Theres already an RFID security brouhaha brewing in Washington, and if some people have their way, it wont be the last legal fight waged in the nations capital over use of the wireless technology. The IT security community is buzzing with interest over a legal spat that broke out on Feb. 27, one day ahead of the start of the Black Hat DC 2007 conference. Officials with Seattle-based IOActive were forced to scale back a planned presentation at the government-themed security trade show in which an expert from the company was to have detailed a technique for hacking data transmitted by HIDs popular proximity identification cards used by millions of people nationwide.
Chris Paget, IOActives director of research and development, had planned to show off an RFID "cloning" device that could be used to steal access codes from HID-brand proximity cards, store them, then use the stolen codes to fool an HID card reader. According to show organizers, HID quashed the session by threatening to file a patent infringement suit against IOActive over the use of HIDs source code in the demonstration.