Surprise: Attempt To Suppress Security Research Blows Up In Company's Face

from the instant-karma dept

The big story out of last week's Black Hat security conference was that HID Global, a maker of RFID-based door entry cards, managed to prevent a demonstration of how their products were vulnerable to cloning. What made their threats particularly odious was their claim that the presenters were somehow engaging in patent infringement by demonstrating the attack. More broadly, however, this kind of intimidation is almost always a mistake. It only made the company look like bullies with something to hide. It seems that the company may already be paying the consequences for its heavy-handed actions, as the DHS is said to now be examining the vulnerability further. HID Global is now backtracking, saying that it never intended to prevent the presentation from happening, although they don't seem to explain how everybody got that impression. Either way, any hope that the company had in keeping this threat quiet is now totally lost.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  • identicon
    dataGuy, 8 Mar 2007 @ 1:20pm

    Change Icon

    I think it's time you create a "Barbra Streisand" icon to identify these types of stores :-)

    reply to this | link to this | view in chronology ]

  • identicon
    Geoffrey Kidd, 8 Mar 2007 @ 1:29pm


    If HID Global really wants to convince anybody that a claim of patent infringement and suing IOActive down to their belly-button lint wasn't intended to prevent the demo, they're going to have to take drastic action.

    May I suggest that they take the lawyer who wrote the letter AND the president of HID out, and, in public, string them up by their thumbs and give them fifty scarring lashes?

    Of course, this is NOT intended to advocate any sort of punitive action against HID or anyone associated with it.

    reply to this | link to this | view in chronology ]

  • identicon
    Witty Nickname, 8 Mar 2007 @ 2:51pm

    Aren't we due an energy efficent light bulb logo before we get one of Babbs?

    reply to this | link to this | view in chronology ]

  • identicon
    Dosquatch, 8 Mar 2007 @ 4:59pm

    DHS? Really?

    I'm not sure on what grounds the DHS is investigating this. I mean, not unless it's personal or something.

    "Hey, Bob, come check this article out."

    "Hmmm. Yeah? So?"

    "Well, aren't those the keycards that WE use?"

    "Ohhhhhh.... shit."

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Mar 2007 @ 6:10pm

      Re: DHS? Really?

      Actually, you're pretty close. Aren't something like 300 million cards like this in use around the country? I have two here on my desk: one from my former Unix OS Developer job, and now for my current Government Security Analyst job. Which system would DHS prefer not be hackable by their imaginary nefarious people? the OS which drives the stock market, or the unnamed government office where I may or may not currently work?

      This is one DHS effort which, at last, doesn't make them look bumbling and stupid.

      reply to this | link to this | view in chronology ]

  • identicon
    Kevin Delaney, 8 Mar 2007 @ 5:14pm

    Patent Laws Should Stop ID Theft

    Gosh, I think that if people knew that cloning security cards violated a patent, they wouldn't do it. I would imagine that a well run, professional criminal organization would do patent checks on all of the devices that they develop in their criminal career.

    reply to this | link to this | view in chronology ]

  • identicon
    |333173|3|_||3, 10 Mar 2007 @ 3:22am

    I've used the RFID cards, and I have seen how little time they take to have a new value written on one. THe machines for writing them are readily avaliable, as are the machines for printing ID cards, so making a fake ID card with key would not be too difficult. Presumably HID sells writers for these cards so they can be re-used.

    reply to this | link to this | view in chronology ]

  • identicon
    Mr. Big, 28 Mar 2007 @ 9:36am

    Our evaluation

    We have dropped HID from consideration in our corporate ID card implementation. Since they don't support open discussion of security issues we cannot be assured they provide a secure prouct and more importantly, feel security is important.

    reply to this | link to this | view in chronology ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories


Email This

This feature is only available to registered users. Register or sign in to use it.