February 27, 2007 9:30 AM PST
Nixed: Black Hat talk on RFID access badge risks
- Related Stories
Black Hat: Privacy risk in e-PassportsAugust 8, 2006
Researchers: E-passports pose security riskAugust 5, 2006
FBI calls for hacker helpAugust 2, 2006
Tech industry attacks state anti-RFID lawsApril 19, 2006
Lining up the defenseJuly 30, 2004
RFID tags become hacker targetJuly 28, 2004
Researchers from security services firm IOActive planned to demonstrate that the commonly used identification cards can easily be duplicated, posing a serious risk to those who rely on such systems for security.
The talk, slated for Wednesday at the Black Hat DC Briefings & Training event in Arlington, Va., was canceled Tuesday after IOActive said it received legal threats from HID Global, a major seller of access control systems.
"We can't go forward with the threat of litigation hanging over our small company," Joshua Pennell, IOActive's chief executive, said in a conference call with reporters Tuesday.
HID said in a statement late Tuesday that it did not threaten IOActive to stop its presentation at the Black Hat event.
"HID Global, acting in the best interests of its customers worldwide, simply informed IOActive and its management of the patents that currently protect HID Global intellectual property," the company said.
Additionally, HID said it was surprised that the Black Hat talk was called off and that it was blamed. The company also acknowledged that RFID cards can be cloned.
"It may be possible, under certain conditions, to clone a proximity card," HID said. For added security, use of such cards could be complemented by additional security systems such as cameras and biometrics, it said.
"As a consequence...IOActive has withdrawn its presentation," the company said in a statement on its Web site, declining to give further details about its scrapped conference session.
The concept behind IOActive's presentation is not new. RFID security is regularly scrutinized. In fact, at last year's Black Hat Briefings in Las Vegas, a German security researcher showed how passports equipped with the radio tags could be cloned. The same researcher said this could also be done with building access cards.
Black Hat is getting a reputation for having talks canceled at the last minute because of legal threats. A presentation on vulnerabilities in Cisco Systems' software at the 2005 event in Las Vegas was pulled because of legal threats from the networking giant. The presenter famously delivered his talk anyway.
"I don't like it when really big companies throw their weight around," Jeff Moss, founder of Black Hat conferences, said on the Tuesday conference call. "This threatens the whole conference business."
"It is deja vu," Moss said, referring to Black Hat having to revise parts of its conference materials because of the last-minute change. "It certainly screwed up our conference scheduling."
10 commentsJoin the conversation! Add your comment