No Mas – How One Side-Channel Flaw Opens Atm, Pharmacies and Government Secrets Up to Attack
Conference: Defcon 27
2019-08-01
Summary
The presentation discusses a systemic flaw in high-security electronic locks, specifically those designed by Kaba, that can be exploited to gain access to sensitive information. The speaker talks about the design of these locks, where they fail, and the need for secure disclosure.
- The speaker is a security expert who specializes in looking at the security interface for embedded systems.
- The goal of electronic locks is to make them more secure than traditional locks by using electrons and Pixies.
- The speaker identifies a systemic flaw in high-security electronic locks designed by Kaba that can be exploited to gain access to sensitive information.
- The flaw is unmatchable and unfixable, making it a significant threat.
- The speaker discusses the need for secure disclosure and the challenges of disclosing vulnerabilities to the government.
- The speaker provides an anecdote about a difficult meeting with government officials during the government shutdown.
- The presentation concludes with a call to action for lock manufacturers to identify and address this design flaw.
Abstract
Hacking ‘high security’ electronic locks has become a bit of a hobby, but what if you identify an unpatchable design pattern that unlocks buckets of cash and government secrets? How long do wait before telling ‘people’? let’s talk about how these locks are designed, where they fail and we can rip this band-aid off together.
Materials:
Tags: