Tuesday, September 2, 2008

Credit Card Companies Hide RFID Vulnerabilites

TechDirt has a write-up and video about how our friends from Mythbusters wanted to do some material on how vulnerable those RFID chips, like the ones on your credit and debit cards, can be, but when they scheduled a meeting, more lawyers than scientists were on the line.

Discovery Channel, being a business, knuckled under to American Express, VISA, Discover, and the rest, and it doesn't sound like the Mythbusters have any thoughts of exploring the topic in the future.

I've written often of the fallacy of security by obscurity. Do you think the bad guys don't know how vulnerable RFID is, or that they aren't already either leveraging or creating tools to take advantage?

When companies hide things like this, what they are really saying is that they don't want to know, because then you might just demand they take steps to protect you, your personal information, and all the money that's in your account that can be drained by someone standing beside you at the subway stop, sucking your account data out of your wallet with a portable RFID scanner.


Update 9/4/08: Adam Savage from Mythbusters is now backtracking big-time on this. When Texas Instruments and others who were involved heard the tale from Adam's perspective, they disputed his version. Adam now claims the reasons they didn't report on RFID security were too zany to either be explained or believed, but he's calling the opposition's version "factually accurate". BUSTED!

No comments:

Post a Comment

Please tell me what you think.