Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Study of Physical Hacks at DefCon

Posted by Zonk on from the old-ways-are-the-best-ways dept.

eldavojohn writes "DefCon usually focuses on electronic security, but Saturday a talk was held that focused on possibly the oldest form of hacking — lockpicking. As software security becomes better and better, the focus may be shifting towards simple hacking tips like looking over someone's shoulder for their password, faking employment or just picking the locks to gain access to the building where machines are left on overnight. From the article: 'Medeco deadbolt locks relied on worldwide at embassies, banks and other tempting targets for thieves, spies or terrorists can be opened in seconds with a strip of metal and a thin screw driver, Marc Tobias of Security.org demonstrated for AFP ... Tobias says he refuses to publish details of 'defeating' the locks because they are used in places ranging from homes, banks and jewelers to the White House and the Pentagon. He asked AFP not to disclose how it is done.' I'm sure all Slashdot readers are savvy enough to use firewall(s) but do you know and trust what locks 'physically' protect your data from hacks like these?"

9 of 299 comments (clear)

  1. "Hacking" by Arthur+Grumbine · · Score: 5, Informative
    From TFS,

    "...simple hacking tips like looking over someone's shoulder for their password."

    How far the meaning of this word has come from it's original usage.

    --
    Now that I think about it, I'm pretty sure everything I just said is completely wrong.
  2. Re:Backstop that lock... by swb · · Score: 4, Informative

    No, it was meant to be serious. Locks keep out honest people and lazy criminals (given how often the police issue updates reminding us to lock the doors because they've had a run of unforced entry burglaries, there must be a lot of them).

    Weapons keep out ANYBODY, but watch out for criminal-friendly laws on deadly force that either require you to flee your own home or prove that you were threatened with imminent risk of death or great bodily harm.

    Fortunately where I live, deadly force is justified within your own home top stop the commission of a felony, and burglary is a felony.

  3. How Medeco locks work by Beryllium+Sphere(tm) · · Score: 4, Informative

    The cuts in the key are individually angled so they rotate the tumblers as well as lifting them. Slots in the tumblers are lined up by the rotation to unlock a sidebar that fits into a longitudinal slot in the cylinder.

    Bump keys can't even get started opening that.

    More burglars have feet than have lockpicking skills. Step one in physical security is to combat kick-in attacks. Replace your strike plate, which I can almost guarantee is inadequate, with a reinforced model like the Mag-3 and most important, install it with #10 wood screws at least 3" long, so it can't tear out of the studs when subjected to a good kick. Predrill the holes and put soap on the threads so you don't break screws as you install it.

    A block watch is a great idea too. Neighbors are a security mechanism.

    An alarm system also protects you against fire, which depending on where you live can be a bigger threat than burglary.

  4. Re:Backstop that lock... by kd5ujz · · Score: 4, Informative

    I take it you have not seen the "Protected by Smith & Wesson" Signs.

    http://www.smith-wesson.com/webapp/wcs/stores/serv let/CustomContentDisplay?langId=-1&storeId=10001&c atalogId=11101&content=36818

    http://www.preparedness.com/protbysmitwe.html

    --
    -William
    God is everything science has yet to explain.
  5. Re:How to pick Medeco locks by mlts · · Score: 4, Informative

    From what the original poster's article said, this appears to be a valid method against the original Medeco and the Medeco Biaxial line [1], but I don't see how this would have any effect at all versus the latest Medeco3 mechanism (well, latest since 2003), which uses side bitting on the key as well as the usual Medeco rotating pins.

    Other than Medeco, there is one type of lock that would be excellent for security, Abloy's Protec line, which from what I read takes 10-12 hours to pick even for the pros at detainer disk type of locks. However, the Protec line isn't sold in the US. Older Abloy lines are decent, but it would take far less time for a pro to pick them open. There are other high security locks out there, and one can read from a lock site what the weaknesses are of each of them.

    Nothing is 100% secure. If some thief is determined enough to bypass something, they can.

    Lastly, high security locks just one tool, in a toolbox of security options. If its worth locking with a high security cylinder, its worth having a centrally monitored alarm system (with a duress code [2] option.)

    [1]: Biaxial isn't that much more secure than the original Medeco, but it allows for (IIRC) 10 times as many key combinations, allowing for more flexible keying options.

    [2]: Yes, home invasions are on the rise, so make sure an alarm system has a duress feature (where it disarms, but silently calls the central station)... and USE the alarm. If at home, use the alarm's "at home" feature which monitors the doors and windows, but doesn't arm the IR detectors. A high security lock is no good when it is opened by the owner at gunpoint.

  6. Keyboard JitterBug eavesdropping by stock · · Score: 3, Informative

    The Dell key-logger hoax has probably the best decoy story to move
    professional hackers/security staffers into the wrong direction, as in
    May 2006, USENIX published the following research article :

    "Keyboards and Covert Channels"
      by Gaurav Shah, Andres Molina and Matt Blaze , 2006-05-17
      Department of Computer and Information Science
      University of Pennsylvania
    http://www.usenix.org/events/sec06/tech/shah/shah_ html/jbug-Usenix06.html

    In it the authors demonstrate that todays unwarranted wire tapping NSA
    activities, normally don't result in much success as serious internet
    users routinely apply encryption into their communications, like IPSec
    tunneling, ssh, VPN access connections, secure web-traffic https when
    i.e. doing Internet banking activities.

    However, secret service found a clever approach to all this, by
    covertly installing a Keyboard JitterBug into your keyboard. Here's
    how to secure your most trusted keyboard :

    Keyboard JitterBug eavesdropping
    http://crashrecovery.org/internet/#jitter

    where i may add, that lock picking _ALSO_ has been the best hoax ever
    on public display. Why? How many people today design their _OWN_
    locksmith locks? All installed door-locks worldwide are somehow sold in
    stores, hence its products and replacement keys are in the archives of
    the local secret service.

    Robert

  7. For details... by Stone+Rhino · · Score: 3, Informative
    See tobias's post on engadget a couple weeks ago: http://www.engadget.com/2007/07/19/the-lockdown-th e-medeco-m3-meets-the-perilous-paper-clip/

    Medeco offers several levels of key control to insure that its patent protected blanks cannot be copied, replicated or simulated. In many systems, proprietary keyways are available to further ensure that keys cannot be improperly compromised. Although the m3 is a very secure lock, we were able to simulate Medeco keys that can be made to bypass the keyway and slider protection of almost any system -- all without infringing on any Medeco intellectual property. It turns out that a standard paper clip will depress the slider precisely to the correct position. A wire or paper clip, fashioned as shown, is inserted into the keyway and wedged at the end of the body of the slider.
    So, with a proper paperclip, you can eliminate the additional security and remove its advantages against certain types of attacks.
    --


    Remember, there were no nuclear weapons before women were allowed to vote.
  8. Re:If guns stop crime then why crime in the USA? by zmollusc · · Score: 3, Informative

    Here in the uk it seems (although i cannot be arsed to look for stats) that shootings are steadily increasing in frequency, too.

    --
    They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
  9. Re:Backstop that lock... by knewter · · Score: 3, Informative

    The kind of person that puts one of those signs in the front yard has no problem with said criminals coming to take it. He kind of yearns for it.

    If someone's going to be an asshole, I'd rather they try it against someone who is overwhelmingly better-armed than they are.

    --
    -knewter