Slashdot Mirror
Defcon Hacks Defeat Card-And-Code Locks In Seconds
Sparrowvsrevolution writes "At the Defcon security conference in Las Vegas, Marc Weber Tobias and Toby Bluzmanis plan to demonstrate simple hardware hacks that expose critical security problems in Swiss lock firm Kaba's E-plex 5800 and its older 5000. Kaba markets the 5800 lock, which Bluzmmanis says can cost as much as $1,300, as the first to integrate code-based access controls with a new Department of Homeland Security standard that goes into effect next year and requires identifying credentials be used in secure facilities to control access. One attack uses a mallet to 'rap' open the lock, another opens the lock by putting a pin through the LED display light to ground a contact on the circuit board, and a third uses a wire inserted in the lock's back panel to hit a switch that resets its software."
Legally speaking, an "unhackable" security system is starting to resemble an attractive nuisance. Design utmost security, you are inviting hackers, thereby defeating your trespass claims...
Gently reply
a new Department of Homeland Security standard that goes into effect next year
How many places will buy them because they meet this government spec without regard to these problems? Government planning at its finest!
It's nice to know that those in charge of building the United States' very own Gestapo are also security experts. Too bad they're so good at the first task and so lousy at the second.
Look, I can defeat the lock by kicking the door in! It must be an insecure design.
You know, the ones where the character (usually a young, bright geek) rips the cover off the card swipe/keypad unit, shorts a few wires, and opens the door? ..bruce..
Bruce F. Webster (brucefwebster.com)
Isn't this pretty much an old trick, similar to 'bumping'?
This one's a lot more fun as you have to know where, approximately, that contact is - but then again, why is that contact accessible?
oh for pity's sake.
The first has already been solved by lockmakers, the second is solved by making the PCB reasonably inaccessible (an individual cover plate will do) which would also deal with the third, but then the third shouldn't be a switch anyway - it should be two distinct female header points on the PCB that can be bridged only with a length of wire; this is not a crappy home wireless router that actually needs a user-accessible reset button.
Whoever designed these $1k locks, electronically and mechanically, really need to go back to the drawing board... or school.
Unfortunately these locks still happily open the door when fired on by a blaster.
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
In other news, people who attend Defcon are too cheap to use a Mac, upload bizarrely interlaced videos to YouTube because mencoder's command line cannot be understood by humans.
If you could just implement a identifying credentials into these locks...
toool.nl/images/f/f3/Abloypart2.pdf (PDF)
The Swiss can make good rolexes but high priced locks where you can get to bypass wire real easy.
any ways slots machines used to be easy to short out by doing some thing like this and they fixed them.
The fact that somebody managed to get a "secure" lock out the door with electrical contacts trivially accessible from the hostile side of the door is pretty damn pathetic... Couldn't they have potted the thing? Worse, it isn't as though designing systems that are supposed to be resistant to physical/electrical attacks isn't exactly an unknown field. The Nevada Gaming Commission, for example, would laugh a slot machine out of their office if it had externally accessible PCBs. The standards specifically mention that, among numerous other considerations. Heck, these super-advanced locks would seem to be rather more vulnerable than contemporary consumer hardware DRM, of the sort that protects a few bucks worth of pop-culture drivel. FFS...
I got locked in my self-storage lot after staying past closing time (11 PM). There were no staff to let me out and I was trapped inside with only a keypad to open the gate which happily told me the lot was closed. After inspecting the gate I saw a what amounted to a key switch on a pole high enough for someone on a fire truck to access from the outside. I followed the conduit from that key switch to an electrical box near the gate motor. This small box was secured with one flat head screw, Armed with a paperclip I removed the screw and shorted the two wires coming from the key switch and the gate opened.
I don't know if I would have thought to do that if I wasn't inspired by the movies. It sure beat camping there for the night,
Normally these cheap devices directly control an actuator (coil or motor etc..) that is physically embedded in the door lock. If you can open the device, only little logic is needed to directly drive the actuator using the power supply, or gate the responsible transistor with a wire. It would be more secure if the scanning device had a digital link to a control system located somewhere else, that would verify the code and drive the actuator directly.
Lock specification:
1) Submit production samples of your candidate locks to several Defcon conferees, particularly those who have defeated lock mechanisms in the past.
2) A decision on whether your locks meets the specification will be rendered after next year's Defcon.
This issue is a bit more complicated than you think.
how about hardwired so there less need for a some what easy to get to battery door / panel. Still can use a backup battery that is more sealed up.
But make so the lock can be in place where some one will see messing with it to bypass it and make take a little bit of time to bypass it as well.
In their demo video, the locking mechanism isn't attached to anything, so the whole mechanism bounces around when they whack it. I'd be interested to see if this method still works when it is attached to a solid door.
Above comment MINE get so PO'd about the whole war on terrorism - perhaps not as bad as the war on drugs at least there is a problem in there somewhere and maybe an enemy somewhere as well...that I FORGOT I was not logged in, thought I had that on auto, guess not lol
Exactly. No such thing as security, although there are such things as making "violations" more difficult or maybe even trying to do somehing to reduce, punish, or otherwise affect the number doing "violations" ("violations" = whatever the F a "breach of "Security" is for the matter at hand, if any)
NOPE. The point of "terror" is to be known, not to remain undetected. Breaching the damn lock is almost as good as getting to, busting, etc. whatever the lock is supposed to keep safe, inaccessible to the unauthorized, etc....
If what's being "protected" is a part of the Dept of Homeland Security I'd say my few nickles worth of pop culture is far more valueable. Of course I have a more tamper-resistent lock, from Ace hardware....
My father locked certain power tools in a steel 'sea chest' because he didn't want me using them. I quickly sanded down one end of the hinge pins on the two hinges on the chest. Thus I could easily slip the hinges and get access to the tools when needed. I didn't tamper with the lock in any obvious way, and from then on always had access to those tools.
Did you watch the videos? The first two don't leave any visible damage and the third one is hard to detect.
um yea if your liquor lock issue had a big squishy silicone window to a "opps reset to unlock mode" that you could trip with a key-chain swiss army knife, cost a grand doing it, while being marketed to our dumb government, then you would have a point.
I mean when you deal with physical security, you accept that there is no 100%. There is no unbreakable lock, no invincible door, and so on. However that doesn't mean everything is shit and money should get quality.
Compare that shit to a high security Medeco or Assa lock or the like. They can't be bumped, are hard to get keys copied for, can take a hell of a lot of physical abuse and so on, yet only cost about $200-300.
You are going to roll out a $1000 lock it need to at least give you the same kind of security you'd get from one of those. They may not be perfect, but you can't stick a wire in them to get by them at least.
"You know, the ones where the character (usually a young, bright geek) rips the cover off the card swipe/keypad unit, shorts a few wires, and opens the door?"
I swear to FSM I've done this.
I was meeting a friend of mine at a place. Door is protected by a keypad lock. When we get there he then realizes they just issued all new codes for the year, he can't remember his yet, and the paper with the new code is back at his place. I look at the box the keypad is mounted in, and notice it has two exposed screws.
I whip out my Leatherman and take the keypad off. There are four wires running to the keypad. I try randomly shorting two of the pins on the connector.
*click*
I couldn't believe it actually worked. I know the keypads we have at work are much better than that. The exposed keypads and scanners only transmit codes back to the control unit. The relays for the door releases are in the control unit, and the door releases are wired separately. Ripping open the keypad gets you very little.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
"It is important to realize that any lock can be picked with a big enough hammer." -- Sun System & Network Admin Manual
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
You are going to roll out a $1000 lock it need to at least give you the same kind of security you'd get from one of those. They may not be perfect, but you can't stick a wire in them to get by them at least.
What's interesting is that Kaba Mas also makes the X-09, which is the current DoD uber-lock used for classified stuff. It is, by all reports, extremely hard to subvert.
Neat stuff.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
Still prefer the "Sneakers" solution to a locked, secured room sporting a very hard to crack keypad combination lock on the door.
It was not only one of the best scenes in the movie but should cause anyone faced with an impossible problem to stop for a moment and think outside the box. If your problem is in the box, then move the box. You will eventually find a way to crush it.
For those who have not seen the film or won't bother, the secret solution to the ultra secure keypad lock is to.... kick the door in.
A lock is only as good as the door it locks. And the door only as good as the door frame. And the frame only as good as the wall. When faced with a very good lock tumbler mounted in a very good lock on a very good door in a very good frame, the solution is not to spend time picking the lock when you could just make a big, quick hole in the cheap low bidder drywall next to the door and instantly make a whole new door with no lock. You get in. You get out.
Subtle, not really. But if you want to get in, expand your horizons. Put your problem in the box and then move the whole box.
Almost nobody thinks like this in my experience. They are all too busy contemplating how to pick the super good lock tumbler. Meanwhile I am out choosing which boot to use on the door, or which fire axe to use on that drywall.
Sig for hire.
It's pretty easy to put together a basic security system. Require an identity token of some sort, and require proof of knowledge of a secret, and you have the makings of a security system!
Security is not a boolean. Security is a variable, ranging from non at all to mild, moderate, to extremely secure.
Little things can greatly add greatly to real security (such as free permits for concealed weapons and password strength requirements), and big, obvious, "secure" things can easily be nothing more than theater. (EG: the TSA goons at the airports)
To be truly secure at the high end is surprisingly difficult. As the value of the prize increases in value, the number of potentially useful attacks increases exponentially. A dollar-store lock will reasonably protect a $50 used bike in most areas, but at $500, the lock has to be able to reasonably defend itself from something like a grinder. At $5,000, blow torches become reasonable, and at $50,000, plastic explosives are a fair bet.
See how much more difficult it gets to defend concentrated wealth? It's *hard* to do it right!
I have no problem with your religion until you decide it's reason to deprive others of the truth.
A 6lb maul? You joking? I have an 8lb demolition hammer, and I wished I had something bigger when doing a rather "simple" remodel of a room and demolition of a deck. 8lb was barely enough to get a slightly curvy 6.5' 2x10 header in place...
I've seen plenty of doors where even a 24lb demolition hammer would perhaps dent them and scratch the paint, and not much else. Since I had to replace the front doors on my house, I did try the 8lb hammer on them. By my estimate, it'd take me half a day of pounding and sweating to get through. I would probably demolish the block wall those doors were mounted in before ripping the doors open. And those seem to be standard commercial steel entry doors. Not the cheap residential stuff, but nothing specifically designed for highly secure areas either.
A successful API design takes a mixture of software design and pedagogy.
I am not convinced that the locks in the You Tube videos were actually locked. The plunger on the deadlatch was not depressed, and many locks respond differently in this mode since there is no purpose served in making the lock secure while the door is open. Last week I performed a modification to the front door lock of my parents' home to allow opening the door by either raising or depressing the handle that was similar to the third attack and the plunger function is critical to the locking function on that lock. The techniques may work with the deadlatch engaged to the striker plate, but without seeing the demonstrations repeated in that arrangement I remain a little dubious.
The US government have made it clear that we have no inalienable rights; any we do not defend vigorously will be taken.
Your post reminded me of something I haven't seen mentioned here -
In pretty much any system you're going to have numerous vulnerabilities, which you will mitigate with controls(being generic here).
Take a house or building. Incomplete list, of course:
Depending on attack, all of these are vulnerabilities:
Now, there's also covert and non-covert entry. Picking a lock is covert, busting a window isn't. It's a sliding scale really; busting a hidden window may be more covert than picking the front door.
The trick to security is to determine your budget, list up all your vulnerabilities, then figure out a plan to 'even up' your worst vulnerabilities while staying in budget.
As such, in a home buying premium 'unpickable' locks is typically not necessary. You'll quickly make it so picking the lock isn't worth it - but you may fail to address the other vulnerabilities. Instead, you might as well pick one for features such as being able to rekey it yourself, electronic entry, durability/reliability, even appearance.
One quick fix may be to buy some long, heavy duty screws and put them into your door frame, and replace the screws that came with your locks and hinge hardware. Longer screws = more strength against break attacks. They're generally cheap; even $20 will go a long ways towards making your door harder to kick in. After that, you're probably better off looking at your windows - bars on the windows, if you're that paranoid.
An automatic alarm system gives you some depth, but be careful of monitoring companies - some don't take their own alarms seriously.
I don't read AC A human right
1300$ lock ...
I would need to buy a lock to protect the lock but that lock would be 1300$
so
I would need to buy another lock to protect the lock but that lock would be 1300$, more
so
I would need to buy another lock to protect the lock but that lock would be 1300$, more
so
I would need to buy another lock to protect the lock but that lock would be 1300$, more
so
I would need to buy another lock to protect the lock but that lock would be 1300$, more
so
I would need to buy another lock to protect the lock but that lock would be 1300$, more
so
I would need to buy another lock to protect the lock but that lock would be 1300$, more
I'm looping...
But thankfully /. has an answer for everything ! :
http://developers.slashdot.org/story/11/08/02/2031215/Escaping-Infinite-Loops
Turning it off and on again, usually helps :)
Necessity really IS the mother of invention.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
Most of this is to protect isolated control rooms... Think the water testing valve for a city wellhead. Once you are in and deal damage, you'll have plenty of time to flee, damage will actually happen up to miles away from here.
The USA is dotted with power, telco, gas, water lines that cross miles of country. Hell, most of my local utility offices are "unattended" now. Just plain brick buildings.
There's a quicker, quieter way (Smith linked because they are very well made in the USA):
http://store.cyberweld.com/porwelkit.html?utm_medium=shoppingengine&utm_source=googlebase&cvsfa=2530&cvsfe=2&cvsfhu=706f7277656c6b6974
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
An external verification controller isn't completely necessary to increase security. Just make the actuator more complicated to control.
If you use e.g. a BLDC motor (see http://en.wikipedia.org/wiki/Brushless_DC_electric_motor) at the door, just sending some power done the control lines is at most going to burn the coils. controls have to be activated and deactivated in correct fashion (and current measured) for the motor to turn. Obviously people skilled enough can reverse engineer this. But connecting all wires to your own microcontroller will take some time.
Very nice. Thanks for the link.
A successful API design takes a mixture of software design and pedagogy.
But think about the cost of that also not forgetting that if the control mechanism messes up, those motors if simply powered up can remain stationary and are virtually impossible to move. Most security is just to keep a simple thief out. An intelligent, dedicated, targeted attacker will always succeed if you give it enough resources. If nothing else I'll just get a plasma cutter and cut out your door.
Custom electronics and digital signage for your business: www.evcircuits.com
I guess you can always buy a bigger SUV to compensate.
Good vault and safe designs use that thinking.
Instead of metal, the main material in a modern vault door is a proprietary concrete mix that has more than ten times the strength of a similar thickness of standard reinforced concrete. Even a thermal lance is impractical, hours needed to make a small hole