Hackers gathered in Las Vegas on Saturday showed ways to crack electronic key-card systems and deadbolt locks used at security-sensitive places including the White House and the Pentagon.
"If you can't physically protect your computer, you are screwed," said Zac Franken, a British hacker who engineered a way to outwit door locks relying on key cards.
"Most people think that computers inside buildings are secure. How many computers do you see left logged on at night?" he said.
PHOTO: AP
Franken's creation was among the real-world lock-cracking revelations made at the DefCon hackers conference, where a room is devoted to the "sport" of lock picking.
Medeco deadbolt locks relied on worldwide at embassies, banks and other tempting targets for thieves, spies or terrorists can be opened in seconds with a strip of metal and a thin screw driver, Marc Tobias of Security.org demonstrated.
"This is incredible; it's unreal," Tobias said while showing the ease with which the locks can breached.
"Medeco has one of the best designed locks in the world, but with this kind of attack it's all irrelevant," he said.
US-based Medeco is owned by ASSA ABLOY Group, a Swedish manufacturer and supplier of locks.
"This is not the only company," Tobias said. "There are lot of them; lots of deadbolts with similar weakness."
Tobias said he refuses to publish details of "defeating" the locks because they are used in places ranging from homes and banks to the White House and the Pentagon.
"This can cause a lot of trouble," he said. "They need to fix this. If you have one of these on your house or wherever you'd better be concerned."
Franken is equally protective of the simple electronics he uses in a device that can be spliced into wires connecting key card readers to computer systems that control door locks on many businesses.
"The access control system is inherently insecure," Franken said. "I just walk up, pop off a cover held on by two screws, put my device in and we're away."
Easy targets for the "physical hack," involving manipulating hardware instead of computer software, are electronic key scanner pads at doors where workers step outside for cigarette breaks, Franken said.
Once the device is spliced into place, encoded cards can be used to command it to replay the last valid entry code or have the system deny access to people with legitimate cards, he showed.
"Basically, I can now lock all the valid users out while I can still get in," Franken said. "There is no patch for this."
Tobias wants to see a "Hogwarts School for Reality," which like the school of magic made famous in the Harry Potter novels would aim to inspire children to act creatively -- in this case by applying technology to security needs on and offline.
"It's no difference breaking into a lock or a computer," he said. "If you can get past locks you get to the computers. This is the real world; we need the real world Hogwarts."
GAINING STEAM: The scheme initially failed to gather much attention, with only 188 cards issued in its first year, but gained popularity amid the COVID-19 pandemic Applications for the Employment Gold Card have increased in the past few years, with the card having been issued to a total of 13,191 people from 101 countries since its introduction in 2018, the National Development Council (NDC) said yesterday. Those who have received the card have included celebrities, such as former NBA star Dwight Howard and Australian-South Korean cheerleader Dahye Lee, the NDC said. The four-in-one Employment Gold Card combines a work permit, resident visa, Alien Resident Certificate (ARC) and re-entry permit. It was first introduced in February 2018 through the Act Governing Recruitment and Employment of Foreign Professionals (外國專業人才延攬及雇用法),
WARNING: From Jan. 1 last year to the end of last month, 89 Taiwanese have gone missing or been detained in China, the MAC said, urging people to carefully consider travel to China Lax enforcement had made virtually moot regulations banning civil servants from making unauthorized visits to China, the Control Yuan said yesterday. Several agencies allowed personnel to travel to China after they submitted explanations for the trip written using artificial intelligence or provided no reason at all, the Control Yuan said in a statement, following an investigation headed by Control Yuan member Lin Wen-cheng (林文程). The probe identified 318 civil servants who traveled to China without permission in the past 10 years, but the true number could be close to 1,000, the Control Yuan said. The public employees investigated were not engaged in national
The zero emissions ship Porrima P111 was launched yesterday in Kaohsiung, showcasing the nation’s advancement in green technology, city Mayor Chen Chi-mai (陳其邁) said. The nation last year acquired the Swiss-owned vessel, formerly known as Turanor PlanetSolar, in a bid to boost Taiwan’s technology sector, as well as ecotourism in Palau, Chen said at the ship’s launch ceremony at Singda Harbor. Palauan President Surangel Whipps Jr and Minister of Foreign Affairs Lin Chia-lung (林佳龍) also attended the event. The original vessel was the first solar-powered ship to circumnavigate the globe in a voyage from 2010 to 2012. Taiwan-based Porrima Inc (保利馬) installed upgrades with
ENHANCE DETERRENCE: Taiwan has to display ‘fierce resolve’ to defend itself for China to understand that the costs of war outweigh potential gains, Koo said Taiwan’s armed forces must reach a high level of combat readiness by 2027 to effectively deter a potential Chinese invasion, Minister of National Defense Wellington Koo (顧立雄) said in an interview with the Chinese-language Liberty Times (sister newspaper of the Taipei Times) published yesterday. His comments came three days after US Secretary of State Marco Rubio told the US Senate that deterring a Chinese attack on Taiwan requires making a conflict “cost more than what it’s worth.” Rubio made the remarks in response to a question about US policy on Taiwan’s defense from Republican Senator John Cornyn, who said that Chinese
RSS