[Infowarrior] - Nixed: Black Hat talk on RFID access badge risks

Richard Forno rforno at infowarrior.org
Tue Feb 27 14:29:03 EST 2007 

Nixed: Black Hat talk on RFID access badge risks

By Joris Evers
http://news.com.com/Nixed+Black+Hat+talk+on+RFID+access+badge+risks/2100-102
9_3-6162547.html

Story last modified Tue Feb 27 10:29:46 PST 2007

Security researchers have canceled a talk on the flaws of RFID-equipped
building access badges after receiving legal threats from a major
manufacturer.

Researchers from security services firm IOActive planned to demonstrate that
the commonly used identification cards can easily be duplicated, posing a
serious risk to those who rely on such systems for security.

The talk, slated for Wednesday at the Black Hat DC Briefings & Training
event in Arlington, Va., was canceled Tuesday after IOActive said it
received legal threats from HID Global, a major seller of access control
systems.

"We can't go forward with the threat of litigation hanging over our small
company," Joshua Pennell, IOActive's chief executive, said in a conference
call with reporters Tuesday.

An HID representative could not immediately be reached for comment.

According to IOActive, HID charged that the planned presentation infringed
its intellectual property, U.S. patents 5,041,826 and 5,166,676 in
particular.

"As a consequence...IOActive has withdrawn its presentation," the company
said in a statement on its Web site, declining to give further details about
its scrapped conference session.

The concept behind IOActive's presentation is not new. RFID security is
regularly scrutinized. In fact, at last year's Black Hat Briefings in Las
Vegas, a German security researcher showed how passports equipped with the
radio tags could be cloned. The same researcher said this could also be done
with building access cards.

Black Hat is getting a reputation for having talks canceled at the last
minute because of legal threats. A presentation on vulnerabilities in Cisco
Systems' software at the 2005 event in Las Vegas was pulled because of legal
threats from the networking giant. The presenter famously delivered his talk
anyway.

"I don't like it when really big companies throw their weight around," Jeff
Moss, founder of Black Hat conferences, said on the Tuesday conference call.
"This threatens the whole conference business."

"It is deja vu," Moss said, referring to Black Hat having to revise parts of
its conference materials because of the last-minute change. "It certainly
screwed up our conference scheduling."

More information about the Infowarrior mailing list