https://www.bbc.com/news/technology-43896360
Assa försöker sig på "damage control":
Men F-Secure antyder att tjuvar redan känner till säkerhetsbristen:
Mer info från F-Secure:
Citat:
Millions of electronic door locks fitted to hotel rooms worldwide have been found to be vulnerable to a hack.
Researchers say flaws they found in the equipment's software meant they could create "master keys" that opened the rooms without leaving an activity log.
Researchers say flaws they found in the equipment's software meant they could create "master keys" that opened the rooms without leaving an activity log.
Assa försöker sig på "damage control":
Citat:
But the Swedish manufacturer is playing down the risk to those hotels that have yet to install an update.
"Vision Software is a 20-year-old product, which has been compromised after 12 years and thousands of hours of intensive work by two employees at F-Secure," said a spokeswoman for the company, Assa Abloy.
"Vision Software is a 20-year-old product, which has been compromised after 12 years and thousands of hours of intensive work by two employees at F-Secure," said a spokeswoman for the company, Assa Abloy.
Men F-Secure antyder att tjuvar redan känner till säkerhetsbristen:
Citat:
The F-Secure researchers said they began their inquiry after a colleague's laptop was stolen from a hotel room without the thief leaving behind any sign of unauthorised access.
"We wanted to find out if it's possible to bypass the electronic lock without leaving a trace," explained Timo Hirvonen, describing the Ghost In The Locks exploit.
"Only after we thoroughly understood how it was designed were we able to identify seemingly innocuous shortcomings [and] come up with a method for creating master keys."
"We wanted to find out if it's possible to bypass the electronic lock without leaving a trace," explained Timo Hirvonen, describing the Ghost In The Locks exploit.
"Only after we thoroughly understood how it was designed were we able to identify seemingly innocuous shortcomings [and] come up with a method for creating master keys."
Mer info från F-Secure:
- https://www.f-secure.com/en/web/busi...are-vulnerable
- https://www.f-secure.com/documents/1...ble-faq-en.pdf
- https://www.f-secure.com/documents/1...nfographic.pdf
- Vem ska man tro på? (var F-Secure först eller har inbrottstjuvar kunnat hacka dessa lås i flera år?)
- Gör Assa inga ordentliga säkerhetskontroller innan man släpper ut sina produkter på marknaden? (Blev väl en liten skandal för några år sen med deras Assa 2000 Evo)
- Är de elektroniska "kassaskåpen" som finns inne i hotellrummen lika osäkra tror ni?
- Nu börjar även elektroniska lås användas på ytterdörrar hos vanliga privatpersoner, hur säkra är dessa?
- Hur säkra är "blipp-låsen" i våra hyreshus?
- Hur säkra är dessa "smarta" larmsystem som privatpersoner installerar i sina hem och som kan kontrolleras med mobilen?
- Man kanske ska byta karriär från hackare till inbrottstjuv?
__________________
Senast redigerad av hacke-hackspett 2018-04-25 kl. 20:53.
Senast redigerad av hacke-hackspett 2018-04-25 kl. 20:53.