Tag Archive for: door

Hackers Show Vulnerabilities of RFID-Based Hotel Door Locks

/in


Hackers show vulnerabilities of RFID-based hotel door locks

Apr 02, 2024In a scenario that feels lifted from Oceans 11, a group of hackers have shown the vulnerabilities of RFID-based locks through a hotel room keycard.

A team of security researchers recently revealed a hotel keycard hacking technique they call Unsaflok. The technique exposes a collection of security vulnerabilities that would allow a hacker to open several models of Saflok-brand RFID-based keycard locks sold by lock maker Dormakaba.

The Saflok systems are installed on three million doors worldwide, inside 13,000 properties in 131 countries.

RFID Journal Live

The Hackers Story

As detailed in a story published on Wired, the researchers exploited weaknesses in both Dormakaba’s encryption and the underlying RFID system used, known as MIFARE Classic, according to Ian Carroll and Lennert Wouters.

They started by obtaining any keycard from a target hotel—new or used—in order to read a certain code from that card with a $300 RFID read-write device. After writing two keycards of their own, they were able to first rewrite a certain piece of the lock’s data and then open it.

“Two quick taps and we open the door,” said Wouters, a researcher in the Computer Security and Industrial Cryptography group at the KU Leuven University in Belgium. “And that works on every door in the hotel.”

Dormakaba Solution

Wouters and Carroll shared the full technical details of their hacking technique with Dormakaba in November 2022. Dormakaba says that it’s been working since early last year to make hotels that use Saflok aware of their security flaws and to help them fix or replace the vulnerable locks.

For many of the Saflok systems sold in the last eight years, there’s no hardware replacement necessary for each individual lock. Instead, hotels will only need to update or replace the front desk management system and have a technician carry out a relatively quick reprogramming of each lock, door by door.

But Dormakaba has reportedly only updated 36 percent of installed Safloks. Given that the locks aren’t connected to the internet and some older locks will still need a hardware upgrade, they say the full fix will still likely take months…

Source…

FBI’s Qakbot operation opens door for more botnet takedowns

/in


The FBI’s recent takedown of the QakBot botnet sent shockwaves throughout the cybersecurity community when it was first announced last week. QakBot had become the malware of choice for dozens of hacking groups and ransomware outfits that used it to set the table for devastating attacks.

Since emerging in 2007 as a tool used to attack banks, the malware evolved into one of the most commonly-seen strains in the world, luring an ever-increasing number of machines into its powerful web of compromised devices. Justice Department officials said their access to the botnet’s control panel revealed it was harnessing the power of more than 700,000 machines, including over 200,000 in the U.S. alone.

But almost as interesting as the takedown was the way law enforcement agencies pulled off the disruption.

Senior FBI and Justice Department officials — who called it “the most significant technological and financial operation ever led by the Department of Justice against a botnet” — explained in a briefing that they managed to infiltrate the botnet’s infrastructure and take a range of actions to shut it down.

Using a court order, the law enforcement agencies deployed the botnet’s auto-updating feature against itself to send out a custom application that uninstalled QakBot and disabled the feature on devices in the U.S.

“It’s as if the boss gave the order, ‘leave this workplace and don’t come back,’” said John Hammond, principal security researcher at the cybersecurity intelligence firm Huntress.

Chester Wisniewski, field CTO of applied research at Sophos, said the tactic reminded him of NotPetya, where a software downloader feature was abused by Russian hackers to download malware instead of updates.

“Almost all modern botnets have auto update functionality and if you can gain control of the communications channels you can essentially make them self-destruct,” Wisniewski said. “If we start having success with that though, criminals could start using digital signatures to make this more difficult.”

Other botnets

The FBI and other law enforcement agencies have conducted similar operations in the past to take down botnet networks.

The FBI’s targeting of the…

Source…

Cybersecurity: These simple steps can close the digital door on hackers

/in


Photo courtesy DepositPhotos

Personal accounts can be a gateway for business cyberhackers. Forward-thinking businesses, however, will not leave the door open for them.

Carl Mazzanti

The number of small business data breaches continues to grow and highlights the way cybercriminals can use LinkedIn and other social media profiles as a gateway into businesses, gaining unauthorized access to megabytes of sensitive data. To minimize the risk, business owners should work with their Cyber Security services provider to secure business and personal accounts from hackers.

Mark Zuckerberg found this out the hard way a few years back when a reported LinkedIn hack led to the exposure of a slew of accounts belonging to the Facebook (Meta) CEO. Despite his presumed savvy — after all, he is the world’s No. 1 social media magnate — Zuckerberg reportedly committed a series of fatal errors, including using an easy-to-crack password (dadada) on multiple accounts.

 

Easily guessed passwords can be dangerous

Otherwise-knowledgeable users often do not want to memorize lengthy sign-in codes, and instead seek shortcuts, like using common words, or the same password for more than one account. But hackers are getting more sophisticated —the NSA, FBI, and other security agencies have noted that the Russian General Staff Main Intelligence Directorate’s Russian (GRU’s) Main Center for Special Technologies released new malware targeting Americans and other users — so that is a dangerous practice.

But securing accounts does not have to be complicated. One basic, yet effective measure is Multi-Factor Authentication (MFA). MFA requires at least two independent factors to log into an account. One factor may be a (secure) password, and the second could be a one-time passcode sent to the user’s mobile phone. This way, the account will be safe even if one factor is stolen.

Increasing the length of the initial password or PIN (Personal Identification Number) is another move. Shockingly, 7777 is one of the most common and easily guessed PINs. Since all devices support PINs longer than four digits, adding a few more numbers can make a big difference because of the math involved in guessing them. While…

Source…

The National Security Bill and the press: a threat to reputable news publishers, an open door for foreign interference?

/in


By Nathan Sparkes

The National Security Bill is intended to protect the UK from “foreign powers” and has been described as an anti-spying bill.

However, national security legislation often poses a threat to journalists’ ability to do their jobs – and this bill is no different.

A threat to press freedom

The most concerning part of the Bill for UK-based journalists is Clause 3, which states:

Assisting a foreign intelligence service

(1) A person commits an offence if the person—

(a) engages in conduct of any kind, and

(b) intends that conduct to materially assist a foreign intelligence service in carrying out UK-related activities.

(2) A person commits an offence if the person—

(a) engages in conduct that is likely to materially assist a foreign intelligence service in carrying out UK-related activities, and

(b) knows, or ought reasonably to know, that it is reasonably possible their conduct may materially assist a foreign intelligence service in carrying out UK-related activities.

(3) Conduct that may materially assist a foreign intelligence service includes providing, or providing access to, information, goods, services or financial benefits (whether directly or indirectly).

The penalty for this offence is imprisonment for up to 14 years, or a fine.

Reporters sometimes publish information which may assist a foreign intelligence service, yet its disclosure is in the public interest.

For example, the publication of data on unethical activities by UK intelligence services might both assist foreign intelligence services and be in the interests of the UK public to be known.

Some outlets, like the IMPRESS-regulated Declassified UK, specialise in reporting on alleged cases of unethical conduct committed by UK intelligence, diplomatic or military agencies.

It would be a significant threat to the freedom of the press if this provision was used to target Declassified UK and other, similar publishers acting in the public interest.

Unjustified exemptions

Alongside this heavy-handed provision, for which there is no defence for news publishers, other provisions in the bill benefit from a media exemption.

These provisions require individuals or organisations to register with the…

Source…