Hackers Went Looking for a Backdoor in High-Security Safes—and Now Can Open Them in Seconds
(www.wired.com)
from floofloof@lemmy.ca to cybersecurity@sh.itjust.works on 09 Aug 00:08
https://lemmy.ca/post/49444979
from floofloof@lemmy.ca to cybersecurity@sh.itjust.works on 09 Aug 00:08
https://lemmy.ca/post/49444979
Omo and Rowley say they informed Securam about both their safe-opening techniques in spring of last year, but have until now kept their existence secret because of legal threats from the company. “We will refer this matter to our counsel for trade libel if you choose the route of public announcement or disclosure,” a Securam representative wrote to the two researchers ahead of last year’s Defcon, where they first planned to present their research.
Only after obtaining pro bono legal representation from the Electronic Frontier Foundation’s Coders’ Rights Project did the pair decide to follow through with their plan to speak about Securam’s vulnerabilities at Defcon.
threaded - newest
Gotta love the EFF. Just threw a bunch of cash to them.
Mechanical safes only, no electricity needed, no hacking possible…just like the computers we used to use to control nukes. Which could literally only do the one thing they were designed to do and nothing else, they couldn’t be hacked
That sentence is a sibling to “What could possibly go wrong?”
I've worked in a heavy industry space where the "computers" were just slightly complicated circuit boards working together. No OS, no networking, nothing but circuit logic running hilariously important machines. The cabinets were locked in a small area deep in the facility that was manned 100% of the time, and were rarely accessed, so it would be a big event for anyone to interact with them. There were no windows for "someone with a clipboard" to just be waived in to mess with them.
There was no remote access, and no social engineering possible. Anyone who could work on them was well known by everyone who would be in the room. An insider threat was basically the only kind possible, but the only "hacked" output would just be a failed "off" state, which wouls be replaced.
There really are "unhackable" computerized machines out there, but only because calling them "computerized" is a stretch.
Exactly, the computers that used to control our nukes were so old and so simple that they literally can’t do anything but what they were designed to do, they require physically inserting old floppy disks and manually entering codes to access, no network access, no ability to multitask, so malware can’t run in parallel with the other process…singular for the word “process” because those old computers can’t multitask
now they’re using modern computers that just recently got hacked with a sharepoint vulnerability…by the way, a whitelisting application that indiscriminately blocks everything that hasn’t already been allowed to run would’ve blocked the processes of that exploit and prevented anything from happening…I actually use something like that on my windows PCs
All those prehistoric old farts in our government thought that would be an “upgrade” and then they probably just used norton to secure it because they’re too stupid to research anything that might be better
Even younger politicians can’t be expected to have a clue about this kind of security. And younger tech people might not remember how it used to be done. You need some prehistoric tech farts to tell the prehistoric political farts what’s what.
If you think software devs are any better… The more complex our systems become, the more it becomes someone else’s problem. The shit I hear coming out of some of my younger colleagues is just embarrassing sometimes. And they just don’t care. They couldn’t be arsed doing a quick search for a solution, trying to understand things from the other side’s perspective, nothing.
And then they wonder if AI gonna replace them? If you ain’t using your brain, what are you there for?
I’ll give you that, but I blame the public schools for conditioning kids into not using their brains
Just rows and rows of 7400 series ttl logic chips
If you’re in the market for an electronic safe, here’s a list of brands to skip:
The specialized equipment the safe maker says is needed is a Python script, lol.
but a safe that doesn’t have anything digital inside of it wouldn’t run a python script
I’m talking about what’s used to discover the keys based on what the safe displays on the screen. The safe maker is implying you need esoteric equipment to crack their safes but really all you need is the already cracked algorithm. You don’t have to get the safe to run anything.
Phew, how fortunate that people who try to crack safes never think to use readily available equipment. That would be a real challenge for those poor manufacturers.
Well, before I can read how to break into safes, I have to break into the website that says it won’t show me the article without a subscription. That should keep those safes…er… safe.
Archived link in body
Ha ha ha! Nope! Following that link, I have to click a captcha to prove I’m not a robot.
The layers of security theater are stacking higher and higher. What’s next? They send me through TSA to make sure I’m not carrying a tube of toothpaste that is too big?!
Sounds like someone is trying to get randomly selected for a cavity search.
No cavities, they’re a robot as evidenced by their inability to answer the captcha.
What?! How about the JTAG port?
.
Firefox reader mode did it for me. Just block js on the page somehow.
If I’ve learnt anything from the Lock Picking Lawyer : the fancier the supposed safety feature the easier it is to circumvent.
Every time he looks at a Web 3.0 piece of junk, it gets opened even faster than any of the physical locks. It’s kinda terrifying, honestly.
Like, a magnet in the right spot and you’re good to go, is what I’m saying.
“Just pop the battery and you’ll find a JTAG port where you can kindly ask for the manufacturer’s master key” is fucking wild
Oh but you need a password to do that. Unfortunately that password was something like 12345
You don’t need to be a hacker to find backdoors. You just have to turn it around
Funfact, safe makers: It’s not libel if it’s true.