Kill the Messenger: RFID Cloning Demo Canceled- Make that Cutback - at Black Hat (Update)
SearchSecurity is reporting that a demonstration on how to clone RFID authentication and authorization devices with $20 worth of equipment has been cancelled. (Black Hat presenter nixes RFID cloning demo under pressure). It seems HID Corp, the manufacturer, is worried about protecting its intellectual property and pressured Chris Paget to cancel the demo.
The firm sent a letter to Paget citing intellectual property concerns. Paget said that the presentation would open up IOActive to litigation on the grounds that some of the device technology is patented.
As Ronald Regan would say, here they go again. So are we to assume that no one else will figure out how to clone RFID devices? Is quelling one presentation going to protect intellectual property that can be compromsied with $20 worth of equipment? The real issue are the strengths and weaknesses of RFID technologies.
We should debate how best to use RFID devices and we should understand their limits, inluding how they can be comprimised. We all know that no technology is perfect but sticking our heads in the sand and pretending that discussing the details of that fact will comprimise security or intellectual property is a mistake. And frankly, how much is this intellectual property worth if it can be compromised so easily?
Update: Paget gave a trimmed down version of his talk at Black Hat; see telling photos at http://weblog.infoworld.com/techwatch/archives/010486.html
One more thing, we have a assembled all articles published at this site for the last six months into a single, easily downloaded PDF file. The Messaging and Web Security Essential Series provides useful information on a range of topics, from email compliance and combating spam to vulnerability scanning and Web application testing. We hope you find it useful.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
