close
    • chevron_right

      Security Vulnerability in Saflok’s RFID-Based Keycard Locks

      news.movim.eu / Schneier · Tuesday, 26 March - 16:04 · 1 minute

    It’s pretty devastating :

    Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok . The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries. By exploiting weaknesses in both Dormakaba’s encryption and the underlying RFID system Dormakaba uses, known as MIFARE Classic, Carroll and Wouters have demonstrated just how easily they can open a Saflok keycard lock. Their technique starts with obtaining any keycard from a target hotel—say, by booking a room there or grabbing a keycard out of a box of used ones—then reading a certain code from that card with a $300 RFID read-write device, and finally writing two keycards of their own. When they merely tap those two cards on a lock, the first rewrites a certain piece of the lock’s data, and the second opens it.

    Dormakaba says that it’s been working since early last year to make hotels that use Saflok aware of their security flaws and to help them fix or replace the vulnerable locks. For many of the Saflok systems sold in the last eight years, there’s no hardware replacement necessary for each individual lock. Instead, hotels will only need to update or replace the front desk management system and have a technician carry out a relatively quick reprogramming of each lock, door by door. Wouters and Carroll say they were nonetheless told by Dormakaba that, as of this month, only 36 percent of installed Safloks have been updated. Given that the locks aren’t connected to the internet and some older locks will still need a hardware upgrade, they say the full fix will still likely take months longer to roll out, at the very least. Some older installations may take years.

    If ever. My guess is that for many locks, this is a permanent vulnerability.

    • chevron_right

      Go ahead and unplug this door device before reading. You’ll thank us later.

      news.movim.eu / ArsTechnica · Thursday, 9 March, 2023 - 17:34 · 1 minute

    The Akuvox E11

    Enlarge / The Akuvox E11 (credit: Akuvox)

    The Akuvox E11 is billed as a video door phone, but it’s actually much more than that. The network-connected device opens building doors, provides live video and microphone feeds, takes a picture and uploads it each time someone walks by, and logs each entry and exit in real time. The Censys device search engine shows that roughly 5,000 such devices are exposed to the Internet, but there are likely many more that Censys can’t see for various reasons.

    It turns out that this omnipotent, all-knowing device is riddled with holes that provide multiple avenues for putting sensitive data and powerful capabilities into the hands of threat actors who take the time to analyze its inner workings. That’s precisely what researchers from security firm Claroty did. The findings are serious enough that anyone who uses one of these devices in a home or building should pause reading this article, disconnect their E11 from the Internet, and assess where to go from there.

    The 13 vulnerabilities found by Claroty include a missing authentication for critical functions, missing or improper authorization, hard-coded keys that are encrypted using accessible rather than cryptographically hashed keys, and the exposure of sensitive information to unauthorized users. As bad as the vulnerabilities are, their threat is made worse by the failure of Akuvox —a China-based leading supplier of smart intercom and door entry systems—to respond to multiple messages from Claroty, the CERT coordination Center, and Cybersecurity and Infrastructure Security Agency over a span of six weeks. Claroty and CISA publicly published their findings on Thursday here and here .

    Read 14 remaining paragraphs | Comments

    • chevron_right

      Digital License Plates

      news.movim.eu / Schneier · Wednesday, 12 October, 2022 - 19:52 · 1 minute

    California just legalized digital license plates, which seems like a solution without a problem.

    The Rplate can reportedly function in extreme temperatures, has some customization features, and is managed via Bluetooth using a smartphone app. Rplates are also equipped with an LTE antenna, which can be used to push updates, change the plate if the vehicle is reported stolen or lost, and notify vehicle owners if their car may have been stolen.

    Perhaps most importantly to the average car owner, Reviver said Rplate owners can renew their registration online through the Reviver mobile app.

    That’s it?

    Right now, an Rplate for a personal vehicle (the battery version) runs to $19.95 a month for 48 months, which will total $975.60 if kept for the full term. If opting to pay a year at a time, the price is $215.40 a year for the same four-year period, totaling $861.60. Wired plates for commercial vehicles run $24.95 for 48 months, and $275.40 if paid yearly.

    That’s a lot to pay for the luxury of not having to find an envelope and stamp.

    Plus, the privacy risks:

    Privacy risks are an obvious concern when thinking about strapping an always-connected digital device to a car, but the California law has taken steps that may address some of those concerns.

    “The bill would generally prohibit an alternative device [i.e. digital plate] from being equipped with GPS or other vehicle location tracking capability,” California’s legislative digest said of the new law. Commercial fleets are exempt from the rule, unsurprisingly.

    More important are the security risks. Do we think for a minute that your digital license plate is secure from denial-of-service attacks, or number swapping attacks, or whatever new attacks will be dreamt up? Seems like a piece of stamped metal is the most secure option.

    • chevron_right

      The chip shortage is driving up tech prices–starting with TVs

      Eric Bangeman · news.movim.eu / ArsTechnica · Saturday, 15 May, 2021 - 11:15

    The chip shortage is driving up tech prices–starting with TVs

    Enlarge (credit: Bloomberg | Getty Images)

    Televisions, laptops, and tablets have been in high demand during the Covid-19 pandemic , as people worked and learned via Zoom , socialized over Skype, and binged on Netflix to alleviate the lockdown blues. But all that extra screen time also helped set in motion a semiconductor supply crunch that is causing prices for some gadgets to spike—starting with TVs.

    In recent months, the price of larger TV models has shot up around 30 percent compared to last summer, according to market research company NPD . The jump is a direct result of the current chip crisis, and underscores that a fix is more complicated than simply ramping up production. It may also be only a matter of time before other gadgets that use the same circuitry—laptops, tablets, and VR headsets among them—experience similar sticker shock.

    Some manufacturers have already flagged potential price rises. Asus, a Taiwanese computer maker, said during a quarterly earnings call in March that a shortage of components would mean “price hikes further upstream,” which would likely affect consumers.

    Read 13 remaining paragraphs | Comments

    index?i=UAVJ9b6-3Cs:9-Z2WOG83nA:V_sGLiPBpWUindex?i=UAVJ9b6-3Cs:9-Z2WOG83nA:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
    • chevron_right

      Thousands of infected IoT devices used in for-profit anonymity service

      Dan Goodin · news.movim.eu / ArsTechnica · Friday, 16 October, 2020 - 12:00 · 1 minute

    A stylized human skull over a wall of binary code.

    Enlarge (credit: Aurich Lawson / Ars Technica )

    Some 9,000 devices—mostly running Android, but also the Linux and Darwin operating Systems—have been corralled into the Interplanetary Storm, the name given to a botnet whose chief purpose is creating a for-profit proxy service, likely for anonymous Internet use.

    The finding is based on several pieces of evidence collected by researchers from security provider Bitdefender. The core piece of evidence is a series of six specialized nodes that are part of the management infrastructure. They include a:

    • proxy backend that pings other nodes to prove its availability
    • proxy checker that connects to a bot proxy
    • manager that issues scanning and brute-forcing commands
    • backend interface responsible for hosting a Web API
    • node that uses cryptography keys to authenticate other devices and sign authorized messages
    • development node used for development purposes

    Keeping it on the down-low

    Together, these nodes “are responsible for checking for node availability, connecting to proxy nodes, hosting the web API service, signing authorized messages, and even testing the malware in its development phase,” Bitdefender researchers wrote in a report published on Thursday . “Along with other development choices, this leads us to believe that the botnet is used as a proxy network, potentially offered as an anonymization service.”

    Read 9 remaining paragraphs | Comments

    index?i=kJTwWV-pg80:Vr_Fv1n3MIg:V_sGLiPBpWUindex?i=kJTwWV-pg80:Vr_Fv1n3MIg:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
    • chevron_right

      How a hacker turned a $250 coffee maker into ransom machine

      Dan Goodin · news.movim.eu / ArsTechnica · Saturday, 26 September, 2020 - 14:58

    With the name Smarter, you might expect a network-connected kitchen appliance maker to be, well, smarter than companies selling conventional appliances. But in the case of the Smarter’s Internet-of-things coffee maker, you’d be wrong.

    As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the $250 devices to see what kinds of hacks he could do. After just a week of effort, the unqualified answer was: quite a lot. Specifically, he could trigger the coffee maker to turn on the burner, dispense water, spin the bean grinder, and display a ransom message, all while beeping repeatedly. Oh, and by the way, the only way to stop the chaos was to unplug the power cord. Like this:

    What a hacked coffee maker looks like

    “It’s possible,” Hron said in an interview. “It was done to point out that this did happen and could happen to other IoT devices. This is a good example of an out-of-the-box problem. You don't have to configure anything. Usually, the vendors don’t think about this.”

    Read 22 remaining paragraphs | Comments

    index?i=BWgg6v7sQGI:AR1ZW37nlPg:V_sGLiPBpWUindex?i=BWgg6v7sQGI:AR1ZW37nlPg:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA