Bill’s Security Blog

Snip from:
http://www.infoworld.com/article/07/02/27/HNioactiverfid_1.html

By Paul F. Roberts
February 27, 2007

A planned talk on RFID security by a security researcher has been pulled from this week’s Black Hat Federal security conference after secure card maker HID claimed the talk violated the company’s patent rights and threatened to take legal action against Chris Paget, the researcher, and IOActive, Paget’s employer, if the talk went forward.

The company decided to cancel the talk after all-night negotiations with HID collapsed, said Josh Pennell, CEO of IOActive. In response, Black Hat organizers were forced to tear materials out of printed show proceedings and will instead present a discussion by a representative of the ACLU on the criticality of RFID security, said Jeff Moss, founder and director of Black Hat.

We’ve seen this before.

Sad.  Truly sad.

Though I think HID has a right to try to protect it’s brand, the fact of the matter is that attacks against RFID are pretty much vendor neutral.

In any event.  The sad reality for HID is that this incident alone will be enough to draw the attention of researchers who are not subject to threat under US patent law.

RFID vendors are scared out of their minds about this kind of information getting out because there is very little that can be done to secure RFID systems.

Companies like HID are making millions selling these chips as cure-alls, when the best they can be is one (small, fragile) link in the chain of defense in depth.

Bill

This entry was posted on Sunday, March 4th, 2007 at 9:10 am and is filed under RFID. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.