Home > TechNews > Hacking HID

Hacking HID

Now I’m less convinced than ever that HID is tuned into this whole Information technology thing, with its confusing array of computers, software, networks, vulnerability assessments, hackers, and IT security.  I guess it’s just too much for an old fashioned company like HID to really comprehend.

So it shouldn’t surprise us that shortly after I wrote about IOActive‘s cleverly designed proximity card cloner, HID threatened to sue the little company to keep it from talking.

Here are two related stories
Reality Check

IOActive is a security company whose sole purpose is to make computing and networking systems stronger, better, and safer to use.  By constructing a simple device using $20 of parts available mostly from Radio Shack, the company could demonstrate the fundamental lack of security that ALREADY EXISTED in proximity cards and readers, like those from HID. 

HID marketing materials actually promote that weakness in order to highlight the relative security of the "smarter" iClass cards.  But does HID want the IT security community to help its clients to improve security and eliminate the false sense of security they may have from using insecure prox cards?  No.  HID would rather sue.

By threatening to sue – or whatever it was that they threatened to get IOActive to not share their best practices with the rest of the world – HID probably will bring down the wrath of the unharnessed cracker (evil-hacker) community.  I predict that HID’s little performance withe IoActive and the Black Hat conference will only draw hacker and cracker attention to the problem.

When hackers get together and giggle about cracking HID cards, the jig is up.  It’s time for a forklift upgrade to iClass or other higher security products.  It’s not time to sue fellow security professionals who simply want to fix a problem that HID has ignored.

Categories: TechNews
  1. john Pears
    January 18, 2011 at 2:24 am

    Well, iClass has now been hacked. As it turned out, all of their door readers shar ethe same master key. Brilliant. Oh, yeah, and the hack exposes the master key. Not sure i understand why this building access market is able to control what type of scrutiny the encounter.

    Yeah, how well would it go over if MicroSoft said, “you cannot point out vulnerabilities in our products or we will sue”? Bigger company, and they would not get away with it.

  2. SYU
    February 21, 2012 at 11:15 pm

    iclass never been hacked that a lie, no one can n the world just try yourself all fake every where 😦

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: