Previous entries
Next entries

February 27th, 2007

Legal Threats Over Black Hat RFID Presentation

By Jimmy Daniels
Contributing Writer, RealTechNews

“Secure” card maker HID Corp. is complaining and making legal threats about a presentation at this week’s Black Hat Federal security conference, saying that it could make it easy to clone many proximity door access cards. The presentation is going to address security issues with RFID proximity cards that are made by HID and other companies for such things as secure building access, he will demonstrate how easy it is to steal access codes, store them and then use them to fool the card reader.

“These systems are installed all over the place. It’s not just HID, but lots of companies, and there hasn’t been a problem. Now we’ve got a person who’s saying let’s get publicity for our company and show everyone how to do it, and it puts everyone at risk. Where’s the sense of responsibility?” Carroll said.

Asked why HID hasn’t addressed the issue in more recent proximity card systems, after knowledge of RFID threats became common, Carroll said that doing so would cause “major upheaval” among customers.

Inertia is a more likely cause, said Dan Kaminsky, director of penetration testing at IOActive. Source: Battle brewing over RFID chip-hacking demo

We Say: Where is the sense of responsibility indeed. If everyone is at risk, but not everyone knows about it, why not fix it before everyone does? The main reason in this case is probably backwards compatibility and loss of revenue, as existing customers would have to upgrade, and, heck, they still have stuff to sell them.

Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • digg
  • Fark
  • NewsVine
  • Reddit
  • YahooMyWeb
You can leave a comment, or trackback from your own site. RSS 2.0

2 comments to "Legal Threats Over Black Hat RFID Presentation"

  1. Adam Davis says:

    HID should turn this around to their advantage:

    “We recognized that eventually our security solution would be compromised, and have actively worked to develop the next generation of security access and authorization products. They are drop-in replacements for existing card readers, will read the old cards and act accordingly so organization may make an easy transition. Some organization may choose to keep the older, less secure cards for areas and employees that don’t need highly encrypted access, while deploying our uber-secure solution to those areas and employees most at risk.”

    Then they make a mint with customers upgrading. Every company is in the same boat - it isn’t a question of preventing the information getting out, it’s a question of appearing to pro actively and adequately fixing the “new” problem.

    -Adam

    February 28th, 2007 at 6:38 am

  2. John says:

    Nice try, but NO. HID should go out of business for making a lack luster product. Plain and simple. Nothing would do better to teach a company like this a lesson. They promised security and obviously didn’t deliver.

    March 7th, 2007 at 10:12 am

Leave a comment