RFID Talk Ripped From Black Hat Schedule

At the Black Hat event Wednesday in Washington, D.C., Seattle-based security research firm IOActive had planned to give a presentation on vulnerabilities in RFID proximity badge systems, which are often deployed to regulate physical access to buildings and secure areas.

In its presentation, IOActive referenced a whitepaper published two years ago by HID Global, an Irvine, Calif.-based maker of RFID proximity card and next-generation contactless smart card systems. The paper outlined security weaknesses in proximity badge systems.

However, when HID caught wind of the presentation, it demanded that IOActive pull the presentation on the grounds that it infringed on HID's patents, according to an IOActive statement issued Tuesday.

"As a consequence, under advice of counsel, IOActive has withdrawn its presentation at the Black Hat briefings in order to address the demands of HID Global Corporation and to protect IOActive's researchers from adverse action," the company said.

IOActive said its motivation in pointing out flaws in RFID proximity card systems was to highlight the need for organizations to adopt a layered approach to security -- a message being echoed by many security solution providers these days.

"IOActive's intended message was that the use of this technology should be as merely one component in a defense-in-depth strategy," the company said.

At the 2005 Black Hat conference in Las Vegas, Mike Lynn -- then a researcher at Internet Security Systems -- was sued by Cisco Systems and investigated by the FBI after giving a presentation on a vulnerability he discovered in the operating system that runs Cisco routers.

Cisco and ISS tried to pull Lynn's presentation at the last minute, with Cisco even going so far as to send in an army of temporary workers before the show to tear the PowerPoint slide shots out of each and every conference program.