There's already an RFID security brouhaha brewing in Washington, and if some people have their way, it won't be the last legal fight waged in the nation's capital over use of the wireless technology. The IT security community is buzzing with interest over a legal spat that broke out on Feb. 27, one day ahead of the start of the Black Hat DC 2007 conference. Officials with Seattle-based IOActive were forced to scale back a planned presentation at the government-themed security trade show in which an expert from the company was to have detailed a technique for hacking data transmitted by HID's popular proximity identification cards used by millions of people nationwide.
Chris Paget, IOActive's director of research and development, had planned to show off an RFID "cloning" device that could be used to steal access codes from HID-brand proximity cards, store them, then use the stolen codes to fool an HID card reader. According to show organizers, HID quashed the session by threatening to file a patent infringement suit against IOActive over the use of HID's source code in the demonstration.