Get Smart about Business Spending
- Related Stories
-
Black Hat: Privacy risk in e-Passports
August 8, 2006 -
Researchers: E-passports pose security risk
August 5, 2006 -
FBI calls for hacker help
August 2, 2006 -
Tech industry attacks state anti-RFID laws
April 19, 2006 -
Lining up the defense
July 30, 2004 -
RFID tags become hacker target
July 28, 2004
Researchers from security services firm IOActive planned to demonstrate that the commonly used identification cards can easily be duplicated, posing a serious risk to those who rely on such systems for security.
The talk, slated for Wednesday at the Black Hat DC Briefings & Training event in Arlington, Va., was canceled Tuesday after IOActive said it received legal threats from HID Global, a major seller of access control systems.
"We can't go forward with the threat of litigation hanging over our small company," Joshua Pennell, IOActive's chief executive, said in a conference call with reporters Tuesday.
HID said in a statement late Tuesday that it did not threaten IOActive to stop its presentation at the Black Hat event.
"HID Global, acting in the best interests of its customers worldwide, simply informed IOActive and its management of the patents that currently protect HID Global intellectual property," the company said.
Additionally, HID said it was surprised that the Black Hat talk was called off and that it was blamed. The company also acknowledged that RFID cards can be cloned.
"It may be possible, under certain conditions, to clone a proximity card," HID said. For added security, use of such cards could be complemented by additional security systems such as cameras and biometrics, it said.
According to IOActive, HID charged that the planned presentation infringed its intellectual property, U.S. patents 5,041,826 and 5,166,676 in particular.
"As a consequence...IOActive has withdrawn its presentation," the company said in a statement on its Web site, declining to give further details about its scrapped conference session.
The concept behind IOActive's presentation is not new. RFID security is regularly scrutinized. In fact, at last year's Black Hat Briefings in Las Vegas, a German security researcher showed how passports equipped with the radio tags could be cloned. The same researcher said this could also be done with building access cards.
Black Hat is getting a reputation for having talks canceled at the last minute because of legal threats. A presentation on vulnerabilities in Cisco Systems' software at the 2005 event in Las Vegas was pulled because of legal threats from the networking giant. The presenter famously delivered his talk anyway.
"I don't like it when really big companies throw their weight around," Jeff Moss, founder of Black Hat conferences, said on the Tuesday conference call. "This threatens the whole conference business."
"It is deja vu," Moss said, referring to Black Hat having to revise parts of its conference materials because of the last-minute change. "It certainly screwed up our conference scheduling."
See more CNET content tagged:
Black Hat, RFID, researcher, conference, threat
Nice. :-(
R.
sidenote~
Mike Lynn gets props for his talk, and so does Raven for backing it up at DefCon.
1. Some black hat will hack the computer with the powerpoint and distribute it across the internet.
2. They can go visit the HID headquarters. What? You can't get in without an RFID badge. Prize to whoever gets into their server room first.
And that would also mean 'false and mis-leading advertising'.
Hmm? That would mean that they (mfg) of such security items
could/would be held accountable.
Just wondering?
With that in mind who would want their products?
If you have to use ancillary security measures to ensure that their product hasn't been hacked then whay not just use mag-cards and have an officer posted at the door?
Surely someone that has the intent on exploiting their product's vulnerabilities to gain access to a building is not going to care about patent litigation.
- ID cardholder can minimize RFID security risks
- by smarttools February 28, 2007 9:03 AM PST
- You can minimize the threat of cloning or eavesdropping in any RFID enabled cards (e.g., ID cards or credit cards).
- Like this Reply to this comment
-
-
- Why bother with them then?
- by nuckelhedd March 5, 2007 7:42 AM PST
- All you need to do is make sure you have the only key and that nobody ever touches the lock and if you keep the key in a locked box with someone else holding the kay to that box and then you weld the lockbox to the ceiling of another building that someone else has the key to and yoyu have a secret handshake for the people who need to get in to the buildings and the a secret password then every time someone needs access to the bathroom you can be sure they belong there. That's how ludicrous the idea of special sleeves and adding biometrics and talking dogs and crap is. The technology sucks better to not even use it unless of course it's running on Windows Vista in which case it woun't let it work anyay.
- Like this
-
(9 Comments)Smart Tools' RFID Shield is a protective sleeve for RFID cards. This blocks RFID while the card is in the sleeve, and lets RFID talk again when the card is removed.
To have minimal stray RFID communication, you'd keep the ID card in the sleeve until you're next to the reader, then remove the ID card only so far that the reader can read the RFID'd ID card. This keeps long distance (or 3rd party) RFID communication probability low.
Even when the ID card is RFID blocked, the front face of the ID card is still readable. This helps if you need to show your ID card to somebody.
There's more info at:
http://smarttools.home.att.net/rfshield.htm