Black Hats spooked by RFID patent

Stephen Withers
Thursday, 01 March 2007 03:19

Your IT - Home IT

A conference presentation on RFID security risks was delivered in a truncated form after a vendor allegedly put pressure on the speaker's company.

While it isn't completely clear whether HID Global actually wanted IOActive to cancel (IOActive's version) or amend (HID's version) the presentation at Black Hat DC 22007.

It seems that a demonstration of cloning one of HID's RFID proximity cards - the type of card used for access control in some buildings - would constitute a breach of the company's patents, in HID's eyes at least.

"As with any company’s legal rights under patent laws, HID Global reminded IOActive about the intellectual property protection provided by these patents," said a written statement from HID officials.

"HID Global has the right and responsibility to discourage the publication of any information regarding the improper use of HID’s intellectual property, including violations of HID’s intellectual property or inducing others to violate HID’s intellectual property."

Material removed from the presentation included the specifications of an HID RFID device, and a demonstration of a home-made RFID cloner.

"We understand and acknowledge that it may be possible, under certain conditions, to clone a proximity card," the HID statement conceded.

Both companies agree that an RFID proximity card should not be used as the sole means of protecting assets.

This case underscores a problem with the US patent system. It seems it is possible to use patents to prevent others from exposing weaknesses or debunking claims.

For example, it has been reported that if a company patented a claimed association between a particular gene and a certain medical condition, it could then market a product said to suppress the likelihood of that condition actually occurring in individuals with that gene - safe in the knowledge that it could use patent law to prevent anyone else testing the efficacy of the product or even the relationship between the gene and the condition.