that in theroy can be hacked. And then there was the EU court that recently told some University that they couldn't publish their security-myth-busting report. I thought news about this crud being hackable was all over the Reg at least once a month. Oh wait this is this month's article isn't it?

    Still I'd just liek to jump on the Mythbusters bandwagon and say how much I enjoy the show. But to be fair in the audience at the show where this was recorded someone did mention to Mr Savage that none of the audience were obliged to keep shtum.

    Retraction or not, I don't like credit card companies or their lawers - the whole concept of 'credit' is just a way of screwing over people so you can charge exorbitent intrest rates. It's the culture of spend now pay later that has got the UK on the brink of recession. I say bollocks to the bankers; show them all up for the technically illiterate greedy little sh*tebags they are.

    Oh and who's to say that the credit card lawyers didn't tell Discovery to tell Mr Savage to say that?

  68. Charlie Staats
    Coat

    You can read RFIDs -- duh!

    I think that the fear of RFID versus more traditional forms of fraud is caused by the fact that someone can be hacking you walking down the street, going to the restroom at McDonalds, meeting your "friend" at that nasty hotel, and so forth. Basically right now people feel "safe" when a CC is safely wrapped in leather in the back pocket or in a purse. The means of gaining access to that information is physical; no one can get your CC number if you don't bank or buy online and if it is on your person. I see the RFID movement as major paranoia fodder for people with the propensity to be overly afraid and/or tend to believe in conspiracy theories. The truth is that this tech CAN be hacked. Not only can it be, but it is possible to do it with the card safely in your pocket, going about your daily life. At least, that's what the fear of RFID will make a lot of people believe. I tend to be more objective. If people want to hack something, they'll normally be able to do so. That is true for anything that exists currently and pretty much anything coming down the pike in the future. So the best we can do is be smart and not give our CC #'s out to suspect websites and generally use common sense. So my question is, will there be mass paranoia once this tech becomes mainstream?

  69. vincent himpe

    They did air a show on rfid !

    i saw it two weeks ago on Discovery HD.

    But they did not deal with credit cards. They tested if an implantable RFID would explode in a scanner. Just like the exploding tattoo myth years ago. They did the test with a piece of pork first and then Kari actually got one implanted in her arm and went in the scanner to see if she would notice anything. After the scan the rfid still worked fine.

  70. Anonymous Coward
    Anonymous Coward

    @Hugh_Pym

    Hugh - Everything else is correct, but the PIN is encoded on to a chip and pin's chip, or at least the chip'n'pin part of the chip (they are separated into different 'applications' for normal card useage & wireless etc). You can see this by making a c'n'p transaction from a shop where they have dialup terminals, the terminal tells you the entered PIN is correct _before_ it starts dialling. It's very encrypted, though.

    As mentioned above, IIRC the PIN is not in the wireless part of the chip so not available via rfid.

    The problem here is that it's not clear if the Amercans using rfid are using a different system to the EU/Chip'n'PIN part of the world. I suspect they are.

  71. StopthePropaganda

    @ Mark-THANK YOU!

    I've been trying to get people to understand that for YEARS.

    If someone sues someone for having a pink flamingo on their lawn, and wins. The Government, and Law Enforcement, are used to extract payment, under penalty of Criminal charges.

    This also both sets legal precedent for all other lawn ornament cases, as well as creates intimidation.

    Therefore, it is effectively ILLEGAL to display a pink plastic flamingo on your lawn. We have effectively created an unwritten LAW banning "tacky" lawn decorations.

    How can you even be close to "free" when there's millions of unwritten laws just like that? And even the written ones, are now being copywritten!...Funny how California, the Breakfast Cereal State (flakes, fruits and nuts!) who puts on a big pretentious front of being freer than those "nasty conservative Bible thumpin" states, is the one that has effectively created the Fascist (the original "government and business" definition not the modern "dern Nazis" schoolkid definition) Police State...and did so over a decade ago!

    Guess that's why they complain about the current Administration-either they're upset the Feds are cutting in on their action, or is it psychologial projection-accusing the "other side" of doing what they've already done?

    but oh yeah. we've got "gay marriage" and are gonna "legalize pot". (nevermind it was this california style mindset of "what I want is more important than what you want" that caused pot to be illegal in the first place) so then it's all okay that we're giving up the right to choose one's own life, career, speech, happiness, safety.....

  72. I. Aproveofitspendingonspecificprojects
    Paris Hilton

    @ Brian Milner & Mike Powers

    "Damn the security"

    Tell us how to make New York Pizzas or better still Grand Concourse, Bronx Pizas.

    They won't let me in any more and as they are the sort of people who would choose a chimp over a chump for chopper, I don't want to go. Not even for New York Pizza.

    Why the hell did they stop the stupid clip just there?

    BTW, is Diebold involved in that other stuff? (Not that I'm interested but I would like to know.)

  73. heystoopid
    Paris Hilton

    Or

    Or how soon we forget the car companies like GM use this technology as false flag sense of security to the owners of new cars and the car insurance companies live in denial that it is so easy to by pass with simple technology !

    Choices , but since RFID is basically insecure by design and has been applied for use well outside the original design concept window and all its draws flap open in the passing breeze little wonder it is so easily defeated !

  74. Vendicar Decarian
    Boffin

    Reduced Profts = Slander

    "The First Amendment to the US Constitution which guarantees Freedom of Speech and Freedom of the Press, simply says that the government cannot a priori stop you from saying/printing an article/opinion/whatever about something. It does not mean that once spoken/printed, you cannot be sued by other citizens for slander, libel, etc. With Freedom comes Responsibility." - Burns

    And if through speech you reduce the profitability of an AmeriKKKan corporation then you have been irresponsible and will have your ass sued. And those with the deepest pockets will win.

    Its the AmeriKKKan way

  75. rick buck
    Coat

    Judge Milan...

    Reminds me of an episode of Judge Milan. They had a lady that had stolen hundreds of dollars of clothes from several malls, on a daily basis for months. They knew she was doing it but it did not set off the door sensors so they let her keep on doing it for a while.

    When they had enough camera evidence, they arrested her. In court they sentenced her, and were about to haul her off. About that time, a representative from the RFID Tag Co. (sensormatic, I think) asked the judge if they could question her. She agreed. (This was actually on the segment that was broadcast) They said that they still could not figure out how she was evading the sensors at the door.

    The judge asked if she would answer, and she just opened up her jacket, and it was lined with strips of electrical tape, that she would just wrap around the RFID Tags, and Voila!...

    The tag was isolated from the RF that the door sensors use to RING the tags... and she would just walk out of the store...no alarms...no security...just profit.

    The judge asked how she figured that out, and she said her boyfriend was in electronics class, and said it was a characteristic of the electrical tape. It was made to block radio type radiation.

    This does not cover the reading of tags, but if you do not want to be read, it may still work.

    Mine's the one with the roll of electrical tape in the pocket.

  76. Anonymous Coward
    Thumb Up

    @ TeeCee

    You've got it completely right!!!!!!!!!

This topic is closed for new posts.

Other stories you might like