Security Info Watch, click to go home
Home > root level > Done with Microsoft, hackers turn to locks?

SIW Blogs

Blogs about security from the editors and contributors of Security Dealers & Integrator, Security Technology Executive and SecurityInfoWatch on security trends, technology, loss prevention, new products and more.

    Integrator Insights
Deborah L. O'Mara		     Security2LP
Curtis Ballie		   The Security Check
Geoff Kohl		   Industry Surveillance
Joel Griffin
    SD&I Dispatches
Natalia Kosk		     The Command Line
Ronen Isaac		   Public Safety Watch
  • Email this page
  • PDF
  • Print
  		•
    The Security Check
    Done with Microsoft, hackers turn to locks?
    Author: Geoff Kohl - (about)
    Date: Aug 11 2008 - 11:27am

    DefCon is an interesting inverse to the standard security conference. Instead of hearing stories about "how we kept the bad guys out," you hear the stories of "how we let ourselves in." Not that they're necessarily the bad guys any more -- since some hackers at DefCon use the conference to publicly humiliate companies and technology developers into improving their security.

    This most recent DefCon was held August 8-10, at the Riviera Hotel and Casino in Las Vegas, and if you're just hearing about DefCon, let me say that this is a hacker's show. Show organizers even are known to encourage their attendees to hack the conference's electronic access badge. Even so, government security pros (read: bureau and agency guys and gals) are known to attend to stay up-to-date on what they'll be faced with.

    One thing that has been happening a little more each year is that the hacking community recognized that not only could they hack electronic security, but also that traditional physical security devices could fall to the hands of their hacks as well.

    Much like recent DefCons, at this year's DefCon 16 lock picking was taught -- presumably because it's easier to perform IT hacks inside a facility than it would be from "outside". One of the hackers apparently was also showing off a skill on how to pick Medeco locks using simply a picture of the key and some disposable plastic (old credit cards or plastic from the Shrinky Dinks children's toy); the same hacker was known for showing how to bump locks, even so-called unbumpable locks.

    Gale Johnson, an accomplished locksmith and editor-in-chief of Locksmith Ledger, provided me insight into what really was being shown at DefCon in terms of the lock picking:

    "Mechanical locks depend on a singular-shaped operating key. I have a comparator machine and have measured the factory specs. for over 2000 different types of keys. This information is not a secret and is available from multiple sources. Therefore, if you can obtain a picture of an operating key, obviously someone with the factory specs can possibly originate a working key. This is true of any mechanical key. The discovery in Las Vegas is no discovery at all."


    Thanks, Gale, for giving us a quick run-down of this so-called hack. We also posted a story on the SIW homepage about other tactics to get into buildings being proposed at DefCon 16. What's clear is that hacking isn't just for Microsoft anymore.

    -Geoff

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.


Archives by date: