High-security locks for government and banks hacked by researcher
Skip to main content
  • Home
  • Economy
    • Aviation
    • Bazaar
    • Budget
    • Industry
    • NBR
    • RMG
    • Corporates
  • Stocks
  • Analysis
  • World+Biz
  • Sports
  • Features
    • Book Review
    • Brands
    • Earth
    • Explorer
    • Fact Check
    • Family
    • Food
    • Game Reviews
    • Good Practices
    • Habitat
    • Humour
    • In Focus
    • Luxury
    • Mode
    • Panorama
    • Pursuit
    • Wealth
    • Wellbeing
    • Wheels
  • Epaper
  • More
    • Subscribe
    • Videos
    • Thoughts
    • Splash
    • Bangladesh
    • Supplement
    • Infograph
    • Archive
    • COVID-19
    • Games
    • Long Read
    • Interviews
    • Offbeat
    • Podcast
    • Quiz
    • Tech
    • Trial By Trivia
    • Magazine
  • বাংলা
The Business Standard

Thursday
February 02, 2023

Sign In
Subscribe
  • Home
  • Economy
    • Aviation
    • Bazaar
    • Budget
    • Industry
    • NBR
    • RMG
    • Corporates
  • Stocks
  • Analysis
  • World+Biz
  • Sports
  • Features
    • Book Review
    • Brands
    • Earth
    • Explorer
    • Fact Check
    • Family
    • Food
    • Game Reviews
    • Good Practices
    • Habitat
    • Humour
    • In Focus
    • Luxury
    • Mode
    • Panorama
    • Pursuit
    • Wealth
    • Wellbeing
    • Wheels
  • Epaper
  • More
    • Subscribe
    • Videos
    • Thoughts
    • Splash
    • Bangladesh
    • Supplement
    • Infograph
    • Archive
    • COVID-19
    • Games
    • Long Read
    • Interviews
    • Offbeat
    • Podcast
    • Quiz
    • Tech
    • Trial By Trivia
    • Magazine
  • বাংলা
THURSDAY, FEBRUARY 02, 2023
High-security locks for government and banks hacked by researcher

World+Biz

Reuters
07 August, 2019, 10:30 am
Last modified: 07 August, 2019, 10:34 am

Related News

  • Twitter hacked, 200 million user email addresses leaked, researcher says
  • Iran's atomic energy organization says e-mail was hacked
  • Iran state TV hacked with image of supreme leader in crosshairs
  • What to do if you were a corporate hack victim
  • Hacker claims to have stolen 1B records of Chinese citizens from police

High-security locks for government and banks hacked by researcher

The locks include their own power supply so they function even when an external source of electricity is cut off.

Reuters
07 August, 2019, 10:30 am
Last modified: 07 August, 2019, 10:34 am
High-security locks for government and banks hacked by researcher

Hackers could crack open high-security electronic locks by monitoring their power, allowing thieves to steal cash in automated teller machines, narcotics in pharmacies and government secrets, according to research to be presented Friday at the annual Def Con hacking conference in Las Vegas.

Mike Davis, a researcher with security firm IOActive, discovered the vulnerability last year and alerted government officials and Swiss company DormaKaba Holding (DOKA.S), the distributor of multiple brands of locks at issue.

In an interview with Reuters, Davis said he used an oscilloscope worth about $5,000 to detect small changes in the power consumption, through what is known as a side-channel attack. The method worked best in older models.

The locks include their own power supply so they function even when an external source of electricity is cut off. Most versions do not consume extra or randomized power to hide what they are doing. That leaves them open to attack if a thief can get physically close enough and has the right tools, Davis said.

“I can download that analog signal and parse through the power trace to get ones and zeroes,” Davis said. “I know what the lock is doing internally.”

DormaKaba said it had looked into the matter itself and also retained an independent firm to probe IOActive’s findings regarding its Cencon and Auditcon locks.

“These investigations indicate that our current safe-lock product lines perform as intended in real life environment,” said company senior vice president Jim Mills.

Asked whether older models were also secure, a company spokesman said “there have been no reported events in the field to suggest that current or prior year models have presented security issues in real-world environments.”

Inside ATMs, the company’s locks typically protect the cash in the more secure, lower compartment. An upper compartment includes the interface with customers and directs the lower compartment to send up money. The upper compartment often has less physical security, and breaking into it might provide access to the lower vault’s vulnerable lock.

Davis only tested his attack against the simplest mode of the device. When they are actually in the field, the locks typically interact with another device carried by drivers who supply or remove cash, and they may require one-time codes as well. Such measures provided some added security, Davis said.

A bigger concern is that another series of DormaKaba locks are used on military bases, U.S. presidential jet Air Force One and elsewhere in the government.

Davis said he found that several newer models but not the most recent iteration of that series, the X-10, leaked voltage information that could be used against them. The improvement was not due to IOActive’s research, said DormaKaba spokesman Joe Hudock.

Eric Elkins, president of subsidiary and X-10 maker Kaba Mas, said he could not comment on the severity of the issue without seeing Davis’ presentation. Elkins said that if it works, the attack might put classified information at risk. He questioned why Davis was presenting his research at Def Con.

“The correct method would be to go the government rather than to go to a group of hobbyists or hackers or whatever you want to call them.”

A spokeswoman for the federal General Services Administration, Pamela Pennington, said government employees had been working to understand the side-channel attack and develop a work-around to foil real attacks.

“We are aware of this security issue as it relates to the U.S. government and have developed and deployed mitigation techniques in the federal environment,” Pennington said. “The federal government uses multiple layers of security.”

She declined to describe the steps taken.

Top News

hack

Comments

While most comments will be posted if they are on-topic and not abusive, moderation decisions are subjective. Published comments are readers’ own views and The Business Standard does not endorse any of the readers’ comments.

Top Stories

  • Song of the farmers as boro begins
    Song of the farmers as boro begins
  • Country's external position improves as trade deficit narrows by 21% in H1 FY23
    Country's external position improves as trade deficit narrows by 21% in H1 FY23
  • Infograph: TBS
    Remittance inflow increases 15% in January

MOST VIEWED

  • Photo: Reuters
    FBI searching USA president Biden's home in Delaware, in classified documents probe
  • Buddhist monks display placards during a protest march against the military coup in Yangon, Myanmar on February 16, 2021. Photo: AP
    Leaked docs suggest US, UK oil and gas field contractors made profits in Myanmar after coup: Guardian report
  • Picture: Collected
    Twelve German troops injured in crash of Puma fighting vehicles - army
  • Russian opposition leader Alexei Navalny is seen on screens via a video link from the IK-2 corrective penal colony in Pokrov during a court hearing to consider an appeal against his prison sentence in Moscow, Russia 24 May 2022. Photo: REUTERS
    Jailed Kremlin critic Navalny says he's in harsher solitary cell for six months
  • FILE PHOTO: U.S. State Department Under Secretary for Public Affairs Victoria Nuland speaks during a briefing at the State Department in Washington, U.S., January 27, 2022. Susan Walsh/Pool via REUTERS
    China has not done enough on Sri Lanka debt restructuring - US diplomat
  • Filipino activists stage a protest in solidarity with Myanmar citizens, two years since Myanmar's military coup, outside the Embassy of Myanmar in Makati City, Philippines, February 1, 2023. REUTERS/Eloisa Lopez
    Myanmar junta extends emergency as coup anniversary marked by 'silent protest'

Related News

  • Twitter hacked, 200 million user email addresses leaked, researcher says
  • Iran's atomic energy organization says e-mail was hacked
  • Iran state TV hacked with image of supreme leader in crosshairs
  • What to do if you were a corporate hack victim
  • Hacker claims to have stolen 1B records of Chinese citizens from police

Features

An elderly couple's lonely battle to save Dhaka's trees

An elderly couple's lonely battle to save Dhaka's trees

14h | Panorama
Infographic: TBS

How to redirect inward remittances to formal channels

15h | Panorama
Photo: Bloomberg

How the 'madoffs of Manhattan' can unravel Gautam Adani's empire

14h | Panorama
Photo: Collected

Tips to incorporate sustainable construction

1d | Habitat

More Videos from TBS

Is Hathurusingha the most successful coach of Bangladesh?

Is Hathurusingha the most successful coach of Bangladesh?

4h | TBS SPORTS
Semiconductor, pharma should get more attention

Semiconductor, pharma should get more attention

6h | TBS Round Table
Dhali Al Mamun’s art depicts colonial impact

Dhali Al Mamun’s art depicts colonial impact

5h | TBS Stories
Jewel's humanitarian store

Jewel's humanitarian store

3h | TBS Stories

Most Read

1
Bapex calls candidates for job test 9 years after advert!
Bangladesh

Bapex calls candidates for job test 9 years after advert!

2
Photo: Collected
Energy

8 Ctg power plants out of production

3
Photo: Saqlain Rizve
Bangladesh

Bangladeshi university students identified as problematic users of Facebook, internet: Study

4
Photo: Collected
Court

Japanese mother gets guardianship of daughters, free to leave country

5
Fund cut as Dhaka's fast-track transit projects on slow spending lane
Infrastructure

Fund cut as Dhaka's fast-track transit projects on slow spending lane

6
The International Monetary Fund (IMF) logo is seen outside the headquarters building in Washington, U.S., September 4, 2018. REUTERS/Yuri Gripas/File Photo
Economy

IMF approves $4.7 billion loan for Bangladesh, calls for ambitious reforms

EMAIL US
contact@tbsnews.net
FOLLOW US
WHATSAPP
+880 1847416158
The Business Standard
  • About Us
  • Contact us
  • Sitemap
  • Privacy Policy
  • Comment Policy
Copyright © 2023
The Business Standard All rights reserved
Technical Partner: RSI Lab

Contact Us

The Business Standard

Main Office -4/A, Eskaton Garden, Dhaka- 1000

Phone: +8801847 416158 - 59

Send Opinion articles to - oped.tbs@gmail.com

For advertisement- sales@tbsnews.net