Hacking the Assa Solo Lock
Marc Weber Tobias again:
The new Assa Solo was recently introduced in Europe and we believe is the latest Cliq design. We were provided with samples and were able to show a reporter for Wired’s Threat Level how to completely circumvent the electronic credentials in less than thirty seconds, which she easily accomplished. This is the latest and most current example of a failure in security engineering at Assa.
[…]
In response to demonstrations and our disclosures about the bypass of Assa Cliq locks at Defcon 17, the product development manager of Assa in the U.S. told Wired Magazine that “From what I know of the CLIQ technology it can’t be done,” … “And until I’ve seen it done, it can’t be done.”
We believe this statement typifies precisely the problem at Assa Abloy companies: a failure of imagination. It prompted our research and subsequent discovery of multiple vulnerabilities in Cliq, Logic, and NexGen locks. It is this attitude that will continue to allow us to break locks that are represented as the ultimate in security by these companies, and which often provide a false sense of security to the locksmiths and customers that rely upon these products.
Me on locks and lockpicking.
Johannes Berg • August 21, 2009 6:48 AM
So which companies do incorporate proper security engineering into their locks?