Credit-card companies killed Mythbusters segment on RFID vulnerabilities

Discuss

48 Responses to “Credit-card companies killed Mythbusters segment on RFID vulnerabilities”

  1. codesuidae says:

    @15:

    Discovery deciding not to air an episode of MB as it may harm their advertising revenues is a moronic idea of suppression of free speech.

    This is not a free speech issue. The Mythbusters are free to make the episode if they wish. However, they are not guaranteed access to a nationwide, for-profit video distribution network.

    You are free to say pretty much whatever you want standing on the street, that doesn’t mean you get to make people listen, or make people copy and transmit your speech for you.

  2. asuffield says:

    Can you imagine the cash flow problem that would create for that credit card company if a large percentage of victims all paid slow that month? I guess they’d count on the extra interest charges, but do you think all the rest of the money-changing community wouldn’t exploit that blood in the water?

    Yes, actually, I do. Competition in the finance industry is a myth. All the big players are owned or controlled by a small group of people. They don’t exploit each other, they work together to exploit everyone else.

    If people tried anything like this, they’d just get the government to pay for the cleanup (ie, have the police do it), probably using one of the “terrorism” laws. And even if you managed to find a way to really hurt them, they’d just get bailed out by the government – no large entity in the finance industry can be allowed to fail, campaign contributors are too heavily invested in them.

  3. Colonel Kong says:

    I guess Mello Clello is talking about debit cards in New Zealand, and the situation is the same here in the U.K. Sure, almost everyone had a credit card, but everyone also has a debit card which can be used in basically every shop and on the Internet (since most are Visa) and anywhere around the world too. These are all also chip and pin now.

    I guess the American system is one that is favouring the banks and credit companies.

  4. Maurik says:

    @ Thebes :

    Discovery deciding not to air an episode of MB as it may harm their advertising revenues is a moronic idea of suppression of free speech.

  5. Kevin says:

    . Suppose they all agreed to pick a credit card company that month and all withhold their payments. Can you imagine the cash flow problem that would create for that credit card company if a large percentage of victims all paid slow that month? I guess they’d count on the extra interest charges, but do you think all the rest of the money-changing community wouldn’t exploit that blood in the water?

    You want the CC firms to feel some pain?

    Pick a month (say November 2008), and nobody uses any revolving line of credit at all.

    Not for lunch, not to fill the gas tank, not even pre-scheduled payments to your cell phone carrier. Zero Dollars.

    If you absolutely must pay with plastic in November, use a debit card in “debit” mode (PIN transaction), so VISA doesn’t get their 3% cut.

  6. bardfinn says:

    Want the CC companies to feel some pain?

    Cut up all your credit cards. Pay cash. Buy only what you can afford, or save up for larger items. Live within your means. Show people how your life is brilliant and happy and worry-free. Encourage everyone you know to undergo the same transformation.

    I’ve never had a credit card, have been debt-free for three years and have a loving wife, a 4-year old stepson and a son on the way. No car, either.

    My life is wonderful.

  7. anthony says:

    Me either. I’m 37 and no credit card, yet.
    LOTS of student loan debt over the years, though.
    And congrats about the family.

  8. Anonymous says:

    The way you REALLY nail the credit card companies is not to cut up your credit cards and pay cash, but to USE the credit cards, but PAY OFF YOUR BALANCE every month. The CC companies live off of finance charges. Many credit cards don’t even have an annual fee, so simply having the credit card doesn’t cost you anything. If everyone who used CCs paid off their balance every month, not only would the CC companies go out of business, but they would end up owing money too.

    Of course that means you have to be responsible with your money, and resist temptation, even when they raise your limit without telling you.

  9. Anonymous says:

    @ Eric D:

    Anyone who banks with Chase gets doubly dished with RFID cards. Their debit and credit cards both use the “Blink” RFID system.

    Fortunately there is a way to minimize being pwned if you must bank with them: invest in a DIFRware wallet which actually masks your RFID-tagged cards with a Faraday cage until such time as you need to use them.

  10. Takuan says:

    wonder if muffler tape over your wallet would work?

  11. anthony says:

    Chicken wire would. Chicken wire wallets.com

  12. DefMech says:

    We just recently got approved for a home loan. We’re young and don’t make a lot of money, but have exceptional credit. We pay all of our bills on time and according to the guys at the bank, one of the biggest factors for us getting approved was paying off our credit cards in full every month. We’ve never been told by our bank (Chase) to try and carry a little balance to increase our rating. I understand that it surely makes them(the banking industry as a whole) more money by doing so, but they never suggested we do such a thing, even going so far as to suggest on several occasions to carry as little balance as possible, none if possible.

  13. Takuan says:

    ya figure? With those wavelengths? I ALWAYS have a roll of chickenwire in my trunk. Along with tarps, hatchet, duct tape, rope, weights….

  14. Anonymous says:

    @Maurik

    So what method do you propose to test and inform consumers of this security flaw? Are you and advocate of government funding of public television? Because all of our media is for-profit and advertising driven.

    There is important information consumers need to have, and I don’t see any advertising driven media willing or brave enough to do it. And to top it off there’s a strong movement for tort reform so there are no other ways to expose/punish corporations for negligence.

    The free market economy relies on the market communicating information. So long as information is kept from the consumers the market is flawed and not working properly.

    So you are right, this isn’t technically a violation of free speech. But it is in *effect* the stifling of free speech by powerful corporate interests.

  15. Evil Jim says:

    Some episodes they should just keep under wraps until the day it’s aired.

  16. anthony says:

    To be honest with you, the chicken wire wallet is strictly for fashion. Aluminum foil hat is all business.

  17. creesto says:

    “Ow daMMIT!” < >

  18. RJ says:

    I don’t use credit cards either. Hopefully I’ll never be in a position where I feel like I need one.

    Life is pretty comfortable, I’d say. I dress well, eat well, have fun when I want to, own my car, been thinking about getting a motorbike. Why would I want to get mixed-up with those credit card shysters?

    Working to pay off credit card debt amounts to indentured servitude. Cut the chains. Live free. Stop trying to keep up with the Joneses, because they’re neck-deep in debt, too.

  19. adwb says:

    That’s why I have one of these Faraday cage wallets:

    http://www.thinkgeek.com/gadgets/security/8cdd/

  20. Jack says:

    @#17 POSTED BY BARDFINN

    Cut up all your credit cards. Pay cash. Buy only what you can afford, or save up for larger items. Live within your means. Show people how your life is brilliant and happy and worry-free. Encourage everyone you know to undergo the same transformation.

    I think yours is an extreme example, but I couldn’t be in more agreement.

    I don’t want to sound like some crusty old man (because I’m not) but I think the issue of credit being given and extended to people who truly can’t handle it is the number one cause of so many problems nowadays.

    There’s always generational differences, but in the late 1980s credit card companies made a very conscious push to force college age kids into debt. I vividly remember working at my college bookstore and being told by my manager to put credit card promotional material in all bags and popular books. At the time I did have a card, but it was an American Express that had to be paid off every month. Growing up poor I knew the value of saving and did not waste my money more than I could earn it.

    Flash forward to now, you have kids who have been forced the delusional idea that they can be “whatever they want” (a whole other discussion) but a credit industry that has tapped straight into that delusion to create a massive industry that actually helps people sell personal goals short and ultimately drives them into debt.

    It’s all sick. And I think it’s the root of tons of crap nowadays.

    If they can’t talk about RFID someone should definitely at least persistently educate high school and college age kids about the realities of credit. This whole recession we’re in is rooted in that; this is the time it has to happen.

  21. WeightedCompanionCube says:

    the one kind of RFID I do not want is contactless payment. I don’t mind ones that can only be used in one place or one time (door access, product tags)… Picking my pocket from 20 feet away? No thanks.

    Although plain credit cards aren’t any better. Myself and just about eveyone I know has had their number stolen somehow.
    rfid might be hackable, but there no security at all on a printed number and mag stripe.

  22. Antinous says:

    Of course, sans credit cards means sans credit rating for the most part. You probably couldn’t buy a house. You might even have a hard time renting when prospective landlords run your credit report and you turn up as a blank space. If you’re uninsured, you’re in for a rude shock when you have an emergency room visit, because the first thing that they’ll ask for is a credit card. And that’s an even bigger deal if you’re abroad, especially in a country where dying in the gutter is the social norm.

    I use my credit cards for everything. Can they track me? Yes. Could I mobilize $100K in an emergency? Yup. Sometimes credit is life or death. I’ve seen it.

  23. Kevin says:

    One important note — having a credit card, even if you only rarely use it and pay it off immediately each time, is a strong contributor to having a good credit score.

    I don’t use credit cards either. Hopefully I’ll never be in a position where I feel like I need one.

    So you never make a purchase online? travel further than a day’s drive? stay in a hotel? Travel to another country?

    Why would I want to get mixed-up with those credit card shysters?

    Working to pay off credit card debt amounts to indentured servitude. Cut the chains. Live free. Stop trying to keep up with the Joneses, because they’re neck-deep in debt, too.

    Having a credit card or two doesn’t have to be synonymous with having no self control.

    I use credit cards, but never carry a balance, have no “credit card debt” to worry about.

    Budgeted spending money sits safely in a high-interest bank account, I not only earn interest on $$$ I would otherwise carry around in cash, but also get between 1% and 3% cash back on purchases; by paying off the balance each month, I actually come out on credit card use.

    With cash, any problems with a purchase, I am SOL, if I lose cash, it is gone. Credit cards offer free warranty extension, buyer protection, zero liability for fraudulent purchases, and automatic SMS alerts for any transaction over a dollar amount of my choosing.

    Cut up all your credit cards. Pay cash. Buy only what you can afford, or save up for larger items. Live within your means. Show people how your life is brilliant and happy and worry-free. Encourage everyone you know to undergo the same transformation.


    I’ve never had a credit card, have been debt-free for three years and have a loving wife, a 4-year old stepson and a son on the way. No car, either.

    Good for you.

    I have three credit cards, three cars, and no kids and no debt. So what?

    Again, being empowered to get stuff now and pay for it later doesn’t force you to live beyond your means. That is your decision, not the bank’s.

  24. Jack says:

    @#28 POSTED BY KEVIN:

    One important note — having a credit card, even if you only rarely use it and pay it off immediately each time, is a strong contributor to having a good credit score.

    That’s what I always thought as well, but it’s not the case. You actually get a higher credit rating if you hold a monthly balance and pay off a good chunk of it but NOT pay off all of it.

    There was an NPR piece on it a few months ago, but if this is any clue, friends of mine in the credit business routinely call people who pay off their full balance each month “deadbeats”.

    You see, credit card companies don’t make money off of payments. They make money off of interest and fees and someone who screws up and pays fees and interest is actually a good customer.

    It’s a sick business. And maybe the solution is simply to push the card transaction business towards the debit model. But still retaining credit for major purchases.

    So if someone buys something for $500 or less, that’s debit.

    $501 or more, that’s credit.

    There is a need for money-less transactions. But the current model is open for abuse on many levels.

  25. redemmie says:

    Aw, I wanted to hear more about the pizza oven.

  26. themindfantastic says:

    Having RFID shown to be seriously pwned by what could be an 8 year old on a top rated show which is popular amongst 8 year olds (and just about everyone else) yeah I can see how the credit card companies would slam on that. It would not just show them with their pants down, but show how everyone can bend them over their knees and give them 200 whacks each. But for the goals of security, science, progress, and development, that is serious interference and just plain wrong, but corps and the lawyers for corps have never felt that to be a hindrance to doing whats best for them.

  27. Gaudeamus says:

    I admit to having some debt, but I haven’t used a credit card in some years. In trying to get my finances together I have learned (slowly and painfully) to live within my means. I had considered getting a credit card to use for small purchases to rebuild my credit, and paying off the balance each month but then I found out that some companies actually charge customers for paying their balance off each month. It’s kind of scary when a business will penalize their customers for being responsible. I’ll stick with debit.

    As far as the rfid thing, I can’t believe they stopped the segment. It seems ridiculous that a show which is educational could have its content blocked not for being wrong or gratuitously offensive but for telling the truth about a very real safety concern to credit card customers. Kind of makes me wonder if those credit card companies are banking on poor schmucks having to pay off ridiculous balances they didn’t actually run up, or perhaps a wave of rfid-related thefts as the technology grows more popular will make credit card companies commit slow suicide.

  28. EncarnacionFlor says:

    Hurrah and congratulations to Mr. Savage for his dedication to the truth. Keep listening, and you will hear him say some things not easy to say, but gutsy nonetheless. Good on him, and may he be blessed with more good work.

  29. jdg says:

    Jack has it right, except it’s not just credit cards. The entire banking system is funded largely by “penalties” such as bounced check fees, and there is nothing in the law to keep banks from imposing as many of them and making them as large as they want.

    The banking industry has become just like its illegal competitors, the “loan sharks”. Once in a while you have no alternative but to go to one, but if you do it voluntarily, you’ve asked for the fleecing you’re going to get.

    Don’t expect government to solve this problem, they rely on the same methods to pay their own bills. If government ever regulates banking, it will be to protect the crooks who run it, not to protect us from them.

  30. Jack says:

    @#34 Mello Clello:
    We have EFTPOS in the U.S., but we simply call it a “Debit Card”. People use them but the catch-22 is many banks don’t warn if your account is low with debit cards. So you can technically pay for something that costs more than what you have in your account… And your bank will happily pay the full amount of the transaction and assess an “overdrawn” fee on top of that. Basically, getting you another way.

    In New Zealand, does the EFTPOS system warn you if your funds are low?

  31. Jack says:

    Thanks, JDG. But here’s a thing people need to realize: All banks have always had fees for everything. From asking a question, to making change, to getting a balance. But prior to online banking being the rage, most banks didn’t strictly enforce any of these fees in any way. If anything these fees were there to use only in the most extreme circumstances when dealing with an irate customer.

    Now, it’s all online and/or via ATM. So they can tack on as many fees as possible. Heck, ATM fees are truly insane and robbery.

    In my case I opened a bank account in person and the representative was very high on getting me to use online bill paying. I’m old enough to mainly be into checks, so I never used it. But the one month I did, I got slammed with some BS “excessive online transaction” fee of $10 or so that is supposedly government imposed.

    So let me get this straight: If I pay online I save on postage and mailing costs, but I will be penalized by the bank because of a government regulation regarding excessive fees?

    Nice scam. Instead of me supporting a store that sells the envelopes, the post office and others in the effort to mail a check, now I simply do it electronically and then I get slammed for making THEIR life easier?

    That’s what I’d like to call horse feathers.

    I’m going to be writing checks until some robot I can’t stop or destroy forces me to stop using them.

  32. Takuan says:

    their pants have been down for years and they don’t care.

    Gee…..I wonder…..what do you suppose…. imagine if there were some way for masses of people to communicate freely and cheaply. Suppose they all agreed to pick a credit card company that month and all withhold their payments. Can you imagine the cash flow problem that would create for that credit card company if a large percentage of victims all paid slow that month? I guess they’d count on the extra interest charges, but do you think all the rest of the money-changing community wouldn’t exploit that blood in the water?

  33. EH says:

    So can we look forward to a Mythbusters episode on whether and how credit cards are more convenient and safer than cash, vulnerabilities included? How about one on the corporate effect on their show?

  34. anthropomorphictoast says:

    I <3 the Mythbusters…those guys rock! :D

  35. Tomas says:

    Sad that the CC companies were able to kill the public release of information vital to their customers – to bad there doesn’t seem to be anyone, even at the government level, who is willing to take them on… :o(

  36. PaulR says:

    Update as of Sept. 3rd. from Adam Savage, via CNET:

    “There’s been a lot of talk about this RFID thing, and I have to admit that I got some of my facts wrong, as I wasn’t on that story, and as I said on the video, I wasn’t actually in on the call,” Savage said in the statement.

    http://news.cnet.com/8301-13772_3-10031601-52.html

    However, someone DID look into them here:
    Vulnerabilities in First-Generation RFID-enabled
    Credit Cards
    http://prisms.cs.umass.edu/~kevinfu/papers/RFID-CC-manuscript.pdf

    From the abstract:
    “Using samples from a variety of RFID-enabled credit cards, our study observes that (1) the cardholder’s name and often credit card number and expiration are leaked in plaintext to unauthenticated readers, (2) our homemade device costing around $150 effectively clones one type of skimmed cards — providing a proof-of-concept of the RF replay attack for cards, (3) information revealed by the RFID transmission cross contaminates the security of non-RFID payment media, and (4) RFID-enabled credit cards are susceptible in various degrees to a range of other traditional RFID attacks such as skimming and relaying.”

  37. Shawn Wolfe says:

    Why y’alls hatin on the mark of the beast right now??

  38. Clay says:

    @34 The nice thing about debit cards in the US (at least the ones from regional banks I’ve used) is that you can use them inside the credit card system, so the payment is immediate and you don’t rack up a debt, but it’s still accepted anywhere and you’re protected through the CC company’s anti-fraud programs.

    Also, off topic, but Teresa, if you happen to read this: Have you guys ever considered the possibility of implementing a threaded comment system? More and more I see really interesting discussions like this pop up at BB that diverge a bit from the original post but can get mixed up a bit with a number of discussions taking place all in a linear space.

  39. GammaBlog says:

    Adam has such a bubbly personality that even bad news is entertaining. I love that show.

  40. Willirubin says:

    huh, how about that. I wondered why the TV listing mentioned RFID the other day, but the episode was actually something different. Now I know!

  41. mello clello says:

    We all use EFTPOS here in New Zealand. Really, like 60% of the people I served today used it. Perhaps 10% used credit and the rest used cash. Why don’t you have it in the States? Did the big credit companies put the stamp on it, or something?

  42. LYNDON says:

    This is not a free speech issue. The Mythbusters are free to make the episode if they wish. However, they are not guaranteed access to a nationwide, for-profit video distribution network.

    Yeah, but I assume Discovery would have run the episode if they hadn’t been heavied, so it might be an issue for them. It’s not a state restriction on free speech (except in that the law allows unjustified legal threats and I don’t see how you’d stop it) but to my mind the cap still fits.

    It’s also a media freedom issue. You don’t want to be living in a country where factual media face ruin for trying to tell the truth.

  43. Thebes says:

    How about a Myth Busters episode on the existence (or lack) of free speech in Amerika?

  44. Anonymous says:

    There have been a number of comments here on local ID vs. payment with RFID tags. However, its soon to get even worse.

    The TSA is about to require everyone who enters certain secure areas near “ports” (the legal definition of port is much broader than one would think) to carry RFID based ID tags that will contain more than enough personal info to enable ID theft. That one is really scary.

  45. Eric D says:

    How wide spread is use of RFIDs in credit cards? I don’t think I’ve ever seen one.

Leave a Reply