Entries Tagged "physical security"

Page 7 of 24

Attacking PLCs Controlling Prison Doors

Embedded system vulnerabilities in prisons:

Some of the same vulnerabilities that the Stuxnet superworm used to sabotage centrifuges at a nuclear plant in Iran exist in the country’s top high-security prisons, according to security consultant and engineer John Strauchs, who plans to discuss the issue and demonstrate an exploit against the systems at the DefCon hacker conference next week in Las Vegas.

Strauchs, who says he engineered or consulted on electronic security systems in more than 100 prisons, courthouses and police stations throughout the U.S. ­ including eight maximum-security prisons ­ says the prisons use programmable logic controllers to control locks on cells and other facility doors and gates. PLCs are the same devices that Stuxnet exploited to attack centrifuges in Iran.

This seems like a minor risk today; Stuxnet was a military-grade effort, and beyond the reach of your typical criminal organization. But that can only change, as people study and learn from the reverse-engineered Stuxnet code and as hacking PLCs becomes more common.

As we move from mechanical, or even electro-mechanical, systems to digital systems, and as we network those digital systems, this sort of vulnerability is going to only become more common.

Posted on August 2, 2011 at 6:23 AMView Comments

Duplicating Physical Keys from Photographs (Sneakey)

In this demonstration, researchers photographed keys from 200 feet away and then made working copies. From the paper:

The access control provided by a physical lock is based on the assumption that the information content of the corresponding key is private—that duplication should require either possession of the key or a priori knowledge of how it was cut. However, the ever-increasing capabilities and prevalence of digital imaging technologies present a fundamental challenge to this privacy assumption. Using modest imaging equipment and standard computer vision algorithms, we demonstrate the effectiveness of physical key teleduplication—extracting a key’s complete and precise bitting code at a distance via optical decoding and then cutting precise duplicates. We describe our prototype system, Sneakey, and evaluate its effectiveness, in both laboratory and real-world settings, using the most popular residential key types in the U.S.

The design of common keys actually makes this process easier. There are only ten possible positions for each pin, any single key uses only half of those positions, and the positions of adjacent pins are deliberately set far apart.

EDITED TO ADD (7/26): I seem to have written about this in 2009. Apologies.

Posted on July 26, 2011 at 1:28 PMView Comments

Physical Key Escrow

This creates far more security risks than it solves:

The city council in Cedar Falls, Iowa has absolutely crossed the line. They voted 6-1 in favor of expanding the use of lock boxes on commercial property. Property owners would be forced to place the keys to their businesses in boxes outside their doors so that firefighters, in that one-in-a-million chance, would have easy access to get inside.

We in the computer security world have been here before, over ten years ago.

Posted on July 14, 2011 at 6:38 AMView Comments

U.S. Presidential Limo Defeated by Steep-Grade Parking Ramp

It’s not something I know anything about—actually, it’s not something many people know about—but I’ve posted some links about the security features of the U.S. presidential limousine. So it’s amusing to watch the limo immobilized by a steep grade at the U.S. embassy in Dublin. (You’ll get a glimpse of how thick the car doors are toward the end of the video.)

EDITED TO ADD (6/1): It was a spare; the president was not riding in it at the time.

EDITED TO ADD (6/13): Here’s a video of President Bush’s limo breaking down in Rome.

Posted on May 26, 2011 at 1:57 PMView Comments

"Operation Pumpkin"

Wouldn’t it be great if this were not a joke: the security contingency that was in place in the event that Kate Middleton tried to run away just before the wedding.

After protracted, top-secret negotiations between royal staff from Clarence House and representatives from the Metropolitan Police, MI5 and elements of the military, a compromise was agreed. In the event of Operation Pumpkin being put into effect Ms Middleton will be permitted to run out of Westminster Abbey with her bodyguards trailing discreetly at a distance. Plain-clothes undercover police, MI5 officers and SAS soldiers stationed in the crowd will form a mobile flying wedge ahead of her, clearing a path for the fugitive future princess to escape down.

Prince William will then have a limited time, the subject of tense negotiations between Clarence House and security chiefs, in which the path behind Ms Middleton will be kept open for him to go after her, after which the mobile protective cordon will close again at the Abbey end due to lack of manpower and the Prince will have let his bride slip through his fingers.

If Wills reacts fast enough, however, he will be able to chase after his fleeing fiancee for just under half a mile.

I wonder what security would have done if she just took off and ran.

EDITED TO ADD (5/5): The double negative in the first sentence has confused some people. To be clear: the article quoted, and Operation Pumpkin in general, is fiction.

Posted on May 4, 2011 at 12:15 PMView Comments

Unanticipated Security Risk of Keeping Your Money in a Home Safe

In Japan, lots of people—especially older people—keep their life savings in cash in their homes. (The country’s banks pay very low interest rates, so the incentive to deposit that money into bank accounts is lower than in other countries.) This is all well and good, until a tsunami destroys your home and washes your money out to sea. Then, when it washes up onto the beach, the police collect it:

One month after the March 11 tsunami devastated Ofunato and other nearby cities, police departments already stretched thin now face the growing task of managing lost wealth.

“At first we put all the safes in the station,” said Noriyoshi Goto, head of the Ofunato Police Department’s financial affairs department, which is in charge of lost-and-found items. “But then there were too many, so we had to move them.”

Goto couldn’t specify how many safes his department has collected so far, saying only that there were “several hundreds” with more coming in every day.

Identifying the owners of lost safes is hard enough. But it’s nearly impossible when it comes to wads of cash being found in envelopes, unmarked bags, boxes and furniture.

After three months, the money goes to the government.

Posted on April 15, 2011 at 6:49 AMView Comments

Biometric Wallet

Not an electronic wallet, a physical one:

Virtually indestructible, the dunhill Biometric Wallet will open only with touch of your fingerprint.

It can be linked via Bluetooth to the owner’s mobile phone ­ sounding an alarm if the two are separated by more than 5 metres! This provides a brilliant warning if either the phone or wallet is stolen or misplaced. The exterior of the wallet is constructed from highly durable carbon fibre that will resist all but the most concerted effort to open it, while the interior features a luxurious leather credit card holder and a strong stainless steel money clip.

Only $825. News article.

I don’t think I understand the threat model. If your wallet is stolen, you’re going to replace all your ID cards and credit cards and you’re not going to get your cash back—whether it’s a normal wallet or this wallet. I suppose this wallet makes it less likely that someone will use your stolen credit cards quickly, before you cancel them. But you’re not going to be liable for that delay in any case.

Posted on February 18, 2011 at 1:45 PMView Comments

Hacking Tamper-Evident Devices

At the Black Hat conference lasts week, Jamie Schwettmann and Eric Michaud presented some great research on hacking tamper-evident seals.

Jamie Schwettmann and Eric Michaud of i11 Industries went through a long list of tamper evident devices at the conference here and explained, step-by-step, how each seal can be circumvented with common items, such as various solvents, hypodermic needles, razors, blow driers, and in more difficult cases with the help of tools such as drills.

Tamper-evident devices may be as old as civilization, and today are used in everyday products such as aspirin containers’ paper seals. The more difficult devices may be bolt locks designed to secure shipping containers, or polycarbonate locks designed to shatter if cut.

But they all share something in common: They can be removed and the anti-tampering device reassembled.

Here’s their paper, and here are the slides from their presentation. (These two direct download links from GoogleDocs also work.) There was more information in the presentation than in either the paper or the PowerPoint slides. If the video ever gets online, I’ll link to it in this post.

Posted on January 24, 2011 at 1:20 PMView Comments

Brute-Force Safecracking

This safecracking robot tries every possible combination, one after another:

Combination space optimization is the key. By exploiting of the mechanical tolerances of the lock and certain combination “forbidden zones”, we reduced the number of possible combinations by about an order of magnitude.

Opening the safe took “just a few hours.”

Along the same lines, here’s a Lego robot that cracks combination locks. I wrote about another, non-Lego, brute-force combination lock cracker a few years ago. The original link is broken, but the project is here.

EDITED TO ADD (2/13): In this video, champion safecracker Jeff Sitar opens a similar safe by feel and sound in just 5 minutes and 19 seconds.

Posted on January 24, 2011 at 6:15 AMView Comments

1 5 6 7 8 9 24

Sidebar photo of Bruce Schneier by Joe MacInnis.