physical security Archives - Page 23 of 25

Entries Tagged "physical security"

Page 23 of 25

Fingerprint-Lock Failure in a Prison

Prison officers have been forced to abandon a new security system and return to the use of keys after the cutting-edge technology repeatedly failed.

The system, which is thought to have cost over £3 million, used fingerprint recognition to activate the locking system at the high-security Glenochil Prison near Tullibody, Clackmannanshire.

After typing in a PIN code, prison officers had to place their finger on a piece of glass. Once the print was recognised, they could then lock and unlock prison doors.

However, problems arose after a prisoner demonstrated to wardens that he could get through the system at will. Other prisoners had been doing the same for some time.

Unfortunately, the article doesn’t say how the prisoners hacked the system. Perhaps they lifed fingerprints off readers with transparent tape. Or perhaps the valid latent fingerprints left on the readers by wardens could be activated somehow.

I would really like some more details here. Does it really make sense to have a tokenless access system in a prison? I don’t know enough to answer that question.

Posted on September 26, 2005 at 4:03 PM • View Comments

Locking Gas Caps

People in this country freak out at the slightest little thing.

Posted on September 20, 2005 at 1:25 PM • View Comments

Israeli Barrier Around Gaza

Putting aside geopolitics for a minute (whether I call it a “wall” or a “fence” is a political decision, for example), it’s interesting to read the technical security details about the barrier the Israelis built around Gaza:

Remote control machine guns, robotic jeeps, a double fence, ditches and pillboxes along with digitally-linked commanders are all part of the IDF’s new 60-kilometer layered protection around the Gaza Strip.

[…]

The army has set up a large swath of land around the Strip for placing barbed wire coils, an electronic fence, and two patrol roads named Hoovers Alef and Hoovers Bet. There will also be a third patrol road a few hundred meters from the fence. All the land was “purchased” from the border settlements by the Defense Ministry. The army said it would allow farmers to work some of the land if possible.

Besides the barriers, the army has relocated over 50 cement pillboxes from their location inside the Gaza Strip to the new border. Some of these will be equipped with 50-caliber machine guns with laser sights that can be fired from control rooms equipped with monitors and radar along the border.

[…]

The IDF is also taking into account that the Palestinians may try to dig tunnels under the fence, but would not elaborate on steps it was taking to thwart such action.

In Beyond Fear pages 207-8, I wrote about the technical details of the Berlin Wall. This is far more sophisticated.

Posted on September 12, 2005 at 11:32 AM • View Comments

Shoulder Surfing Keys

Here’s a criminal who “stole” keys, the physical metal ones, by examining images of them being used:

He surreptitiously videotaped letter carriers as they opened the boxes, zooming in on their keys. Lau used those images to calculate measurements for the grooves in the keys and created brass duplicates.

[…]

“The FBI is not aware of anything else like this,” bureau spokeswoman Jerri Williams said.

Technology causes security imbalances. Sometimes those imbalances favor the defender, and sometimes they favor the attacker. What we have here is a new application of a technology by an attacker.

Very clever.

Posted on September 7, 2005 at 11:35 AM • View Comments

Hogwarts Security

From Karl Lembke:

In the latest Harry Potter book, we see Hogwarts implementing security precautions in order to safeguard its students and faculty.

One step that was taken was that all the students were searched – wanded, in fact – to detect any harmful magic. In addition, all mail coming in or out was checked for harmful magic.

In spite of these precautions, two students are nearly killed by cursed items.

One of the items was a poisoned bottle of mead, which made it onto school grounds and into a professor’s office.

It turned out that packages sent from various addresses in the nearby town were not checked. The addresses were trusted, and anything received from them was considered safe. When a key person was compromised (in this case, by a mind-control spell), the trusted address was no longer trustworthy, and a gaping hole in security was created.

Of course, since everyone knew everything was checked on its way into the school, no one felt the need to take any special precautions.

The moral of the story is, inadequate security can be worse than no security at all.

And while we’re on the subject, can you really render a powerful wizard helpless simply by taking away his wand? And is taking away a powerful wizard’s wand simply as easy as doing something to him at the same time he is doing something else?

One, this means that you’re dead if you’re outnumbered. All it would take it two synchronized wizards, both of much lower power level, to defeat a powerful wizard. And two, it means that you’re dead if you’re taking by surprise or distracted.

This seems like an enormous hole in magical defenses, one that wizards would have worked feverishly to close up generations ago.

EDITED TO ADD: Here’s a page on trust in the series.

Posted on September 4, 2005 at 3:27 PM • View Comments

DNA Identification

Here’s an interesting application of DNA identification. Instead of searching for your DNA at the crime scene, they search for the crime-scene DNA on you.

The system, called Sentry, works by fitting a box containing a powder spray above a doorway which, once primed, goes into alert mode if the door is opened.

It then sprays the powder when there is movement in the doorway again.

The aim is to catch a burglar in the act as stolen items are being removed.

The intruder is covered in the bright red powder, which glows under ultraviolet (UV) light and can only be removed with heavy scrubbing.

However, the harmless synthetic DNA contained in the powder sinks into the skin and takes several days, depending on the person’s metabolism, to work its way out.

Posted on June 22, 2005 at 8:39 AM • View Comments

Ice Cream Locks

Security isn’t always about criminals and terrorists. Sometimes it’s about your roommates or your kid sister. Here’s a lock you can fit over your pint of ice cream so no one else eats it. Of course they can cut a hole through the packaging, but that’s not the kind of adversary we’re worried about here.

Posted on June 13, 2005 at 8:22 AM • View Comments

Users Disabling Security

It’s an old story: users disable a security measure because it’s annoying, allowing an attacker to bypass the measure.

A rape defendant accused in a deadly courthouse rampage was able to enter the chambers of the judge slain in the attack and hold the occupants hostage because the door was unlocked and a buzzer entry system was not activated, a sheriff’s report says.

Security doesn’t work unless the users want it to work. This is true on the personal and national scale, with or without technology.

Posted on May 2, 2005 at 8:22 AM • View Comments

Flaw in Pin-Tumbler Locks

This paper by Barry Wels and Rop Gonggrijp describes a security flaw in pin tumbler locks. The so called “bump-key” method will open a wide range of high security locks in little time, without damaging them.

It’s about time physical locks be subjected to the same open security analysis that computer security systems have been. I would expect some major advances in technology as a result of all this work.

Posted on March 7, 2005 at 7:27 AM • View Comments

Flaw in Winkhaus Blue Chip Lock

The Winkhaus Blue Chip Lock is a very popular, and expensive, 128-bit encrypted door lock. When you insert a key, there is a 128-bit challenge/response exchange between the key and the lock, and when the key is authorized it will pull a small pin down through some sort of solenoid switch. This allows you to turn the lock.

Unfortunately, it has a major security flaw. If you put a strong magnet near the lock, you can also pull this pin down, without authorization—without damage or any evidence.

The worst part is that Winkhaus is in denial about the problem, and is hoping it will just go away by itself. They’ve known about the flaw for at least six months, and have done nothing. They haven’t told any of their customers. If you ask them, they’ll say things like “it takes a very special magnet.”

From what I’ve heard, the only version that does not have this problem is the model without a built-in battery. In this model, the part with the solenoid switch is aimed on the inside instead of the outside. The internal battery is a weak spot, since you need to lift a small lid to exchange it. So this side can never face the “outside” of the door, since anyone could remove the batteries. With an external power supply you do not have this problem, since one side of the lock is pure metal.

A video demonstration is available here.

Posted on March 2, 2005 at 3:00 PM • View Comments

←Previous 1 … 21 22 23 24 25 Next→

Sidebar photo of Bruce Schneier by Joe MacInnis.