All the latest UK technology news, reviews and analysis
|
|
|
28 Feb 2007
Security consultancy firm IOActive has cancelled a planned RFID hacking demonstration at the Black Hat security show in Washington this week after pressure from RFID vendor HID Global.
The presentation was scheduled to cover the security challenges associated with radio frequency identification technology.
IOActive intended to show off a home-built RFID cloner, a simple device that is able to pick up and copy the RFID signal from a key card.
A criminal could use such a device to copy an electronic door key, for example, and gain access to secured areas.
"The concepts behind this attack are not new. Indeed, most of our efforts in validating the effectiveness and ease of this attack involved reviewing research already performed by others in this area," said IOActive president Joshua Pennell.
He pointed out that HID Global has itself highlighted vulnerabilities in its proximity badge technologies in company marketing material.
"As a consequence, and under advice of counsel, IOActive has withdrawn its presentation at the Black Hat Briefings in order to address the demands of HID Global, and to protect IOActive's researchers from adverse action," said Pennell.
Kathleen Carroll, director of government relations at HID Global, claimed that the company was not looking to gag the researchers and did not object to the demonstration in general.
HID Global had requested only that IOActive perform the demonstration in a way that would not infringe on its intellectual property, according to Carroll.
"We gave them an opportunity to give a demonstration, and we gave them guidelines so that they could go ahead and do the demo," Carroll told vnunet.com.
"HID Global has never denied that there was not an opportunity for the cards to be cloned."
The case has echoes of Cisco's legal strong-arming against an ISS researcher in July 2005. ISS has since been acquired by IBM.
Former ISS researcher Michael Lynn was hit with a restraining order at the 2006 Black Hat conference in Las Vegas after he demonstrated how to use a known security exploit in Cisco's Internet Operating System (IOS) to bring down a router.
Lynn was originally scheduled to give the presentation as an ISS employee. After the security company made a last minute decision to cancel the talk, Lynn quit his job and proceeded with the presentation.
Cisco's legal case was built around the fact that ISS had infringed on its intellectual property by reverse engineering IOS code. Reverse engineering is illegal under the Digital Millennium Copyright Act.
Cisco later said that it did not object to the research, but took issue with the fact that the presentation could have helped attackers to hit Cisco customers' networks.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Java / J2EE analyst programmer with experience of building...
Crystal Reports Developer London or Dublin £340 per day...
Our client is a major Broadcasting company seeking a...
Support Engineer required to work for leading Online...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Bad legal claim in article
"Reverse engineering is illegal under the Digital Millennium Copyright Act." Um... No? Reverse engineering for the purpose of copyright circumventing may be illegal, but reverse engineering itself isn't illegal. Please correct (or ask a lawyer, then correct). DA
Posted by: DA 28 Feb 2007