Tag Archive for: open

Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds (Video)

/in


https://www.vecteezy.com/photo/24543747-hand-using-keycard-for-smart-digital-door-lock-while-open-or-close-the-door-at-home-or-apartment-nfc-technology-fingerprint-scan-pin-number-smartphone-and-contactless-lifestyle-conceptshttps://www.vecteezy.com/photo/24543747-hand-using-keycard-for-smart-digital-door-lock-while-open-or-close-the-door-at-home-or-apartment-nfc-technology-fingerprint-scan-pin-number-smartphone-and-contactless-lifestyle-concepts

When thousands of security researchers descend on Las Vegas every August for what’s come to be known as “hacker summer camp,” the back-to-back Black Hat and Defcon hacker conferences, it’s a given that some of them will experiment with hacking the infrastructure of Vegas itself, the city’s elaborate array of casino and hospitality technology.

But at one private event in 2022, a select group of researchers were actually invited to hack a Vegas hotel room, competing in a suite crowded with their laptops and cans of Red Bull to find digital vulnerabilities in every one of the room’s gadgets, from its TV to its bedside VoIP phone.

One team of hackers spent those days focused on the lock on the room’s door, perhaps its most sensitive piece of technology of all. Now, more than a year and a half later, they’re finally bringing to light the results of that work: a technique they discovered that would allow an intruder to open any of millions of hotel rooms worldwide in seconds, with just two taps.

Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries.

By exploiting weaknesses in both Dormakaba’s encryption and the underlying RFID system Dormakaba uses, known as MIFARE Classic, Carroll and Wouters have demonstrated just how easily they can open a Saflok keycard lock. Their technique starts with obtaining any keycard from a target hotel—say, by booking a room there or grabbing a keycard out of a box of used ones—then reading a certain code from that card with a $300 RFID read-write device, and finally writing two keycards of their own. When they merely tap those two cards on a lock, the first rewrites a certain piece of the lock’s data, and the second opens it.

“Two quick taps and we open the door,” says Wouters, a researcher in the…

Source…

Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds

/in


When thousands of security researchers descend on Las Vegas every August for what’s come to be known as “hacker summer camp,” the back-to-back Black Hat and Defcon hacker conferences, it’s a given that some of them will experiment with hacking the infrastructure of Vegas itself, the city’s elaborate array of casino and hospitality technology. But at one private event in 2022, a select group of researchers were actually invited to hack a Vegas hotel room, competing in a suite crowded with their laptops and cans of Red Bull to find digital vulnerabilities in every one of the room’s gadgets, from its TV to its bedside VoIP phone.

One team of hackers spent those days focused on the lock on the room’s door, perhaps its most sensitive piece of technology of all. Now, more than a year and a half later, they’re finally bringing to light the results of that work: a technique they discovered that would allow an intruder to open any of millions of hotel rooms worldwide in seconds, with just two taps.

Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries.

By exploiting weaknesses in both Dormakaba’s encryption and the underlying RFID system Dormakaba uses, known as MIFARE Classic, Carroll and Wouters have demonstrated just how easily they can open a Saflok keycard lock. Their technique starts with obtaining any keycard from a target hotel—say, by booking a room there or grabbing a keycard out of a box of used ones—then reading a certain code from that card with a $300 RFID read-write device, and finally writing two keycards of their own. When they merely tap those two cards on a lock, the first rewrites a certain piece of the lock’s data, and the second opens it.

“Two quick taps and we open the door,” says Wouters, a researcher in the Computer Security and Industrial Cryptography group at…

Source…

6 Best Open Source IAM Tools in 2024

/in


Identity access management (IAM) tools, crucial for cybersecurity, have become highly sought-after due to rising identity-related breaches. A Statista report revealed that 80% of global respondents experienced cyber breaches linked to authentication vulnerabilities in 2023. Additionally, 70% of US-based IAM professionals expressed concerns about identity-based threats.

IAM tools help organizations secure and manage user identities and access to resources, ensuring only authorized individuals gain access. While proprietary IAM solutions like Okta, OneLogin and Cyberark dominate the market, open-source IAMs offer flexibility and low cost. Let’s explore their features, pricing, benefits and limitations.

Best open source IAM tools comparison

The following table provides a snapshot of how these open-source IAMs compare to each other.

Identity lifecycle management Multi-factor Authentication (MFA) Single Sign-on (SSO) and Single Logout (SLO) Pricing
OpenIAM Yes Adaptive MFA Yes Free version or subscription; contact vendor for a quote.
Keycloak Yes Yes Yes Free.
Ory Yes Yes Yes, within certain subscriptions. Free version for EU region; US and EU plans starting at $29/month.
Aerobase Server Yes Yes Yes, for browser applications. Free version or plans starting at $690/month.
ForgeRock Yes Yes Yes, when configured. Starts at $3 per user per month for Workforce plans.
Shibboleth Consortium Yes MFA profile standard for IdPs. Only supported on Shibboleth 3.2 and above. Starts at $2,960/year.



OpenIAM: Best for workforce and customer identity

OpenIAM logo.
Image: OpenIAM

This open-source IAM solution caters to both workforce and customer identities. Suitable for enterprise use, it offers organizations a set of features designed to streamline user access across various platforms. It boasts a robust web access control for identity management, diverse applications, Single Sign-On (SSO), Desktop SSO and API integration controls. It also includes Two-Factor/Multi-Factor Authentication (2FA/MFA) and role-based access control management. In addition to these core features, OpenIAM provides supplementary capabilities like SSH key management, session management and password…

Source…

How To Safely Open Suspicious PDFs

/in



monticello/Shutterstock (Licensed)

Y0ur P@ssw0rd S*cks is a bi-weekly column that answers the most pressing internet security questions web_crawlr readers have to make sure they can navigate the ‘net safely. If you want to get this column a day before we publish it, subscribe to web_crawlr, where you’ll get the daily scoop of internet culture delivered straight to your inbox.

In today’s “Your Password Sucks” column for web_crawlr, Mikael answers a question you’ve likely had: What do I do with a suspicious PDF?

You’ve undoubtedly opened a PDF file before.

Given its status as the world’s most popular business document format, you’ve almost certainly dealt with PDF files at work if not at home.

But as you may be aware, PDF files can at times pose a risk. Specifically, PDFs can be used to infect your computer with malware.

If you’ve ever gotten a mysterious email before from an unknown sender that asks you to download and open a PDF, it’s entirely possible that you’ve been targeted, perhaps randomly, by such an attack.

While most internet users are familiar with antivirus software and other common tools, not as many are familiar with the potential dangers posed by PDFs.

So what do you do if you receive a suspicious PDF? Just open it? Ignore it?

If you receive a suspicious file at work, it’s probably best to alert a superior to confirm the item’s legitimacy before opening it. But the whole point of a malicious PDF, whether sent to your email at work or your personal email at home, is to trick you into opening it.

How do I safely open a suspicious PDF?

One of the simplest ways to safely open a PDF, in my humble opinion, is through the use of a tool known as Dangerzone.

Available for Windows, Mac, and Linux, Dangerzone is a completely free program that will sanitize a wide array of files including PDFs, Microsoft Office documents, and images.

Simply open Dangerzone and select your file and the program will open it in a secure container, usually through the use of a third-party program like Docker. Then, Dangerzone will make you a new copy of the file that strips away any embedded items and data.

As noted on Dangerzone’s…

Source…