Posted on 08/31/2008 7:31:10 AM PDT by MichiganMan
Credit card companies successfully nixed a Mythbusters segment exposing RFID's security flaws, according to Arbiter of Truth and Mythbusters co-host, Adam Savage.
Texas Instruments comes on along with chief legal counsel for American Express, Visa, Discover, and everybody else... They were way, way outgunned and they absolutely made it really clear to Discovery that they were not going to air this episode talking about how hackable this stuff was, and Discovery backed way down being a large corporation that depends upon the revenue of the advertisers. Now it's on Discovery's radar and they won't let us go near it.
Well, you can understand the Credit Card Companies reaction, Geeks across the land would be building RFID readers and sending them to Kari to impress her...
Kari? Yeah, Kari!!
You know the rules, where is it.
Once again, like with the WGN situation, it’s the truth that is scary, not the fabrications.
We might never know, but I’d be curious to see how much grief Mr. Savage gets just for his part in this video.
I just love the small shot at Smash Lab. Damn that show sucks.
Used mostly for building access and package tracking today, RFID is not privacy friendly technology. With a range of at least 3 meters RFID chips can theoretically be hidden in products from laptops to shoes without the user’s knowledge and can be used to track the users movements and behavior across a network of scanners.
I know that one of the security problems is that the cards can be readily cloned - if you sniff a scanner, then sniff a card on that network you can clone the card as many times as you like just by duplicating the key.
Most businesses in major cities give employees RFID cards to use like building keys. We’ve started recommending that clients use RFID for secondary internal access only, say between zones or departments within a building, like access to server rooms. Primary access to a facility should be granted only after people have been identified by a less vulnerable means (Mark 1 eyeball for instance).
Smash Lab is beyond lame. Still worse was the Rocket Guys show. hat was sooo painful.
By theway, Kari is awesome!
It's worked pretty good.
Oh most certainly. The potential for tracking is beyond current comprehension. If less than one decade we could easily be living in a society where your every move is tracked. Think about it. Your sneakers have a tag that tracks it through production and shipment. That tag, hence, those shoes, gets tied to your name through your credit card purchase. Those shoes’ tag then announces your presence and movement throughout any store with appropriately equipped scanners and purchased access to the above info. Very simple endeavor for startling tracking ability.
Yea, i tried watching Smash Lab. It was like watching High schoolers trying to demonstrate gravity or something.
Actually I had already heard about this, and I want to make a Faraday cage using cloth for my credit cards. I might be paranoid, but the geek in me thinks it's just cool to work with metal encoded fabrics. I actually want to build a cage for my server next.
From Wikipedia: http://en.wikipedia.org/wiki/RFID#Security_concerns
“Cryptographically-enabled tags typically have dramatically higher cost and power requirements than simpler equivalents, and as a result, deployment of these tags is much more limited. This cost/power limitation has led some manufacturers to implement cryptographic tags using substantially weakened, or proprietary encryption schemes, which do not necessarily resist sophisticated attack. For example, the Exxon-Mobil Speedpass uses a cryptographically-enabled tag manufactured by Texas Instruments, called the Digital Signature Transponder (DST), which incorporates a weak, proprietary encryption scheme to perform a challenge-response protocol for lower cost.”
That’s why I’m becoming a bigger and bigger fan of cash - it can’t be traced back to you.
In any case, I remember finding out my brother had a RFID-enabled debit card, so I promptly helped him line the relevant pocket in his wallet with a layer of aluminum foil. Fortunately, I have nothing with an RFID chip in it with personal information besides my passport, and when/if it looks like I’m going to use it, I’m buying one of these: http://www.thinkgeek.com/gadgets/security/910f/ before taking it out of my house.
Nice, thanks for posting that. I wish I had this when I used my passport. I didn’t realize that it had one of these chips.
You, sir, are a righteous man.
Not doing so would be unAmerican.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.