Chris Paget, Head of IOActive's R&D facility, was to demonstrate a homebrewed RFID cloner, made from cheap, easy to find electronics. The cloner can read information from a variety of RFID devices within close proximity to the device, but specifically, those made to specifications from access card manufacturer   HID .

Mr Paget was to deliver notes and schematics on how to build a similar device as part of his presentation, and evidently this is what, specifically HID is concerned about.

 IOActive has issued a formal statement and stated that an alternative presentation by the ACLU will be replacing the controversial talk.

According to Blackhat founder, Jeff Moss, the staff were forced to tear material out of the intended printed material, ala "Lynn - Cisco" fiasco.

HID claims the presentation to be given violated HID's patent rights and threatened to take legal actions against Mr Paget and IOActive. HID's claim is that Mr Paget's talk would violate two patents by the maker, essentially describing detection of the signaling between an embedded "proximity" type RFID device, and that of the   "interrogator"  or the device that initiates the signaling.

 Earlier this year, Mr Paget   presented his device at the RSA 2007 conference in San Francisco, where he also gave an identical copy to Apple Co-Founder, Steve "the Woz" Wozniak, who just also happens to sit on IOActive's advisory board.

 Zone-h believes that vendors should be responsible for the security of their products, not  to chastise and suppress independent research. How in this case can Paget's material violate patents when they are available for public scrutiny? If it weren't for the Mr. Paget's and others in the security research field, we would living in a world controlled by corporations, and courts, presumed guilty before trial.

 We will be following this story as it develops.

UPDATE:

 Chris Paget and IOActive decided to go forth with the presentation, but with limited material presented. In a statement on IOActive's web page, the company had this to say,

"At IOActive, we have noted that some of the press coverage, weblog postings, and commentary on the recent disagreement with HID Global Corporation state or imply that the schematic diagrams and source-code that were redacted from our presentation at Black Hat were in fact the property of HID Global Corporation.

IOActive would like to clarify that the electronic design of our device, the associated schematic diagrams, and the source-code for the micro-controller component were developed by IOActive completely independent of any HID documents, and were principally based on information available on the Internet regarding RFID technology. In fact, we did not view any documentation prepared or produced by HID Global Corporation about their technology until after we received their demand letter"

 HID, in response to press coverage provided,

 "Under no circumstance has HID asked IOActive or Mr. Paget to cancel their presentation. In fact, we were surprised by their decision to cancel the presentation and to attribute the cancellation to a threat from HID. This was not, and never was, HID's position." 

 Score: IOActive: 2 HID:0

Comments Index (Total Messages: 0)

Post Reply
Name:	Guest
Title:
Comment:
Enter this security word

Powered by a Zone-H(ified) version of AkoComment 3.0!