Cloning RFID Chips Made by HID
Remember the Cisco fiasco from BlackHat 2005? Next in the stupid box is RFID-card manufacturer HID, who has prevented Chris Paget from presenting research on how to clone those cards.
Won’t these companies ever learn? HID won’t prevent the public from learning about the vulnerability, and they will end up looking like heavy handed goons. And it’s not even secret; Paget demonstrated the attack to me and others at the RSA Conference last month.
There’s a difference between a security flaw and information about a security flaw; HID needs to fix the first and not worry about the second. Full disclosure benefits us all.
EDITED TO ADD (2/28): The ACLU is presenting instead.
Leave a comment