Two hackers can open millions of hotel rooms, what does this mean? Almost a year ago, the outbreak of the ransomware allowed us to see the scary aspects of the vulnerability. Afterwards, several investigation agencies confirmed that through the connection of the dark network, the people who found the loopholes, the people who made the loopholes into hacking tools, and the people who launched the attack formed an industrial chain, which finally set off a global security panic.
In this incident, we have seen the social harm that can be brought about by the tooling of security vulnerabilities, but it is only in the virtual world of computers and networks. However, some recent new security research results show that there are also hackers in the real world who can exploit the targets of vulnerability attacks, such as the things that are common around us: smart locks.
Everyone is inevitably living in the hotel today. If you are resting in a five-star hotel, there is a stranger outside the door holding a master key, you can open the door of each room, what would you feel? Is it a bit creepy?
However, there are people who can do this. Fortunately, it is the two security experts. But at the same time they are reminding the whole industry that the more intelligent things there are, the more loopholes there are. Any loopholes may be a new opportunity for criminals.
Two white hats, part-time for ten years, opened millions of hotel rooms
Let the big cow recommend anti-virus software, we often hear a name called F-Secure. This is a well-known European network security company with coordinates in Finland. Recently, many European media have reported that two security experts from F-Secure have done a little "living" in their spare time. This hobby has been around for a decade, but "the results are gratifying" - they cracked the security system of the famous hotel lock manufacturer VingCard, creating a master key that can open millions of hotel rooms around the world using VingCard locks.
According to the information of the two high-ranking people TomiTuominen and TimoHirvonen to the media. The thing dates back to 2003 when their colleagues lost their computers at the hotel, but the hotel insisted that they had no responsibility. So they both wanted to see if they could use the system loophole to open the hotel's door locks, even without leaving a trace.
So they started a long study and analyzed the whole construction principle of smart locks. In the end, by finding some seemingly harmless hidden loopholes, the key to open each door was created. They gave the action a cool and meaningful name: GhostintheLocks.
After thousands of hours of work in ten years, by 2015, two experts built an RFID demonstration environment, and by March 2017 they successfully deployed a versatile key in a hotel. According to their plan, as long as they get a hotel room card or even an expired room card, they can quickly assign a master key that can open each room of the hotel. And their breakthrough is that the door opened by the master key will be completely recorded as a normal door opening, and will not leave any traces of data. It can be said that there is no trace of it.
In order to make the hotel smart locks convincing enough, the two experts chose the top locker VingCard as the test target, many well-known hotels are their customers, such as Sheraton Group, InterContinental Hotel and so on. Many famous Chinese hotels, such as Beijing Guomao Hotel, are also on the list of hotels that have been conquered. And the two experts also humbly said that they have spent ten years, mainly because they still have full-time jobs. If they do this wholeheartedly, they may succeed soon...
At present, they have announced the discovered vulnerabilities, and the relevant hotels have also received the vulnerability patch. However, in order to fill this vulnerability, it is necessary to add a firmware to each door lock. It is estimated that both the hotel and the locker are busy. Fortunately, there is currently no evidence that hackers and criminals have mastered this technology.
But the two experts still remind us that it is only a matter of time before a hacker can obtain a master key that can open a large number of smart locks through loopholes.
Everything has a loophole, and each vulnerability is a master key.
Of course, there is no absolute security under the sun. Any lock can be opened, just to see if it is worth it or not.
At today's various hacking conferences, cracking the smart locks of various brands has basically become a regular performance project. The smart locks that were said to have been said at the press conference were basically unable to withstand the hackers’ hands. Many onlookers exclaimed that the combat power of smart locks is too weak.
Objectively speaking, taking the traditional family lock to the locksmith's congress, it is estimated that no one can just be positive. After all, opening the door shackle is a multi-factor-constrained crime. Imagine a hacker holding a computer and hacking at your door for an hour or two. The degree of singularity of this picture is too hot, at least the aunt in the community. We will never allow it.
However, the "ghost lock" incident directed by the two great gods in Finland tells us that as long as the hacker has mastered the loophole, it is entirely possible to build the security risk into a tool, and then hand this tool to the wrongdoer so that anyone can It is easy to operate and open thousands of households.
This is like the ransomware incident. The discovery of vulnerabilities, production tools, and implementation of attackers are different organizations, and the exchange of interests between them has led to the event moving in a worse direction.
The same is true for the security risks of smart locks. When hackers who are closely watching the system vulnerabilities and looking for ways to crack are beginning to provide criminal tools such as master keys for "first-line criminals", the threat of smart locks will really come.
Compared with home smart locks, smart locks in public areas may become a better target for hackers due to batch uniformity and difficulty in committing crimes. This is true for hotels, B&Bs and smart warehouses, especially in the emerging homestay industry where password locks are basically standard. And it turns out that intercepting passwords is also the simplest smart lock breach.
Another area where there is a hidden danger of smart locks, but the lack of attention is the car. Today, with the continuous development of car networking and car intelligence, there must be unknown loopholes behind the car system. It is worthy of safety industry vigilance to open the window of the window and even manipulate the car itself.
All in all, when we accept the gift of intelligence, it seems that we must also accept the “vulnerability bomb†that may be hidden behind it.
After the ghost locks open: how to deal with "smart lock dependence"
The emergence of smart locks has really freed us from the cumbersome and heavy things of the key. Especially for many emerging industries, smart locks that can be opened by mobile phones and passwords represent the basic conditions that the business model can achieve.
Although safety is always relative, the top companies in the industry that create locks for luxury hotels can be overcome, perhaps giving us new vigilance.
First of all, for industries that use password locks and unified model smart locks on a large scale, such as hotels, homestays, car rentals, smart warehouses, etc., perhaps the true value of security service providers should be emphasized. This incident has proven that letting white hats run ahead, finding problems earlier than black hats is probably the most desirable way.
And this requires a professional team and proactive ability, especially for entrepreneurs, security spending should be considered as a cost that cannot be saved. Otherwise, if there is a problem, it may be a big problem.
For home users, it is certainly not possible to hire a security agency. However, in today's smart locks, it is necessary to pay attention not to put the eggs in a basket. An independent monitoring system is necessary.
In addition, in the home scene, the network unlocking method should be minimized to ensure the door lock is independent. Through the networking information to expose passwords, Bluetooth detectors, etc., the main way to crack the home smart lock today is to achieve intrusion through networking. Independent fingerprint locks are relatively safe, and the necessary insurance is also appropriate. In fact, smart locks have brought us great progress in security. The problem is that we also need to understand the working principle of smart locks and respond to possible dangers with new ways of thinking.
For the traveler, what you can do is still the old one: do every lock operation, don't trust the hotel door and safe – no matter what level of hotel you live in.
Editor in charge: Han Tianjun
1. Application : For electronical parts
2. Dimension: Customized dimension, OEM & ODM
3.Material: A6063, A6061, A3003
and other series alu alloy
4.Suface
treatment: Anodizing, polishing, turning ,power coating, mill finish
etc
5.Equipment: CNC ,extruding
machine, cold drawn machine, heating oven, straightening machine, cutting
machine
|
OD |
OD Tolerance |
ID Tolerance |
Roundness |
Straightness |
Circular run-out |
|
φ16-20 |
±0.02 |
±0.02 |
0.01↓ |
0.015↓ |
0.05↓ |
|
φ20-30 |
±0.02 |
±0.02 |
0.01↓ |
0.015↓ |
0.05↓ |
|
φ30-50 |
±0.05 |
±0.05 |
0.02↓ |
0.020↓ |
0.08↓ |
|
φ50-80 |
±0.15 |
±0.10 |
0.05↓ |
0.025↓ |
0.10↓ |
6. STANDARD
PACKING:Wooden case/carton
7. Trade Terms
1. Payment: 30% T/T in advance,
70% balance pay before delivery. L/C at sight.
2. Delivery time: 20 days after deposit receiverd. If opening mould, plus
7-10 days.
3. Trade Term can be chosen depending on your requirements.
4. FOB Port: Shanghai
Seamless Tube For Electronical Parts
Seamless Tube For Electronical Parts,Electronics Aluminum Seamless Tube,Electronics Aluminum Seamless Pipe,Seamless Pipe For Electronical Parts
Changzhou YiFei Machinery Co., Ltd. , https://www.yifeialu.com