Sign in with
Sign up | Sign in

Mythbusters Blocked From Revealing RFID Myths

By - Source: Tom's Guide | B 26 comments
Tags :

If you were ever hoping to see an episode of Mythbusters busting the myths behind RFID security, you might be saddened to hear it looks like that will never happen, and not due to a lack of interest either.

Adam Savage of Mythbusters, when speaking to the audience of The Last HOPE hacker conference, revealed why RFID has become a bit of a taboo topic at Discovery Channel. In response to an audience question about revisiting RFID as an episode, Adam responds, “Dude, the RFID thing. I’m sorry. It just is not going to happen. ... Here’s what happened. I’m not sure how much of this story I’m allowed to tell, but I’ll tell you what I know.” Mythbusters did cover RFID in an episode last January, but did not focus on RFID security concerns.

After some cheers from the audience, Adam says, “We were going to do RFID and on several levels, you know, how hackable, how reliable, how trackable, etc., etc., and one of our researchers called up Texas Instruments and they arranged a conference call between, I think, Tory and the head producer over there for the other team, Linda Wolkovitch, and one of the technicians at Texas Instruments. We were supposed to have a conference call to talk about the technology on like Tuesday at 10 am and Tuesday at 10 am, Linda and Tori get on the phone and they.. uh.. Texas Instruments comes on, along with the chief legal council for American Express, Visa, Discover, and everybody else.”

Adam continues, “I got chills just as I described it. They were way way out-gunned and they absolutely made it clear to Discovery they were not going to air this episode talking about how hackable this stuff was and Discovery backed way down, being a large corporation who depends upon the revenue of the advertisers. Uh, and now it’s on Discovery’s radar and they won’t let us go near it. So I’m sorry. It’s just one of those things, but man, that was.. Tory still gets a little white when he describes that phone conversation.”

On one episode of Mythbusters, biometric security is visited and attempts are made to see if fingerprint scanners, for example, could be bypassed easily. Sure enough, the Mythbusters were able to beat the fingerprint scanners, several ways. It is not surprising that such a popular show, attempting to publicize possible faults in RFID technology, would garner the attention of certain companies. With RFID chips finding their way into our credit cards, passports, and many other aspects of our lives, trusting the technology with our security and privacy is becoming an everyday scenario.

As Adam stated, some of the aspects of RFID that would be covered by Mythbusters, if they had their way, would include how hackable they are, how reliable they are, and how easy they are to track. Some security experts fear information stored on RFID chips could be read remotely by strangers, such as the personal information stored on credit cards or passports that use vulnerable RFID chips. While typically an RFID chip used in a credit card, for example, is designed to be read from only a short distance away, some believe as far as 40-feet away is possible. There are also concerns that the data encryption and other means of added security given to some RFID chips may be vulnerable.

It seems RFID-related myths regarding whether a person should be worried about the having their credit cards cloned, having their identity stolen, or just having a store know who they are and what is in their wallet when they walk in will just have to remain myths on Mythbusters.

[Update: September 3, 2008]

It appears Adam Savage of Mythbusters is retracting his statements made at The Last Hope conference, according to a statement issued to CNET News on Wednesday.

Adam Savage says in the issued statement, "There’s been a lot of talk about this RFID thing, and I have to admit that I got some of my facts wrong, as I wasn’t on that story, and as I said on the video, I wasn’t actually in on the call."

He continues, "Texas Instruments’ account of their call with Grant and our producer is factually correct. If I went into the detail of exactly why this story didn’t get filmed, it’s so bizarre and convoluted that no one would believe me, but suffice to say...the decision not to continue on with the RFID story was made by our production company, Beyond Productions, and had nothing to do with Discovery, or their ad sales department."

Adam Savage’s statement follows a previous statement issued to CNET News the day before from Texas Instruments stating things did not go exactly as Adam Savage described at The Last Hope conference. According to Texas Instruments, during the phone call technical questions were asked and answered, only a single legal council member was present on behalf of a contactless payment company and it sounds as if Mythbusters was not told they could not air the episode.

Does that mean it is okay to take off our tinfoil hats now?

Display 26 Comments.
This thread is closed for comments
Top Comments
  • 11 Hide
    jincongz , September 3, 2008 9:40 PM
    You can take off your tinfoil hat, but keep the tinfoil in your wallet. If they don't want the myth busted, that means they know it's vulnerable...
Other Comments
  • 11 Hide
    jincongz , September 3, 2008 9:40 PM
    You can take off your tinfoil hat, but keep the tinfoil in your wallet. If they don't want the myth busted, that means they know it's vulnerable...
  • 5 Hide
    neodude007 , September 3, 2008 9:45 PM
    Yea I agree this RFID technology is 100% stupid. Since when does supressing truth and facts lead anywhere good? I hope the entire world gets hacked and it is all because of RFID and their stupid weakness. The credit card companies might as well say "Well gee your credit cards are insanely hackable, and can easily be copied now without anybody even touching them... but we don't want you to know" de de deeee
  • 3 Hide
    Pei-chen , September 3, 2008 10:48 PM
    Tory and Grant got owned ....... by lawyers.
  • 5 Hide
    frozenlead , September 4, 2008 12:15 AM
    Now they've ensured that everyone will be searching for a copy of that episode/a method to hack the chips.

    Great work everybody, you really know what you're doing with your seven figure salaries. My god, this situation is even in the Harry Potter books.

    The only way to make everyone interested in something is to ban it.

    Lawlz.
  • 3 Hide
    Anonymous , September 4, 2008 12:20 AM
    Personally I think they should do it, and just wear masks and things like that *or anybody that knows enough to actually test the myths* and put it on youtube lol
  • 6 Hide
    wrack , September 4, 2008 12:58 AM
    No matter how much sugar coating they do while saying things, they got blackmailed from the companies using RFID, PERIOD.
  • 2 Hide
    jaragon13 , September 4, 2008 2:16 AM
    jincongzYou can take off your tinfoil hat, but keep the tinfoil in your wallet. If they don't want the myth busted, that means they know it's vulnerable...

    Damn straight.I would of thought,you know,they would of asked them to test weaknesses and give it to the RFID user companies,but it seems they already know.Put your boots on men,there's alot of bullshit.
  • 1 Hide
    enewmen , September 4, 2008 2:25 AM
    Who in the world has the authority to surpress an episode on RFID?
    ^ What can Discovery possibly do that can make them blackmailed?
    My guess is Discovery just won't do any serious topics.
    I'm sure some secret service will always want it possible to hack into peoples lives anyway.
  • 2 Hide
    enewmen , September 4, 2008 2:31 AM
    Actually people can be tracked even without any hacking.
  • 0 Hide
    Anonymous , September 4, 2008 3:19 AM
    Hey, I remember when these parts came out. Engineers were commenting on how easy it is to read them and reprogram them. They are not safe by any means. Of course, it is better than a bar code. How simple it is to print one of them, so it maybe a step up in security,
  • 0 Hide
    squiZZ , September 4, 2008 4:37 AM
    so dude with RFID scanner in coat pocket bumps into lady with credit cards, licenses, social in her purse. RFID Scanner should be in range to pickup some sort of signal off these chips im guessing?
  • -2 Hide
    Darkk , September 4, 2008 6:57 AM
    I have alot of respect for Mythbusters and their willingness to prove or disprove various myths. But when it comes to national security and finances in a matter that would cripple the exiting system to their knees they couldn't put this on the air.

    We know damn well this is documented on YouTube, the newsgroups and fourms about hacks of this type. Despite the fact Mythbusters were able to prove or disprove the security issues with RFID it still puts the existing technology into jeopardy.

    It's a shame really. I'm sure they did an incredible job of cracking the code of RFID technology but the way it is now they could actually bring the entire banking and security system to it's knees. I'm sure it's not something they want to be responsible for so the story got pulled, least for now.

    I do live near San Francisco so would be cool to actually meet the crew of Mythbusters. Maybe someday.


    Darkk
  • 5 Hide
    Anonymous , September 4, 2008 7:43 AM
    Everyone has the right to know exactly how secure/insecure the technology is they are relying their most intimate on.

    Some example: The dutch group called toool specializes in physically opening door locks. They make a sport out of it and in the mean time publish whitepapers about their techniques. Now of course the lock companies don't like that at all, but in the end it forces them to build more secure locks.

    Some 3 years ago on a big security convention the bluetooth sniper gun was successfully demonstrated and introduced to the public, showing how easy it was to hack those connections from a respectable distance. That was a good thing because some average Joes know now, that they should be careful.

    Same goes for RFID technology. The public must be made absolutely aware of the risks involved in storing any kind of personal data on a RFID chip. I won't be walking around with one for sure anytime soon.
  • 1 Hide
    lutel , September 4, 2008 7:44 AM
    It is not about security, it is all about http://www.rfid-666.com/
  • 0 Hide
    DXRick , September 4, 2008 8:25 AM
    I guess the would be crooks are really screwed now. Without the Myth Busters telling them how to hack RFID, how will they ever figure it out?
  • 0 Hide
    Yuka , September 4, 2008 11:32 AM
    I think telling them to "stand by" is what they meant (trying to be positive, and giving the benefit of doubt), so they can come up with solutions before they tell the world about those flaws.

    I would rather wait for that episode a little more and KNOW that those flaws are some-what "covered" by the companies.

    If they (Texas Inst.) don't care about fixing them and just want them to shush, hell... Big fail.

    Esop!
  • 0 Hide
    fonzy , September 4, 2008 3:40 PM
    When they start implanting these things in people they don't want people knowing how to disable them.

    Tin foil hat or not if people think people won't except using a RFID chip look what's going on down in Mexico with all the kidnapping there actually asking for these things to protect themselves.
  • 2 Hide
    Anonymous , September 4, 2008 4:18 PM
    >>the security issues with RFID it still puts the existing technology into jeopardy.

    Gah! Existing technology puts us in jeopardy, and revealing it in the most embarrassing way possible will force the bigwigs to fix it. I think any law that insists that I keep another person's or company's secrets when they have put them out where anyone can discover them is crazy.
  • 0 Hide
    mdillenbeck , September 4, 2008 11:16 PM
    Many good points, but let me play devil's advocate for a moment. Do you think the Mythbusters should be allowed to create a computer network with identical software and security measures as major financial institutions and/or governmental systems then bust myths about how they can be hacked?

    I agree that RFID systems have security vulnerabilities, and that the companies know of flaws and are trying to use legal obfuscation (read 'closed source solution' like many software applications) as a security measure.

    However, I am still trying to weigh the reaction against historical changes like social security or ID cards/Drivers licenses. Sure, these pieces of data that are tied to a physical person could be used and abused, but more often than not they have also benefited people in many ways also. People often resist even beneficial change - but I have not yet decided if RFID is beneficial enough for the inherent risk involved.
  • 0 Hide
    xyster , September 5, 2008 12:33 AM
    personally speaking, let bankers and big brother use unsecure RFID to control us all. i mean, if you got the brains to hack thru their best security measures, you can exist as a ghost in the system. hell, just buy a metal wallet and your safe from plenty remote wallet reading.

    hackers could very well be the freedom fighters of the future.
Display more comments