About us Contact us RSS Newsletters Blogs Video Follow us on Twitter

Register | Login

Advertisement
  • Networking
  • Storage
  • Security
  • Mobility and Wireless
  • Applications
  • OS and Servers
  • Mid-sized Business
  • Green IT
  • Virtualisation

Home | News | Insight | How-tos | Case studies | Interviews | Briefings | Reviews | Blog

Computer & Internet Security News



18 July 2008

Judge prevents chipmaker's flaws staying secret

By Brenno de Winter, Webwereld Netherlands

A Dutch court has denied a request from chipmaker NXP to prevent the publication of a scientific study of the security of the firm's Mifare Classic RFID technology. Researchers will continue to pursue presenting their findings in October.

Advertisement

NXP had demanded a restraining order against researchers with the University of Nijmegen. The gagging order would have prevented them from discussing the results of their scientific research into the cryptography of the Mifare Classic, an RFID chip developed by NXP.

The court ruled that freedom of speech outweighs NXP's commercial interests. Although this freedom is typically granted to individual citizens, the judge argued that it also applies to scientific research.

The judge ruled that limitations to the freedom of speech are allowed only if there is urgent and obvious threat to society. "This requires a balancing of interests," the court stated in a press release. "It should be considered that the publication of scientific studies carries a lot of weight in a democratic society, as does informing society about serious issues in the chip, because it allows for mitigating of the risks."

NXP had argued that publication of the report was 'irresponsible', because it would allow criminals to attack Mifare Classic based systems such as public transport systems in the Netherlands, the UK and the US that use the chip, as well as billions of building access passes worldwide. In a position paper, the company explains that it welcomes feedback, but considers publication of its algorithms as a crime.

Advertisement

The researchers with the University of Nijmegen had countered that they have allowed ample time for NXP to repair the issues. Karsten Nohl, a researcher with the University of Virginia previously has pointed out that NXP was first made aware of fundamental flaws in the chip's design in December 2007.

Also, clones have been available in the market since at least 2004. These indicate that people outside NXP have vast knowledge of the chip's inner workings, including criminals. A restraining orders preventing publication of the study therefore will only serve to withhold knowledge from the scientific community.

Nohl furthermore charges that NXP has wrongly trivialised the issues and recommends that the firm shifts focus to mitigating the problems instead of fighting security researchers.

A spokesperson for NXP said the company is disappointed. NXP said it is in favour of openness, but fears that users will have insufficient time to switch to safer alternative technologies.

Follow highlights from Techworld on Twitter
Stay Informed > Subscribe to our Newsletters
The UK IT News widget Get it for your site!

<<newer article | back to index | older article>>

close

Email this article to a friend or colleague:




PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

close
  • This article is now being printed.
close

What are your views on this subject? Use the form below to post a comment on this article up to 1000 characters.


Characters remaining:

close

Click below to add 'Judge prevents chipmaker's flaws staying secret' to your blog.



If you do not have a ComputerworldUK Account and would like to use this feature, please Register.

If you are a registered, logged-in user, this will post the title and first paragraph of this story to your blog to share with your readers.

What is this?

Comments received


Andy said on Monday, 21 July 2008

NXP needs to establish a relationship with the U of Nijmegan - if it is not too late. Oct is still far enough away.

Andy said on Monday, 21 July 2008

NXP needs to establish a relationship with the U of Nijmegan - if it is not too late. Oct is still far enough away.

Advertisement
Advertisement

WHITE PAPERS

  • Seven Ways ITIL Can Help You in an Economic Downturn
    Learn more about how ITIL can help your business weather the economic storm, and how it can leave you better positioned for growth when the economy begins to rebound.
  • Make Compliance Work For You
    Learn how to make compliance work for you, rather than the other way around, with this whitepaper form Oracle.
  • Modernizing IT: Strategies for Improving Service Quality and Reducing IT Costs
    Working harder simply won’t get you there. No matter how many people you allocate, sinking more labour into old IT practices cannot concurrently meet rising demands on IT and cut costs. Read about cost-effective, automated ways to meet this challenge head-on in this whitepaper.
  • Security and Trust: The Backbone of Doing Business over the Internet
    When shopping online, consumers are concerned about identity theft and are therefore wary of providing untrusted sources with their personal information, especially their credit card details. Find out how to gain the trust of online customers.
  • Business Continuity - Are you always open for business?
    Business continuity is not an end in itself, but the key to improving performance. Oracle solutions for midsize organisations contribute by providing a secure, easily accessible, and always available information infrastructure thats's also simple and cost-effective to manage. This Oracle Business Brief explains how.

Techworld topic pages