Thursday, July 10, 2008

Dutch chipmaker sues to silence security researchers

From C/net news blog: "Dutch chipmaker NXP Semiconductors has sued a university in The Netherlands to block publication of research that details security flaws in NXP's Mifare Classic wireless smart cards, which are used in transit and building entry systems around the world."

The article features a youtube video that illustrates how the system is hacked. It includes an illustration of wireless "sniffing" which I never heard of. Kind of scary. It's also scary that a commercial enterprise is trying to block the publication of academic research.

http://news.cnet.com/8301-10784_3-9985886-7.html?hhTest=1

1 comment:

Unknown said...

What's really of note about this case is that it's gotten decent exposure in the popular press. In technical terms, it's nothing new; the research is good, but we've seen similar successful exploits against widely-deployed commercial systems many times.

And manufacturers, industry organizations, and the like suing security researchers to try to suppress research is nothing new. The entertainment industry went after Ed Felton with all guns blazing.

These are things to be concerned about, certainly, so it's good that they've received a fair bit of press. Today it's your subway card that gets cloned; tomorrow it's your RFID-enabled passport. Manufacturers and government agencies don't like to see that publicized, but we're better off if it is.

Fortunately, this case, and the closely-related one with the Massachusetts Bay Transportation Authority (over the same technology, but different researchers), have not only come to the public's attention, but ended favorably, with strong findings for the defendants.