(Reuters) - Hacking experts and product manufacturers have sometimes been at odds over whether the disclosure of security vulnerabilities is helpful, or harmful, to the public interest.
Lawsuits, or even the threat of legal action, have resulted in the cancellation of some hacking presentations in recent years. Here are some examples, ahead of this week’s Black Hat and Def Con hacking conferences in Las Vegas:
2005 - Cisco Systems Inc persuaded security firm Internet Security Systems to pull a discussion on hacking routers by researcher Michael Lynn at the Black Hat annual hacking conference in Las Vegas.
On the eve of the conference, Black Hat organizers had workers tear out Lynn’s presentation materials from a printed handbook given out to thousands of attendees. Lynn gave the talk anyway, was fired by ISS, and an injunction was obtained to block further public discussion.
2007 - Security firm IOActive Inc pulled a talk that researcher Chris Paget was due to present at Black Hat DC on bugs in radio-frequency identification, or RFID, technology, saying it was pressured to do so by RFID technology firm HID Global Corp.
2008 - Three MIT undergrads cancelled a Def Con talk in Las Vegas on hacking the “Charlie Card” payment cards for Boston’s subway system after an injunction by a U.S. federal court. A judge later rescinded the order, allowing them to go public.
2013 - Three European computer scientists cancelled a talk on hacking the locks of luxury cars at a prestigious U.S. academic conference to be held in August, after Volkswagen AG obtained a restraining order from a British court.
Their paper, which was titled “Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer,” identified ways to hack into the lock systems of luxury cars including Porsches, Audis, Bentleys and Lamborghinis.
Reporting by Jim Finkle; Additional reporting by Christine Murray in London; Editing by Peter Cooney