Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Controversy over Black Hat Presentation

Posted by Zonk on from the black-hat-on-a-white-field dept.

uniquebydegrees writes "InfoWorld is reporting about a new controversy swirling around a planned presentation at Black Hat Federal in Washington D.C. this week. Security researcher Chris Paget of IOActive will demo an RFID hacking tool that can crack HID brand door access cards. HID Corp., which makes the cards, is miffed and is accusing IOActive of patent infringement over the presentation, recalling the legal wrangling over Michael Lynn's presentation of a Cisco IOS hole at Black Hat in 2005. Black Hat's Jeff Moss says they're standing by their speaker. A news conference is scheduled for tomorrow AM." Update: 02/27 20:10 GMT by Z :InfoWorldMike wrote with a link to story saying that the presentation has been pulled from the slate for Black Hat, as a result of this pressure.

3 of 144 comments (clear)

  1. HID has its head in the sand by doroshjt · · Score: 5, Interesting

    The comment "For someone to be able to surreptitiously read a card, they'd have to get within two or three inches and get into the same plane as the card," by Kathleen Carroll, a spokeswoman for HID's Government Relations. Thats not hard to do at all in the federal world. Ride the metro around 7:30 on a weekday and almost every person on it has a proximity badge around their neck or on the belt along with their ID badge. Its like showing the world your cool that you work at the agriculture department or something. But I've seen everything from State Department badges, treasury, and justice department badges on full display on super crowded metro trains.

  2. Re:What hack? by Lumpy · · Score: 5, Interesting

    also how is it new? I did this 2 years ago with a kit I bought off the net. It will read a prox card and clone it. I scared the crap out of the Director of security into actually enforcing security policy after demonstrating how his "uncrackable" card access security was incredibly easy to get by.

    --
    Do not look at laser with remaining good eye.
  3. Re:What hack? by peacefinder · · Score: 4, Interesting

    Basic HID Prox cards just report a serial number. HID also makes a version that has some cryptographic component, called iClass. When I spec'd a security system last year, I insisted on crypto-enabled cards and readers. (We ended up with HID's iClass.)

    If this is just a tool to clone HID Prox cards, then it's nothing new... but it'll make me look good to my boss. (Sweet!)

    If it's a tool to spoof iClass readers then it's new, a pretty big deal, and I just wasted a few thousand bucks. (Boo!)

    --
    With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd