Hackers gathered in Las Vegas on Saturday showed ways to crack electronic key-card systems and deadbolt locks used at security-sensitive places including the White House and the Pentagon.
"If you can't physically protect your computer, you are screwed," said Zac Franken, a British hacker who engineered a way to outwit door locks relying on key cards.
"Most people think that computers inside buildings are secure. How many computers do you see left logged on at night?" he said.
PHOTO: AP
Franken's creation was among the real-world lock-cracking revelations made at the DefCon hackers conference, where a room is devoted to the "sport" of lock picking.
Medeco deadbolt locks relied on worldwide at embassies, banks and other tempting targets for thieves, spies or terrorists can be opened in seconds with a strip of metal and a thin screw driver, Marc Tobias of Security.org demonstrated.
"This is incredible; it's unreal," Tobias said while showing the ease with which the locks can breached.
"Medeco has one of the best designed locks in the world, but with this kind of attack it's all irrelevant," he said.
US-based Medeco is owned by ASSA ABLOY Group, a Swedish manufacturer and supplier of locks.
"This is not the only company," Tobias said. "There are lot of them; lots of deadbolts with similar weakness."
Tobias said he refuses to publish details of "defeating" the locks because they are used in places ranging from homes and banks to the White House and the Pentagon.
"This can cause a lot of trouble," he said. "They need to fix this. If you have one of these on your house or wherever you'd better be concerned."
Franken is equally protective of the simple electronics he uses in a device that can be spliced into wires connecting key card readers to computer systems that control door locks on many businesses.
"The access control system is inherently insecure," Franken said. "I just walk up, pop off a cover held on by two screws, put my device in and we're away."
Easy targets for the "physical hack," involving manipulating hardware instead of computer software, are electronic key scanner pads at doors where workers step outside for cigarette breaks, Franken said.
Once the device is spliced into place, encoded cards can be used to command it to replay the last valid entry code or have the system deny access to people with legitimate cards, he showed.
"Basically, I can now lock all the valid users out while I can still get in," Franken said. "There is no patch for this."
Tobias wants to see a "Hogwarts School for Reality," which like the school of magic made famous in the Harry Potter novels would aim to inspire children to act creatively -- in this case by applying technology to security needs on and offline.
"It's no difference breaking into a lock or a computer," he said. "If you can get past locks you get to the computers. This is the real world; we need the real world Hogwarts."
SECURITY: As China is ‘reshaping’ Hong Kong’s population, Taiwan must raise the eligibility threshold for applications from Hong Kongers, Chiu Chui-cheng said When Hong Kong and Macau citizens apply for residency in Taiwan, it would be under a new category that includes a “national security observation period,” Mainland Affairs Council (MAC) Minister Chiu Chui-cheng (邱垂正) said yesterday. President William Lai (賴清德) on March 13 announced 17 strategies to counter China’s aggression toward Taiwan, including incorporating national security considerations into the review process for residency applications from Hong Kong and Macau citizens. The situation in Hong Kong is constantly changing, Chiu said to media yesterday on the sidelines of the Taipei Technology Run hosted by the Taipei Neihu Technology Park Development Association. With
CARROT AND STICK: While unrelenting in its military threats, China attracted nearly 40,000 Taiwanese to over 400 business events last year Nearly 40,000 Taiwanese last year joined industry events in China, such as conferences and trade fairs, supported by the Chinese government, a study showed yesterday, as Beijing ramps up a charm offensive toward Taipei alongside military pressure. China has long taken a carrot-and-stick approach to Taiwan, threatening it with the prospect of military action while reaching out to those it believes are amenable to Beijing’s point of view. Taiwanese security officials are wary of what they see as Beijing’s influence campaigns to sway public opinion after Taipei and Beijing gradually resumed travel links halted by the COVID-19 pandemic, but the scale of
A US Marine Corps regiment equipped with Naval Strike Missiles (NSM) is set to participate in the upcoming Balikatan 25 exercise in the Luzon Strait, marking the system’s first-ever deployment in the Philippines. US and Philippine officials have separately confirmed that the Navy Marine Expeditionary Ship Interdiction System (NMESIS) — the mobile launch platform for the Naval Strike Missile — would take part in the joint exercise. The missiles are being deployed to “a strategic first island chain chokepoint” in the waters between Taiwan proper and the Philippines, US-based Naval News reported. “The Luzon Strait and Bashi Channel represent a critical access
Pope Francis is be laid to rest on Saturday after lying in state for three days in St Peter’s Basilica, where the faithful are expected to flock to pay their respects to history’s first Latin American pontiff. The cardinals met yesterday in the Vatican’s synod hall to chart the next steps before a conclave begins to choose Francis’ successor, as condolences poured in from around the world. According to current norms, the conclave must begin between May 5 and 10. The cardinals set the funeral for Saturday at 10am in St Peter’s Square, to be celebrated by the dean of the College
RSS