The crew was all set to air a show about how hackable and trackable RFID chips that are found in many credit cards are, when some big name advertisers stepped in to shut it down.In this undated video, Adam Savage of Mythbusters talks about how the MB's crew sat down for a conference call with Texas Instruments to discuss the tech behind the chips, and were surprised to find also on the line were chief legal reps from Visa, Discover, and American Express. The Discovery Channel was told if the show about RFID chips aired, the major credit card companies would pull all advertising from the cable network.Guess who won that battle? Suffice to say, there was no Mythbusters episode about RFID chips.
Video at the link. I blogged this topic in 2009 and again in 2011 (with an excellent video).
Addendum: Reader Irf found a story at cnet in which Adam Savage back-pedals a bit on his claims above.
Addendum: Reader Irf found a story at cnet in which Adam Savage back-pedals a bit on his claims above.
I suspect there have been several topics they've been unable to air/investigate because of similar pressures.
ReplyDeleteThis episode is a couple years old now, they didn't air it, but the internet knows the secrets now anyway. On the plus side, card companies slowed their big push for rfid and stopped their plans to automatically replace all current cards with rfid tagged ones (that's what my company was planning anyway).
ReplyDeleteI remember reading something about this a year or two ago. It wasn't quite as cut-and-dried as it sounds:
ReplyDeletehttp://news.cnet.com/8301-13772_3-10031601-52.html
Thanks Irf, for the link. I've added it to the post to make it more balanced. Appreciate the heads-up.
DeleteLike any computing device, they are hackable, it's just a bit more of a story because it's not so obvious that they are computing devices. In the UK at least, fraud/theft is covered by the credit card companies, so it's not too important if that happens (and also makes you think on balance the security risk might be small compared to physical theft or signature/PIN fraud, otherwise why would the credit card companies bother). Passports might be another matter.
ReplyDeleteThis is BS. The CC companies have the solution. They just can't seem to get themselves to think about it.
ReplyDeleteThe answer is use-once credit card numbers that can only be used by one merchant, for a fixed limit, for a fixed time.
And these use-once CC number can be generated by your smart phone. Simple as that. Your phone knows where you are. The banks know what merchants are there. You can enter the charge amount. Then just throw a QR code on the screen to be read by the merchant's scanner. Just like Starbucks does when you use their Starbuck's app.
The scanners are cheap. When the charge comes in, the bank knows who the merchant is, when the transaction took place, and for what amount. That is the only charge that should be allowed. Any other charge is rejected. Simple as that.
You don't need stupid RFID's that broadcast fixed information. This is low-tech, cheap, and very, very effective.
Ron...every merchant would need a reliable scanner, they don't all have them and will not all have them due to the issue of cost. Sure it's easy to say "they are cheap" but for the merchant that has a constant barrage of expenses, another expense isn't welcome.
ReplyDeleteThese credit card companies and their lawyers are just a bunch of jack booted thugs.
ReplyDelete