- Nokia's new N97 vs. the iPhone
- 10 Microsoft research projects
- Hard to get justice in MySpace case
- Smartphone smackdown: Storm vs. iPhone
- Apple removes antivirus support page
ARLINGTON, VA – IOActive, a small security consulting company, brought out some big guns to help defend itself against an RFID giant at the Black Hat conference here Wednesday.
Leveraging the American Civil Liberties Union (ACLU) and the U.S. Department of Homeland Security (DHS), IOActive hosted a panel discussion that turned into a pep rally to support the small company’s fight to disclose RFID security flaws that were detailed in a presentation RFID card vendor HID quashed.
IOActive’s director of research and development Chris Paget had originally planned to give a presentation entitled “RFID for Beginners,” containing source code and schematics for building a device that can read RFID cards. The point of the demonstration was to show the security weaknesses of RFID technology, including building access cards made by HID, according to show materials.
Following what IOActive described as threats of legal action from HID regarding patent infringement leading up to the conference, Paget instead gave an edited version of its presentation, eliminating portions regarding security flaws in the RFID. The presentation, which ended up being a basic explanation of how RFID works, was followed by a panel discussion with speeches from the ACLU regarding the security and privacy issues surrounding RFID and from DHS’ US Computer Emergency Readiness Team (US CERT) about the importance of disclosing security flaws in technology.
IOActive says its intent in preparing the original presentation was simply to illustrate the security weaknesses found in RFID tags that are widely used today for building access, on highways to pay tolls, and even to find lost pets. One of the types of cards that Paget’s cloner can read are made by HID.
“The whole goal of this presentation was to get the information out there about how easy it is to clone these cards,” said Paget.
HID caught wind of IOActive’s plans and asked the small company to specify exactly what it would present. When IOActive refused – believing that RFID security flaws had been well-known for a few years and therefore it didn’t need HID’s permission to give the presentation, according to company executives – HID would not sign a document promising no legal action. Fearing the expense and time of a legal entanglement, IOActive backed off.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment