Surprise: Attempt To Suppress Security Research Blows Up In Company's Face

from the instant-karma dept

The big story out of last week’s Black Hat security conference was that HID Global, a maker of RFID-based door entry cards, managed to prevent a demonstration of how their products were vulnerable to cloning. What made their threats particularly odious was their claim that the presenters were somehow engaging in patent infringement by demonstrating the attack. More broadly, however, this kind of intimidation is almost always a mistake. It only made the company look like bullies with something to hide. It seems that the company may already be paying the consequences for its heavy-handed actions, as the DHS is said to now be examining the vulnerability further. HID Global is now backtracking, saying that it never intended to prevent the presentation from happening, although they don’t seem to explain how everybody got that impression. Either way, any hope that the company had in keeping this threat quiet is now totally lost.


Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Surprise: Attempt To Suppress Security Research Blows Up In Company's Face”

Subscribe: RSS Leave a comment
9 Comments
Geoffrey Kidd says:

Hmmm...

If HID Global really wants to convince anybody that a claim of patent infringement and suing IOActive down to their belly-button lint wasn’t intended to prevent the demo, they’re going to have to take drastic action.

May I suggest that they take the lawyer who wrote the letter AND the president of HID out, and, in public, string them up by their thumbs and give them fifty scarring lashes?

Of course, this is NOT intended to advocate any sort of punitive action against HID or anyone associated with it.

Anonymous Coward says:

Re: DHS? Really?

Actually, you’re pretty close. Aren’t something like 300 million cards like this in use around the country? I have two here on my desk: one from my former Unix OS Developer job, and now for my current Government Security Analyst job. Which system would DHS prefer not be hackable by their imaginary nefarious people? the OS which drives the stock market, or the unnamed government office where I may or may not currently work?

This is one DHS effort which, at last, doesn’t make them look bumbling and stupid.

|333173|3|_||3 says:

I’ve used the RFID cards, and I have seen how little time they take to have a new value written on one. THe machines for writing them are readily avaliable, as are the machines for printing ID cards, so making a fake ID card with key would not be too difficult. Presumably HID sells writers for these cards so they can be re-used.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...