Hackers gathered in Las Vegas on Saturday showed ways to crack electronic key-card systems and deadbolt locks used at security-sensitive places including the White House and the Pentagon.
"If you can't physically protect your computer, you are screwed," said Zac Franken, a British hacker who engineered a way to outwit door locks relying on key cards.
"Most people think that computers inside buildings are secure. How many computers do you see left logged on at night?" he said.
PHOTO: AP
Franken's creation was among the real-world lock-cracking revelations made at the DefCon hackers conference, where a room is devoted to the "sport" of lock picking.
Medeco deadbolt locks relied on worldwide at embassies, banks and other tempting targets for thieves, spies or terrorists can be opened in seconds with a strip of metal and a thin screw driver, Marc Tobias of Security.org demonstrated.
"This is incredible; it's unreal," Tobias said while showing the ease with which the locks can breached.
"Medeco has one of the best designed locks in the world, but with this kind of attack it's all irrelevant," he said.
US-based Medeco is owned by ASSA ABLOY Group, a Swedish manufacturer and supplier of locks.
"This is not the only company," Tobias said. "There are lot of them; lots of deadbolts with similar weakness."
Tobias said he refuses to publish details of "defeating" the locks because they are used in places ranging from homes and banks to the White House and the Pentagon.
"This can cause a lot of trouble," he said. "They need to fix this. If you have one of these on your house or wherever you'd better be concerned."
Franken is equally protective of the simple electronics he uses in a device that can be spliced into wires connecting key card readers to computer systems that control door locks on many businesses.
"The access control system is inherently insecure," Franken said. "I just walk up, pop off a cover held on by two screws, put my device in and we're away."
Easy targets for the "physical hack," involving manipulating hardware instead of computer software, are electronic key scanner pads at doors where workers step outside for cigarette breaks, Franken said.
Once the device is spliced into place, encoded cards can be used to command it to replay the last valid entry code or have the system deny access to people with legitimate cards, he showed.
"Basically, I can now lock all the valid users out while I can still get in," Franken said. "There is no patch for this."
Tobias wants to see a "Hogwarts School for Reality," which like the school of magic made famous in the Harry Potter novels would aim to inspire children to act creatively -- in this case by applying technology to security needs on and offline.
"It's no difference breaking into a lock or a computer," he said. "If you can get past locks you get to the computers. This is the real world; we need the real world Hogwarts."
BUILDUP: US General Dan Caine said Chinese military maneuvers are not routine exercises, but instead are ‘rehearsals for a forced unification’ with Taiwan China poses an increasingly aggressive threat to the US and deterring Beijing is the Pentagon’s top regional priority amid its rapid military buildup and invasion drills near Taiwan, US Secretary of Defense Pete Hegseth said on Tuesday. “Our pacing threat is communist China,” Hegseth told the US House of Representatives Appropriations Subcommittee on Defense during an oversight hearing with US General Dan Caine, chairman of the Joint Chiefs of Staff. “Beijing is preparing for war in the Indo-Pacific as part of its broader strategy to dominate that region and then the world,” Hegseth said, adding that if it succeeds, it could derail
CHIP WAR: The new restrictions are expected to cut off China’s access to Taiwan’s technologies, materials and equipment essential to building AI semiconductors Taiwan has blacklisted Huawei Technologies Co (華為) and Semiconductor Manufacturing International Corp (SMIC, 中芯), dealing another major blow to the two companies spearheading China’s efforts to develop cutting-edge artificial intelligence (AI) chip technologies. The Ministry of Economic Affairs’ International Trade Administration has included Huawei, SMIC and several of their subsidiaries in an update of its so-called strategic high-tech commodities entity list, the latest version on its Web site showed on Saturday. It did not publicly announce the change. Other entities on the list include organizations such as the Taliban and al-Qaeda, as well as companies in China, Iran and elsewhere. Local companies need
CRITICISM: It is generally accepted that the Straits Forum is a CCP ‘united front’ platform, and anyone attending should maintain Taiwan’s dignity, the council said The Mainland Affairs Council (MAC) yesterday said it deeply regrets that former president Ma Ying-jeou (馬英九) echoed the Chinese Communist Party’s (CCP) “one China” principle and “united front” tactics by telling the Straits Forum that Taiwanese yearn for both sides of the Taiwan Strait to move toward “peace” and “integration.” The 17th annual Straits Forum yesterday opened in Xiamen, China, and while the Chinese Nationalist Party’s (KMT) local government heads were absent for the first time in 17 years, Ma attended the forum as “former KMT chairperson” and met with Chinese People’s Political Consultative Conference Chairman Wang Huning (王滬寧). Wang
CROSS-STRAIT: The MAC said it barred the Chinese officials from attending an event, because they failed to provide guarantees that Taiwan would be treated with respect The Mainland Affairs Council (MAC) on Friday night defended its decision to bar Chinese officials and tourism representatives from attending a tourism event in Taipei next month, citing the unsafe conditions for Taiwanese in China. The Taipei International Summer Travel Expo, organized by the Taiwan Tourism Exchange Association, is to run from July 18 to 21. China’s Taiwan Affairs Office spokeswoman Zhu Fenglian (朱鳳蓮) on Friday said that representatives from China’s travel industry were excluded from the expo. The Democratic Progressive Party government is obstructing cross-strait tourism exchange in a vain attempt to ignore the mainstream support for peaceful development
RSS