Collaborate Disseminate
Researchers are using recordings of keys being used in locks to create copies. Once they have a key-insertion audio file, SpiKey’s inference software gets to work filtering the signal to reveal the strong, metallic clicks as key ridges hit the lock’s pins [and you can hear those filtered clicks online here]. These clicks are vital to the inference analysis: the… Continue reading Copying a Key by Listening to It in Action
Yet another Internet-connected door lock is insecure: Sold by retailers including Amazon, Walmart, and Home Depot, U-Tec’s $139.99 UltraLoq is marketed as a "secure and versatile smart deadbolt that offers keyless entry via your Bluetooth-enabled smartphone and code." Users can share temporary codes and ‘Ekeys’ to friends and guests for scheduled access, but according to Tripwire researcher Craig Young, a… Continue reading Smart Lock Vulnerability
The attack requires physical access to the computer, but it’s pretty devastating: On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer — and even its hard disk… Continue reading Attack Against PC Thunderbolt Port
The attack requires physical access to the computer, but it’s pretty devastating: On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer — and even its hard disk encryption — to gain full access to the computer’s data. And while his attack in many cases requires opening a… Continue reading Attack Against PC Thunderbolt Port
Story of how Tiffany & Company moved all of its inventory from one store to another. Short summary: careful auditing and a lot of police…. Continue reading Securing Tiffany’s Move
This short video explains why computers regularly came with physical locks in the late 1980s and early 1990s. The one thing the video doesn’t talk about is RAM theft. When RAM was expensive, stealing it was a problem…. Continue reading Locked Computers
The Diqee 360 robotic vacuum cleaner can be turned into a surveillance device. The attack requires physical access to the device, so in the scheme of things it’s not a big deal. But why in the world is the vacuum equipped with a microphone?… Continue reading Hacking a Robot Vacuum
This is weird: Police in Detroit are looking for two suspects who allegedly managed to hack a gas pump and steal over 600 gallons of gasoline, valued at about $1,800. The theft took place in the middle of the day and went on for about 90 minutes, with the gas station attendant unable to thwart the hackers. The theft, reported… Continue reading Gas Pump Hack
Tapplock sells an "unbreakable" Internet-connected lock that you can open with your fingerprint. It turns out that: The lock broadcasts its Bluetooth MAC address in the clear, and you can calculate the unlock key from it. Any Tapplock account an unlock every lock. You can open the lock with a screwdriver. Regarding the third flaw, the manufacturer has responded that… Continue reading Ridiculously Insecure Smart Lock
Interesting history of the security of walls: DĂșn Aonghasa presents early evidence of the same principles of redundant security measures at work in 13th century castles, 17th century star-shaped artillery fortifications, and even "defense in depth&… Continue reading On the Security of Walls