Fresh from their success at Nvision, Adam Savage and Jamie Hyneman – better known as the Mythbusters – have found themselves in the middle of a global conspiracy conducted by major credit-card corporations. At least, if Adam's comments at a recent conference are true.
According to CNet, Savage was asked by an audience member at an un-named conference why the team – which host a show aimed at testing common myths in an often explosive manner – had never tested the well-publicised vulnerabilities of RFID chips, including the well-known (and well-cracked) MiFare Classic.
In a video of the conference, Savage details a call which took place between Tory Belleci – a member of the show's B-team – and Texas Instruments as part of the research carried out ahead of a planned RFID-busting episode. Sadly, Belleci got more than he bargained for: as well as Texas Instruments, the call featured the chief legal councils for American Express, Visa, Discover, and “everyone else” which left the team feeling “way, way out-gunned.”
In a fit of foot-stomping reminiscent of the recent court-ordered ban on a talk regarding the vulnerabilities in the MiFare Classic-based CharlieCard transport payment system, the Discovery Channel – which owns the show – were told in no uncertain terms that “they were not going to air this episode talking about how hackable this stuff was, and Discovery backed way down, being a large corporation that depends on the revenue of the advertisers.” Savage continues with the explanation that the idea of an RFID-busting show is now “on Discovery's radar and they won't let us go near it.”
Bad news for a show which has, in the past, demonstrated shortcomings in PIR-based security systems, tumbler-based safes, and top-end biometric locking systems: especially when one considers that hiding the truth about RFID's security issues isn't going particularly well. As has been demonstrated so very many times in the past, security through obscurity is no security at all.
Texas Instruments, on the other hand, recalls the conversation very differently. In a statement, the company claims that the credit card companies were only involved “to help Mythbusters get the right information,” and that only “one contactless payment company's legal counsel member” was involved. The company further asserts that “technical questions were asked and answered” and that it was waiting “for Mythbusters to let us know when they were planning on showing the segment” when they heard “that the storyline had changed and they were pursuing a different angle which did not require our help.”
http://www.bit-tech....pisode-banned/1
Thanks to the good Doctor for this one.
Thankfully, I've got enough sense to stay the hell away from getting a credit card (something about a card that lets you stick huge volumes of debt on it seems rather bad for me, to me), but if they've got huge and well-known security vunerabilities, you'd think it might be in the public interest to hear. Just my thinking, you know.