RFID Hacking Presentation Draws Legal Threats

HID Global asserted that a presentation proposed by IOActive infringed upon HID's intellectual property.

ITPro Today

February 28, 2007

2 Min Read
ITPro Today logo in a gray background | ITPro Today

IOActive, a consulting firm that specializes in information risk management and application security analysis, was slated to give a presentation on RFID hacking at the Black Hat DC Briefings this week; however the presentation has been withdrawn due to controversy.

Joshua J. Pennell, founder and president of IOActive, said that "IOActive's researchers explored the security aspects of proximity badge technology [based on RFID chips], they became interested in validating long-standing theoretical attacks, taking them out of the academic realm, and verifying through actual implementation that such attacks might be practical and easily carried out." The researchers based their work on a specifications white paper published by HID Global.

Over the past several years, RFID technology has been shown to be crackable in numerous instances, including in credit cards, secure area access cards, and even in British and Dutch passports.

IOActive said that its presentation was intended "to raise awareness among security practitioners regarding the vulnerabilities of this technology, and to highlight the idea that no technology should be the sole mitigating control protecting important organizational assets."

However, when HID caught wind of the presentation, the company requested that IOActive not give it. HID asserted that the presentation would subject IOActive to "liability for infringement of HID's intellectual property," according to Pennell. On the advice of its legal counsel, IOActive decided to not give the presentation.

Nicole Ozer, technology and civil liberties policy director at the American Civil Liberties Union (ACLU) of Northern California will speak in IOActive's alloted time slot at the Black Hat Briefings and hold a press conference after her presentation.

"The work of computer security professionals to reveal RFID vulnerabilities is integral to ensuring that the privacy, personal security, and public safety of millions of Americans are properly safeguarded.... The serious threats to privacy, personal and public safety, and financial security is why [the ACLU of Northern California] has been working to stop the use of insecure RFID tags in identification documents like passports and drivers' licenses, Ozer said.

About the Author

ITPro Today

ITPro Today

See more from ITPro Today
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

jobs key on keyboard
Career Management
IT Jobs Outlook 2025: Evolving Skills, AI, Workplace Flexibility Will Shape IT Workforce
IT Jobs Outlook 2025: Evolving Skills, AI, Workplace Flexibility Will Shape IT Workforce

Nov 20, 2024

an it pro is disappointed as a poster for sustainability is switched with one for financial results and garbage piles up next to a recycling bin
Green IT
How Do I Advocate for Green IT Without Being Dismissed as a Lorax?
How Do I Advocate for Green IT Without Being Dismissed as a Lorax?

Nov 27, 2024

person using a laptop with the Ubuntu logo on its scree
IT Operations
3 Simple Ways to Install and Run a Virtual Machine on Ubuntu
3 Simple Ways to Install and Run a Virtual Machine on Ubuntu

Nov 22, 2024

Exclusive ITPro Resources
See all ITPro Resources

Featured Technical Explainers

AI chip
Cloud Computing
Cloud vs. On-Prem AI Accelerators: Choosing the Best Fit for Your AI Workloads
Cloud vs. On-Prem AI Accelerators: Choosing the Best Fit for Your AI Workloads
SaaS concept on a tablet
Cloud Computing
Why SaaS Backup Matters: Protecting Data Beyond Vendor Guarantees
Why SaaS Backup Matters: Protecting Data Beyond Vendor Guarantees
DevOps logo on top of code
DevOps
DevOps: Key to Faster, More Efficient Government Software Development
DevOps: Key to Faster, More Efficient Government Software Development
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

Recent What Is

cartoon shows a person next to a checklist and several icons that represent disaster scenarios
Disaster Recovery
BCDR Basics: A Quick Reference Guide for Business Continuity & Disaster RecoveryBCDR Basics: A Quick Reference Guide for IT Pros
technology interface with a person's hand drawing gears and cogs
PowerShell
Introduction To PowerShell Environment VariablesIntroduction To PowerShell Environment Variables