Hackable High-Tech Locks Pose National Security Risks

Matt Liebowitz, SecurityNewsDaily Staff Writer
August 08 2011 08:52 AM ET
kaba-locks-110808-02
Two Kaba locks; the type on the right was picked in nine different ways.
CREDIT: Kaba Ilco

LAS VEGAS With a pin, a magnet and a cheap screwdriver, the locks used to keep the doors shut tight at some of the nation's top government facilities can easily be compromised.

At last week's 19th Annual DefCon hacker conference here, Marc Weber Tobias, an investigative attorney and security specialist with Security.org, demonstrated how to exploit several glaring vulnerabilities in two different locks made by the company Kaba.

Along with security consultants Tobias Bluzmanis and Matt Fiddler, Tobias presented his findings in a talk called "Insecurity: An Analysis of Current Commercial and Government Security Lock Designs."

The team first focused on the Kaba Simplex 1000, a lock Tobias said is used in Department of Defense and Department of Energy facilities.

"It's the most popular mechanical programmable push-button lock ever," he told the audience.

You'd think something used to secure a power plant or other critical infrastructure facility would be resistant to simple tampering.

But Tobias and his crew showed a video of their proof-of-concept hack that proved just how wrong that assumption is.

[How Easily Can a Power Plant Be Hacked? Very]

In the video, the researchers placed a rare-earth magnet on the side of the lock, a trick that instantly turned the lock's rotors and opened the door it was meant to keep sealed.

They moved on to the Kaba E-Plex 5800, a 12-button lock whose mechanism was recently revamped to comply with enhanced security protocols mandated by the Department of Homeland Security.

Video
Reuters Social Media Editor 'Fine' After Indictment
Reuters Social Media Editor 'Fine' After Indictment
Matthew Keys could face up to 25 years in prison and $750,000 in fines for allegedly helping hacktivist group, Anonymous. Powered by NewsLook
View Video

When Tobias' team got hold of this supposedly secure mechanism, they found nine separate ways to crack it.

In the first demonstration, Bluzmanis opened the door simply by rapping the top of the mechanism with a hammer while simultaneously pulling the lever.

A second video showed Bluzmanis inserting a small screwdriver into the keyhole to break the internal link between the lock's cylinder and the plug that controls the electric signal.

He not only picked the lock, but also entered a new master code that erased all the lock's saved passwords .

In a third exploit, the team removed the handle of the E-Plex 5800 and inserted a short piece of wire inside the mechanism that rigged it to open when the door handle was pulled up instead of down.

In their final demonstration, the crew shorted out the electronic signal and bypassed the lock by simply poking a pin into the LED light at the top of the lock.

"All of these are serious design deficiencies that can be exploited by bad guys," Tobias said.

In the case of the last hack, Tobias added, "We can open this lock in five seconds with no damage and no trace."

privacy-software

Video
Review: TEKLYNX LABELVIEW 9 - Powerful tools for custom barcode labels
Review: TEKLYNX LABELVIEW 9 - Powerful tools for custom barcode labels
Hacker Attacks: 6 Things You Must Know
Hacker Attacks: 6 Things You Must Know
Sun to Sun - The Need for Fusion Energy
Sun to Sun - The Need for Fusion Energy
Legacy Lasers
Legacy Lasers
Company Company Info About the Site Contact Us Advertise with Us Using our Content Licensing & Reprints Privacy Policy Sitemap
Network TopTenREVIEWS LiveScience SPACE.com LaptopMag TechNewsDaily Newsarama BusinessNewsDaily Herman Street
Follow TechNewsDaily Join Our Mailing List
Copyright © 2013 All Rights Reserved.