Damn the security ...
Think of the profits!!
I'm reminded of this quote from Robocop:
Dick Jones: "I had a guarantee military sale with ED 209. Renovation program. Spare parts for 25 years. Who cares if it worked or not?"
Update: Since we published this story MythBusters host Adam Savage has backtracked on claims that Discovery Channel caved into commercial pressure in canceling a planned show on RFID technology. See new story here. Discovery Channel prevented the exploration of RFID security by Mythbusters, the popular science television show, …
Is just about the only thing these twats have at the moment. Academic presentations on RFID will almost always be protected by the courts, so when a TV show decides to address the matter, they're of course going to target the pocket-books of the corporation that funds the program. How else can they prevent the information from getting out? Discovery would win every time in court with their legal team, but they can't sue the advertisers for pulling out...
Also, the lot of boos thrown at Smash Lab were hilarious! So was Savage's reaction. That show is awful. The hosts are brainless and lack personality. It's almost as if all Discovery took away from the Mythbusters' success were explosions and fratboy humor; nevermind the fact that the explosions are almost always the result of Adam and Jamie's big brains a turnin' and the humor of the second team is the result of genuine youthful enthusiasm for science. Smash Lab gets it all so very wrong...
...of MB, they tested a door lock w/ fingerprint scanner. The device claimed to use very sophisticated technology/techniques to determine whether a human finger is actually being used (measures finger temperature, perspiration, etc). The result? EPIC FAIL! Not only was the device fooled by a latex fingerprint, but was also fooled by a simple photocopy/print-out (on paper) of a fingerprint!
Ofcourse, that was just a single device from a single manufaturer, but can anyone else guess how big of an epic fail it would/could be if RFID's security is scrutinized?
I hope they get to do this episode w/o pressure from industry.
UK.GOV is ramming National ID Cards and RFID Passports down our throats as part of the War on Terror as designed by Bush and subscribed to by Bliar (that not misspelled).
Rather than accepting the privilege of paying double-plus for a passport, and another wedge for an ID card, it may well be that The Mythbusters are able to lend more to No2ID's campaign against this lunatic central government initiative than any other research programme.
Inevitably UK commercial channels will also bend under pressure from TI and the CC companies, so it's down to the BBC.
What a golden opportunity the BBC now has to prove that it is not a lapdog of Governments, is truly independent, and worthy of the respect it enjoyed a couple of decades ago as an impartial investigator of the real truth.
I am not a licenced bookmaker. If I was I'd lay 10/1 on the Beeb not running with this. Call me Mr Cynical ......
No offense meant to Mr. Hyneman and Mr. Savich (god bless them with his noodley appendages) but they aren't programmers really and if something seems easy to them then I am worried. On the other hand if it is easy then we will all be finding out the hard way soon enough. Just let it drop and let the people burn no use trying to forewarn anyone what good would it do.
I love Mythbusters, though it didn't sound like a very exciting myth anyway.
How come no-one stopped that one where they completely busted the claims of an "completely uncrackable, never been fooled" fingerprint lock with PHOTOCOPIES of their fingerprints?
http://www.youtube.com/watch?v=E20lHqbWqN4
Nor does "security by threatening the people who were about to blow the whole thing open".
So as far as I'm concerned the credit card companies can take their RFID cards and shove them. Good luck to anyone who places convenience above security, hope getting your cards pwned doesn't hurt too much.
/Mine's the one that only has real cash money in the pockets.
> any RFID passport or credit card I'm forced to have will accidentally be placed in a cloth bag and hit several times with a mallet.
That's fine - your choice and no-one forces you to have a CC or a passport.
However, I hope you like having to use cash only - obviously you've never (yet) applied for a university place, worked for "the man" or had to prove your identity. In the future, you'll never have a foreign holiday and when the time comes, forego a driving license and becoming a "non-person" without an ID card.
To paraphrase Ian Dury "Sometimes you have to bend with the wind. Sometimes you have to break with it, and sometimes you just have to break wind."
From Adam Savage:
"There's been a lot of talk about this RFID thing, and I have to admit that I got some of my facts wrong, as I wasn't on that story, and as I said on the video, I wasn't actually in on the call," Savage said in the statement. "Texas Instruments' account of their call with Grant and our producer is factually correct. If I went into the detail of exactly why this story didn't get filmed, it's so bizarre and convoluted that no one would believe me, but suffice to say...the decision not to continue on with the RFID story was made by our production company, Beyond Productions, and had nothing to do with Discovery, or their ad sales department."
Blinders off, people. This was Savage overreacting, as he often does on his show for effect.
http://news.cnet.com/8301-13772_3-10031601-52.html
Back in high school, we watched a video tape of a show titled "America: The Land of Hype and Glory" which had been aired on one of the major networks. At the beginning of the show, they had an introduction explaining how none of their advertisers wanted the show to air and so it was aired anyway without any commercials as a public service.
The subject of the show was how products were presented in commercials so that they'd look better than they really were. The only items I really remember were breakfast cereal using glue instead of milk and hams being varnished (give me a break, this was back in the mid 70's and I've slept a few times since then).
It's a real pity that no network is willing to do this anymore.
Oh you guys crack me up with your conspiracy theories - like the Wikipedia article that used to maintain Visa and Mastercard were actually the same company... nobody's forcing you to use RFID debit/credit cards. I can't wait until somebody cracks the security features on paper money - you'll be running for the hills then! Oh, wait....
Mythbusters? The show that wanted to prove that a car door is no protection in firefights as shown in typical TV detective series?
How they did that? By firing assault rifles from close distance at a car door and proudly claiming Myth busted when bullets made to penetrate armour at 800 meters actually did penetrate a car door at 30m. After all, military assault rifles are typically used by and against police in real life or TV. No small arms, no sir.
Science that ain't. Cheap show fits better.
Publish and be damned?
I know mythbusters sometimes simplifies a bit, but surely there's a principle involved whereby if they haven't done anything against the law then the knowledge is redistributable (with certain exceptions, like how to make nuclear bombs - which is a bit stupid given the widespread availabliliy of uranium from Niger ;)
Where's the "the other side is talking utter bollocks and are plainly making this case to protect a vested interest" verdict. Why is it not cheap to get one of them?
[Apart from the obvious "lawyers are involved" answer]
These technologies are not 100% secure. So what: they're still more secure than the current technologies.
People have been forging signatures on CC transactions and cheques, forging passports, driver's licenses, etc etc since granny was a girl.
All locks that are used to secure bikes, houses or safes are "hackable".
RFID and similar don't have to be invulnerable, just better than current technology. "Better" does not just relate to security but also cost, convenience etc.
So what if people can "hack" a tube ticket? They could do the same by doing a forging job on an old technology cardboard one too. Either way, forgery is illegal.
Crims are generally lazy bastards (or they'd work for a living). All you need to do is make the effort + risk greater than the potential gains.
>To paraphrase Ian Dury "Sometimes you have to bend with the wind. Sometimes you have to break with it, and sometimes you just have to break wind."
I think you missed the point of the last part of that quote, it means sometimes you have to break the wind, ie put your RFID cards in a bag and smash them with a hammer and stick two fingers up at the establishment
This one shows a guy walking up behind a woman and scanning her AmEx card with an eight dollar RFID scanner that he got on ebay.
http://www.youtube.com/watch?v=vmajlKJlT3U
It captured enough data to go online and make purchases. Some of the comments say that you could never get away with this because people would get suspicious if someone waves a wand around your rear end. To which I say - put it in a briefcase or purse and scan from within a crowded bus, elevator or subway.
Somehow, nobody here seems to have gotten the real mess(age) here.
@Anon Koward: The clip is there for all to see, at least from Europe. Maybe not from the Land of the Fee, I wouldn't know about that.
The real mess is that there is truth out there which rather obviously is being prevented from being aired for purely financial reasons. OK, so that's not exactly news these days. But think of it the hard way: the companies relying most heavily on RFID obviously have no vested interest in having its security put under scrutiny.
That's a little like an ostrich having no vested interest in viewing its surroundings, hence putting its head in the ground.
Think on that, next time you use your credit card.
The First Amendment to the US Constitution which guarantees Freedom of Speech and Freedom of the Press, simply says that the government cannot a priori stop you from saying/printing an article/opinion/whatever about something. It does not mean that once spoken/printed, you cannot be sued by other citizens for slander, libel, etc. With Freedom comes Responsibility.
Jamie and Adam SHOULD do the show but behind closed doors with only the credit card companies and card manufacturers in attendance. Let them show everyone how easy it is to defraud the CC company or clone a card with only the barest of equipment. Okay, they may already know but they can at least get some ideas of how to combat the problem PROPERLY and stop resorting to burying their collective heads in the sand.
mmmmmmm Kari ... I'd buy that for a dollar! using a fake CC of course :)
presumably, the mythbusters show was going to cover making devices that copy and clone tags
http://cq.cx/proxmark3.pl
--
hacking the encyption on tags
http://www.ru.nl/ds/research/rfid/
--
and the fact that a radio based device does not magically stop transmitting after merely a few feet
http://www.rfid-radar.com/introduc.html
--
Mines the one with the em shielded wallet in it
http://www.difrwear.com/
@Charles Manning, the problem is not of forgery (and there are a lot of things which violate the law but are practiced en mass on a daily basis,) it is a problem of no longer needing physical possession to commit the forgery. The fact that RFID information can be elicited and scanned from a distance greater than the small proximity security claimed by RFID proponents has been proved more than once, implicitly and explicitly. The former by way of Bluetooth eavesdropping from hundreds of yards away or WiFi connections spanning several miles, and the later by way of demonstrations showing how easily one can sit in a lobby and capture the session between a security card and the security pad.
Physical contact such as smart-chip to reader, magnetic strip to head, or auditory/visual recognition of an object, is the only way to prevent out-of-proximity interception of credentials. Absconding with credentials would then again require physical possession and duplication of the credential objects. And, of course, even this is no guarantee of absolute security.
But I digress. How long until this "lost episode" shows up on the P2P networks?
Paris, for physical possession and duplication.
No smoke without fire? The episode is pulled, lawyers werer involved, fuffs were kuffled, confusion reigned. No panic by certain interested parties?
Point is that RFID is in it's infancy right now and there are plans to widen it's use considerably. Passports, id cards, prisoner tags, clothes....you've all seen the planned uses for these things....if the Mythbusters have worked it out, you can bet your ass that less honest folks with less altruistic motivations have also done so and we have a right to make an informed choice, not have it forced upon us by ignorance and bully boy tactics
Doesn't matter now, this one will run and run. The tinfoil hat boys will just say he's been leant on to produce that retraction.
This is how most good conspiracy theories get started. Someone fairly credible says something that's complete bollocks, a conspiracy theory is formed around it and then shit loads of ever more convoluted "evidence" is produced to back up the original bullshit. Before we know it this will be a CIA plot funded by Big Oil and there will be proof that the Mythbusters are actually alien infiltrators employed by NASA to fake the Moon landings.
Time to dig the Illuminati set out, get some mates round and beer in to get a sense of proportion methinks. Of course, the premise of Illuminati is actually real and Steve Jackson was hired by the NSA on the orders of the Bavarian Illuminati to produce it as misdirection......
I was so looking forward to seeing the lovely Kari Byron doing some ass-modelling again in order to ascertain whether RFID enabled cards are better off in a side or back pocket.
As for Adam retracting his statement... do you not think he was maybe gently nudged by Beyond and/or Discovery? Maybe with the line "Retract your statement, or you will be replaced"? After all, he is one of the few on the show that doesn't actually work for M5I (Jamies SFX company), making him much easier to replace with a loyal drone.
In the meantime, I will go back to some harmless obsessing about Kari.
- "Mythbusters? The show that wanted to prove that a car door is no protection in firefights as shown in typical TV detective series?
How they did that? By firing assault rifles from close distance at a car door and proudly claiming Myth busted when bullets made to penetrate armour at 800 meters actually did penetrate a car door at 30m. After all, military assault rifles are typically used by and against police in real life or TV. No small arms, no sir.
Science that ain't. Cheap show fits better."
Assault rifles generally get used in firefights of 300 metres or less, and are designed as such.
800m is a bit rare for a modern assault rifle.
30m firefight in FIBUA pretty common.
Also assault rifles are classified as "small arms".
Maybe a cheap show but at least they do check their facts
How dare you imply that I live in that lawyer infested land! (No offence to those people that have no choice and were born in America :). (I am in the UK btw)
When I went to watch the clip yesterday it kept displaying that YouTube message saying it was no longer available, I assumed they must have pulled it *shrug*, works fine for me too today.