Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Black Hat event highlights RFID and VoIP security threats

Conference attendees also get a lesson in de-perimeterization.
By Ellen Messmer , Network World , 08/01/2005
Newsletter Signup
  • Share/Email
  • Tweet This
  • Comment
  • Print

LAS VEGAS - The Black Hat conference - an annual event where security professionals get in touch with their inner hacker and vice versa - has for nine years been a stage for detailing new security exploits and sharing visions of the future.

News last week was dominated by the saga of security researcher Michael Lynn , who defied his employer Internet Security Systems by delivering a forbidden presentation on hacking unpatched Cisco routers - and was subsequently sued by ISS and Cisco. But Black Hat had much more, including:

  • Phil Zimmerman, the fabled inventor of Pretty Good Privacy (PGP) encryption for e-mail, unveiled plans to bring encryption to VoIP phones.

  • The Jericho Forum , a group of multinational corporations that want to better secure e-commerce by pushing security controls further into networks and away from the perimeter, showcased technologies it said represent that vision.

  • Throughout the conference, security experts showed how easy it could be to disrupt wireless networks or pillage data repositories.

Among the darker demonstrations, Kevin Mahaffey, director of development at Flexilis, operated a radio-based voltage-controller oscillator that acted as a disrupter that could shoot a frequency beam at an RFID reader. As it emitted a shrill whine, the RFID disrupter jammed the reader or eliminated a comprehensive reading of RFID tags, which in actual use could play havoc with supply-chain operations using the tags.

"This can take away the ability to read tags reliably," Mahaffey said. He added that there also are ways to sniff RFID tags, clone the information and commit fraud by wrongly tagging goods. Use of public-key encryption would likely be the best way to counter or identify these types of threats, but this is still rare in the RFID world.

Experts on the panel suggested that although the threat appears minor at this point, it is a cause for concern.

Paul Simmonds, chief information security officer at chemical and paints manufacturer ICI in the U.K., said corporations in retailing and the grocery industry use RFID tags to speed delivery of goods so they don't have to unpack them to identify them.

De-perimeterization contest winners
Jericho Forum sought entries that best reflected the vision of moving security controls away from the network perimeter and more deeply into the intranet.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed