August 1, 2010

Hackers crack high-tech locks

A woman uses a fingerprint scanner
A woman uses a fingerprint scanner. Security maverick Marc Tobias showed hackers on Saturday how simple it is to defeat some of the world's top high-tech locks.

Security maverick Marc Tobias showed hackers on Saturday how simple it is to defeat some of the world's top high-tech locks.

"These locks might be winning awards but they are forgetting the basics," Tobias said while giving AFP a first-hand look at how to crack several models. "They might be clever, but they aren't secure."

A Biolock model 333 designed to scan and unlock for chosen people was opened by simply pushing a paper clip into a key slot.

An Amsec ES1014 digital safe was breached by sliding a flat metal file folder hangar through through a crack at the edge of the door and pressing an interior button allowing the access code to be reset.

Tobias grew passionate when it came to an award-winning electromagnetic lock made in China for Finland-based iLoq.

The innovative iLoq used the action of a key being pushed into the lock to generate power for electronics that then checked data in a chip on the key to determine whether the user is cleared for access.

Tobias and lock-cracking colleague Tobias Bluzmanis pointed out that the iLoq design counted on a small hook being tripped to reset the devices as a key was removed.

In what they referred to as a viable inside attack possible on locks geared for office settings, someone could borrow a key and shave tiny bit of metal from the tip and it would no longer catch the iLoq reset hook.

A pocket-sized tool available in US stores for about 60 dollars could be used to grind down the hook in seconds, the men demonstrated.

With either method, the result would be that once a valid key is used to open the iLoq it will yield to any key or even a screw driver stuck in the slot because it remains stuck in the unlocked position.

An audit trail left by a compromised iLoq would stop at the person whose key legitimately opened the lock.

"It is really clever, but it is also very defective," said Tobias, a longtime advocate for tougher standards in the lock industry.

"Electromechanical locks are more secure if done right. The question is whether the technology is implemented properly."

The security.org crew opened a Kwikset programmable "smartkey" lock with a key blank, a screw driver and a vice grip tool.

Tobias and his team consistently show up at the annual DefCon gathering in Las Vegas to pop locks with wires, magnets, air, shock, screw drivers and other improvised tools.

Their presentation this year was met with hoots and applause.

Lock-picking holds a natural appeal to hackers, who thrive on bending hardware or software to their wills.

(c) 2010 AFP

Citation: Hackers crack high-tech locks (2010, August 1) retrieved 19 April 2024 from https://phys.org/news/2010-08-hackers-high-tech.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

Internet warriors hone skills at Black Hat - DefCon
0 shares

Feedback to editors

Relevant PhysicsForums posts

Error logging in: onLoginSuccess is not a function

17 hours ago

My Website For Creating Interactive Visuals Linked To Equations

Apr 16, 2024

Latest Notable AI accomplishments

Apr 9, 2024

Building a homemade Long Short Term Memory with FSMs

Apr 8, 2024

Most efficient way to randomly choose a word from a file with a list of words

Apr 2, 2024

Git, staging and committing files

Mar 31, 2024

More from Programming and Computer Science

Load comments (3)