Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security Hardware

Defcon Hacks Defeat Card-And-Code Locks In Seconds 144

Posted by timothy from the hey-tsa-locks-are-awesome dept.
Sparrowvsrevolution writes "At the Defcon security conference in Las Vegas, Marc Weber Tobias and Toby Bluzmanis plan to demonstrate simple hardware hacks that expose critical security problems in Swiss lock firm Kaba's E-plex 5800 and its older 5000. Kaba markets the 5800 lock, which Bluzmmanis says can cost as much as $1,300, as the first to integrate code-based access controls with a new Department of Homeland Security standard that goes into effect next year and requires identifying credentials be used in secure facilities to control access. One attack uses a mallet to 'rap' open the lock, another opens the lock by putting a pin through the LED display light to ground a contact on the circuit board, and a third uses a wire inserted in the lock's back panel to hit a switch that resets its software."
This discussion has been archived. No new comments can be posted.

Defcon Hacks Defeat Card-And-Code Locks In Seconds More

Defcon Hacks Defeat Card-And-Code Locks In Seconds

Comments Filter:

  • Uber locks (Score:5, Informative)

    by DragonHawk ( 21256 ) on Saturday August 06, 2011 @12:37AM (#37004178) Homepage Journal

    You are going to roll out a $1000 lock it need to at least give you the same kind of security you'd get from one of those. They may not be perfect, but you can't stick a wire in them to get by them at least.

    What's interesting is that Kaba Mas also makes the X-09, which is the current DoD uber-lock used for classified stuff. It is, by all reports, extremely hard to subvert.

    • * Self-powered. No battery or external power supply needed.
    • * The exposed side has an LCD and a dial. Everything else is inside the security boundary. If you break the dial off you just make entry harder.
    • * The LCD is designed to only be viewable by someone standing right at the lock. Someone standing next to you can't snoop the numbers.
    • * The rate at which the dial causes numbers to change varies randomly with each step of the combination. Someone standing next to you can't derive the numbers from the rate at which you turn the dial.
    • * If the dial is turned too at regular a pace, the lock assumes you're an auto-dialer and shuts down.
    • * Repeated wrong combinations result in progressively longer lockout delays.
    • * You can view how many unsuccessful attempts have been made (allows you to audit to see if someone's tried to get in).

    Neat stuff.

Slashdot Top Deals

It's a naive, domestic operating system without any breeding, but I think you'll be amused by its presumption.

Close