A programmer
Martin Swende received a letter from the legal department of the company INSIDE
Secure, in which he was warned of a potential violation of
intellectual property rights and the need to remove it from the internet open
source library that exploits a vulnerability in a cryptographic system
producing HID Global.
This
requires an explanation. The fact that the HID Global sells access of control
systems using RFID-chips. Their product line iClass was installed worldwide.
Usually a person receives a card or key fob with RFID-chip, on which you can
enter the protected area (or open door), attaching keychain / card to a special
reader.
Like other
similar systems Mifare, which has enjoyed even greater popularity in iClass
applies cryptographic protection of communications between the RFID tag and the
RFID-reader. In 2010, in the Internet appeared the first academic study with
the description of vulnerabilities in this kriptoskheme. Since then, several
other people had published works, which completely discredit cryptographic protection
in products iClass.
Based on
these studies, Martin Svend drafted free library where had realized ciphers
used in the product family iClass. This library can be used for security checks
at the company installed access tocontrol
systems.
Now litigation is threatened forMartin. Rather than correct the
shortcomings of HID Global, the company prefer to hire lawyers, trying to remove from
the Internet defamatory information.
"In
the world of Internet security, no one is surprised of vulnerabilities and does
not consider it something out of the ordinary. Companies offering a reward for
finding these bugs and hold competitions to find vulnerabilities. In the world
of Internet security companies are respected not for the release of
"invulnerable" products, and for responsible, accurate and timely
correction of errors. Industry "physical security" seems to have
fallen behind on a decade. I do not think that this would benefit users and, in
the long run, the producers themselves "- lamenting Martin Svend.
Source: xaker.ru
No comments:
Post a Comment