Cloning RFID Chips Made by HID
Remember the Cisco fiasco from BlackHat 2005? Next in the stupid box is RFID-card manufacturer HID, who has prevented Chris Paget from presenting research on how to clone those cards.
Won’t these companies ever learn? HID won’t prevent the public from learning about the vulnerability, and they will end up looking like heavy handed goons. And it’s not even secret; Paget demonstrated the attack to me and others at the RSA Conference last month.
There’s a difference between a security flaw and information about a security flaw; HID needs to fix the first and not worry about the second. Full disclosure benefits us all.
EDITED TO ADD (2/28): The ACLU is presenting instead.
nedu • February 28, 2007 12:32 PM
Nicolo Ozer, Technology and Civil Liberties Policy Director for the ACLU of Northern California will be presenting at BlackHat in place of the IOActive researchers.
http://www.aclunc.org/issues/technology/bytes_and_pieces/blackhat_presenters_threatened_with_patent_suit_for_exposing_rfid_vulnerabilities.shtml
Her presentation is at 1:45pm, Wednesday.