search technology reviews, news, features, group tests
Popular Searches:   sony , free , canon
Mobile Edition  | 
 |  Register
 |  Newsletters  | 
Sitemap  |  RSS
RSS
Tuesday December 2, 2008 2:11 PM AEST
Skip Navigation LinksPC Authority > News > Security researcher gagged by RFID maker

Search News

Security researcher gagged by RFID maker

RELATED ARTICLES
Feb 28, 2007
Patent claim used to prevent RFID hacking demonstration.

Security consultancy firm IOActive has cancelled a planned RFID hacking demonstration at the Black Hat security show in Washington this week after pressure from RFID vendor HID Global.

The presentation was scheduled to cover security challenges associated with radio frequency identification (RFID) technology. IOActive among things intended to show off a home built RFID cloner, a simple device that is able to pick up and copy the RFID signal from a key card.

A criminal could use such a device to copy an electronic door key and gain access to secured areas.

"The concepts behind this attack are not new. Indeed, most of our efforts in validating the effectiveness and ease of this attack involved reviewing research already performed by others in this area," said IOActive president Joshua Pennell.

He pointed out that HID itself has highlighted vulnerabilities in its proximity badge technologies in company marketing materials.

"As a consequence, under advice of counsel, IOActive has withdrawn its presentation at the BlackHat Briefings, in order to address the demands of HID Global Corporation, and to protect IOActive's researchers from adverse action," Pennell said.

HID Global's director of government relations Kathleen Carroll stressed that the company wasn't looking to gag the researchers and didn't object to the demonstration in general. But it had requested that IOActive do this in a way that would not infringe on its intellectual property.

"We gave them an oppoprtunity to give a demonstration, we gave them guidelines so that they could go ahead and do the demo. HID has never denied that there wasn't an opportunity for the cards to be cloned," Carroll told vnunet.com.

The case reminds of Cisco's legal strong-arming against an ISS researcher in July 2005. ISS has since been acquired by IBM.

Michael Lynn at 2006 Black Hat conference in Las Vegas was hit with a restraining order after he demonstrated how to use a known security exploit in Cisco's Internet Operating System (IOS) to bring down a router.

The security expert was originally scheduled to give the presentation as an ISS employee. After the security company made a last minute decision to cancel the talk, Lynn quit his job and proceeded to make the presentation.

Cisco's legal case was built around the fact that ISS had infringed on its intellectual property by reverse engineering IOS code. Reverse engineering is illegal under the Digital Millennium Copyright Act. Cisco later said that it didn't object to the research, but took issue with the fact that presentation could have helped attackers to hit networks of Cisco customers.
Copyright © 2008 vnunet.com
Ads by Google

Be the first to comment on this article.

Login or register to submit a comment.


Popular
Your Comments
Most Discussed
" SirSquidness wrote: Oh, rly? How quite interesting. I wonder if it counts if you spend your ..."
on "Plasma ball with USB operated" review
by Slatts Dec 2, 2008 2:03 PM
 
"Logitech has taken the concept of a gamer's keyboard and pushed it much further than just ..."
on logitech g15 gamer keyboard
by chrismigx181 Dec 2, 2008 1:54 PM
enter forums »
Post a review to WIN $3000 worth of tech prizes - Register now!
 
 
PC Authority Lifestyle - Home Cinema

PC Authority Magazine

Issue: 133 | December, 2008

Australia's premier computer magazine, PC Authority gives you the facts, opinions and insight to make informed PC and tech purchasing decisions.


PC Authority Magazine

Article Topics