Hackers gathered in Las Vegas on Saturday showed ways to crack electronic key-card systems and deadbolt locks used at security-sensitive places including the White House and the Pentagon.
"If you can't physically protect your computer, you are screwed," said Zac Franken, a hacker who engineered a way to outwit door locks relying on key cards.
"Most people think that computers inside buildings are secure. How many computers do you see left logged on at night?"
Franken's creation was among the real-world lock-cracking revelations made at the DefCon hackers conference, where a room is devoted to the "sport" of lock picking.
Medeco deadbolt locks relied on worldwide at embassies, banks and other tempting targets for thieves, spies or terrorists can be opened in seconds with a strip of metal and a thin screw driver, Marc Tobias of Security.org demonstrated for AFP.
"This is incredible; it's unreal," Tobias said while showing the ease with which the locks can breached.
"Medeco has one of the best designed locks in the world, but with this kind of attack it's all irrelevant."
US-based Medeco is owned by ASSA ABLOY Group, a Swedish conglomerate that describes itself as the world's leading manufacturer and supplier of locks. Medeco officials could not be reached for comment Saturday.
"This is not the only company," Tobias said. "There are lot of them; lots of deadbolts with similar weakness."
Tobias said he notified Medeco by email repeatedly during the past two months about cracking their deadbolt locks and hasn't gotten a reply.
Tobias says he refuses to publish details of "defeating" the locks because they are used in places ranging from homes, banks and jewelers to the White House and the Pentagon. He asked AFP not to disclose how it is done.
"This can cause a lot of trouble," Tobias said. "They need to fix this. If you have one of these on your house or wherever you'd better be concerned."
Franken is equally protective of the simple electronics he uses in a device that can be spliced into wires connecting key card readers to computer systems that control door locks on many businesses.
"The access control system is inherently insecure," Franken said. "I just walk up, pop off a cover held on by two screws, put my device in and we're away."
Easy targets for the "physical hack," involving manipulating hardware instead of computer software, are electronic key scanner pads at doors where workers step outside for cigarette breaks, according to Franken.
Once the device is spliced into place, encoded cards can be used to command it to replay the last valid entry code or have the system deny access to people with legitimate cards, Franken demonstrated.
"Basically, I can now lock all the valid users out while I can still get in," Franken said. "There is no patch for this."
Tobias advocates for a "Hogwarts School for Reality," which like the fictional school of magic made famous in the "Harry Potter" novels would aim to inspire children to act creatively -- in this case by applying technology to security needs on and offline.
"It's no difference breaking into a lock or a computer," Tobias said.
"If you can get past locks you get to the computers. This is the real world; we need the real world Hogwarts." — AFP
Nothing Down for the 2000s: Dynamic New Wealth Strategies in Real Estate
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment