BRIAN ROSS REPORTS
- Like Jay-Z + the Beatles, But Worse
- Update: Help for Homeless Children
- Bush Era, Revised -- and with More Barbeque
- The Tax Woman Cometh
- Paging Mr. Stanford: Antigua Called
- Who Are You Calling Partisan?
- Update: IRS Won't Use Private Debt Collectors
- But Is It Art?
- PMA Scandal a Sore Point for Dems in 2010?
- Down in Flames
- A New Mystery for RNC Chief
- PMA Clients Were Big Givers
- Raided Lobby Firm Still a Force on Capitol Hill
- Stanford Update: Another $143 Mil Found
- Cheney, Hooked on Controversy
TOP BLOTTER CATEGORIES
- Abramoff Lobbying Scandal
- American Al Qaeda
- Avian Flu
- Beirut Hospital Out of Gas
- Cheney
- CIA
- CIA Secret Prisons
- D.C. Madam Affair
- FBI
- Federal Air Marshal Service
- Homeland Security
- Hurricane Katrina
- IRS
- Mark Foley Internet Scandal
- Millionaire Sex Scandal
- Nigerian E-mail Scams
- Norman Hsu, Clinton Fundraiser
- NSA: Wiretapping
- Osama bin Laden
- Payola
- Pharmacy Investigation
- PMA
- Speaker of the House Dennis Hastert
- Stanford
- Steele
- Terror
- Troopergate
- U.K. Airline Terror Plot
- U.K. Bombing Attempts
- Wen Ho Lee
- William Jefferson
- Zarqawi
« Previous | Main | Next »
Tech Firm: Our Secrets Are More Important Than Yours
Email
Print
ShareApril 18, 2007 10:34 AM
Twenty dollars worth of equipment can steal private information from chips embedded in many passports and "touchless" credit cards, according to security researcher Chris Paget.
But the company who makes the chips has blocked him from explaining the flaw to others, saying it would violate their intellectual property rights.
Paget, the director of research and development for computer security company IOActive, planned on giving a presentation at a conference in February on the dangers of radio frequency identification (RFID) chips. The devices store information and share it wirelessly, allowing data to be collected from a credit card or a passport by simply swiping the item past a reader. The same technology is used for express toll lanes, such as the E-Z Pass system used by several states.
Using about $20 worth of equipment bought on eBay, Paget wanted to show the audience how easy it was to make a handheld reader that could copy RFID signals. "It's not complicated," Paget told ABC News. "If you can understand an off-the-shelf electronics hobby kit...then it's easy."
But HID Global, the company that produces the chips Paget used as an example, sent Paget a letter telling him his presentation infringed on its patents for legitimate RFID card readers. Paget says the company threatened litigation if he would not stop.
Click Here for Full Blotter Coverage.
Unable to afford a legal battle, Paget removed the disputed information from his presentation. He has posted a redacted version of his presentation on the IOActive Web site.
"We've been forced to give up all our RFID research," Paget said, "Using patent law in this way is a horrific blow to the security community, when the big corporations stifle researchers by wielding this big legal axe."
Kathleen Carroll, director of government relations for HID Global, said that it was "absolutely not" the company's intention to stifle researchers. She cited an unwritten code of conduct for hackers who uncover security flaws. "HID appreciates the information hackers bring as long as they act responsibly. They're supposed to come to us first," she said.
Both Paget and Carroll agree that people have known about this particular security flaw for some time. And both say that most devices, including passports, have other security measures to protect personal information. But unauthorized signal reading is the first step in cracking these more complex devices.
"All we were trying to do was raise awareness of the issue," Paget said, "We're disappointed. There are a lot of ways the technology could be improved."
April 18, 2007 | Permalink | User Comments (0)
You can follow this conversation by subscribing to the comment feed for this post.
Post a comment
