Show Links

Driveby passport cloning
Shmoocon DC – passport hack revealed
RFID pressure switch patent
ID Stronghold – to protect your passport
Global ATM theft nets 9 million in one day
Airbase installs electronic locks.
NFC enabled locks.
Sony finger vein biometric authentication
Gigapan 1500 mega pixel image of inauguration
Gigapan robotic mount information
Key holder
ID Badge spy cam.

Click the link to read the text of the entire podcast.

Drive by Passport Cloning

We have reported several times that RFID tags can be read from a distance. Reading the RFID tag on an access card or passport is the first step to cloning it. In show number one we talked about methods of RFID skimming and cloning. One such cloning attack was the California highway toll road passes. Refer to show #1 if you want to review that information. In show number two we mentioned Identity Stroghold, a company that makes secure sleeves for protecting RFID devices from long range snooping.

So what follows is a story about a security researcher who recently used components purchased on eBay for less than $250 to do some drive by discovery of RFID enabled devices. In a manner similar to Wardriving where a mobile laptop discovers unsecure wifi network resources, the researcher equipped his vehicle to discover nearby RFID devices and capture the unique identifier code. During a 20 minute drive in downtown San Fancisco he was able to copy the RFID tags of two passports without the knowledge of the passport holder.

The cards make use of the RFID equivalent of optical barcodes known as electronic product code tags, which are widely used to track cattle and merchandise as it’s shipped and then stored in warehouses. Because the technology employs no encryption and can be read from distances of more than a mile, the tags are highly susceptible to cloning and tracking.

The snooping system consists of a Symbol brand RFID reader, an antenna mounted to the side of his car, and a laptop connected to the RFID reader. The laptop runs a Windows application that continuously prompts the RFID reader to look for tags and logs the serial number each time one is detected. While this proof of concept setup has a range of about 30 feet, modifications could increase the range to at least one mile.

Government officials say that they have no plans to change the technology used in passport cards because they have increased the processing throughput at border crossings. Given the fact that the passports are provided with protective sleeves, and that the number captured does not reveal personal information about the user, they feel that the system is still relativley safe.

Researcher Chris Paget plans to release the software’s source code during a demonstration at the Shmoocon hacker convention being held this week in Washington DC.

So what is our take-away from this story? The point has been made over and over that RFID systems can be read at great distances, and the tags can be cloned. Reading at a distance is useful if you are a truck hijacker who is looking for that load of big screen TV’s. Cloning is also useful to the bad guys given that Sam’s Club and others are actively developing RFID enabled cash registers. Even though tag cloning required some equipment, some could argue that it would be easier than counterfeiting a UPC bar code. If your facility is contemplating the use of RFID for any purpose, learn from these stories and take a long hard look at the risks it may pose for your facility.

In the future, according to some recently released patent applications, end users of ID cards, access control cards, or these new RFID passports will need to squeeze a target area activating a switch to allow the card or passport to be read. In the meantime concerned users should make use of the shielding devices that are currently available.

A Global ATM theft nets 9 million in one day

Wired Threat Level has a story about a carefully coordinated global ATM heist last November resulted in a one-day haul of $9 million in cash, after a hacker penetrated a server at payment processor RBS WorldPay.

The story is written by Kevin Poulsen, a well known hacker turned journalist, who once served 4 years for mail, wire & computer fraud.

Wired cites a Fox 5 New York news report that explains that the hacker releived RBS WorldPay of personal information on approximately 1.5 million payroll-card and gift-card customers. Payroll cards are debit cards provided by employers instead of paychecks or direct-deposit. Account numbers and other data needed to clone the debit cards was also taken during the hacking breach.

Originally the company said it had fraudulent activity on only 100 cards, however the hacker managed to modify the withdrawal limits on those 100 cards, and used a global network of accomplices to drain the cards with repeated rapid-fire withdrawals. More than 130 ATMs in 49 cities from Moscow to Atlanta were hit simultaneously just after midnight Eastern Time on November 8.

The story goes on to mention that this is not the first time these payroll card systems have been targeted. In late 2007 a company called iWire lost 5 million dollars in a similar attack that lasted just 2 days, and Citibank lost 2 million from ATM machines in 7-11 stores in New York City.

It is interesting and sometimes amusing to sit back and watch the debate over the good and evil done by hackers. What is currently happening to the computer systems we have all come to rely on is very similar to what has been happening to the physical lock industry for hundreds of years. One man builds a lock or security chest and it sets the standard for a few years until another man defeats it. And then a better one is made, and so on and so on. The same is happening in the computer industry. Knowledgeable security practitioners recognize that hackers and lock sport enthusiasts cannot be outlawed and instead, learn from them, which leads to improvements in security. Think of them as your own free R&D department.

Some reasons to consider electronic locks.

A recent story in the news describes how Eielson Air Force base in Alaska has installed card operated electronic locks on the dormitory doors. The locks, provided by Best Access systems, a division of Stanly, read the residents existing Common Area Access card.

Previously the dormitories used traditional mechanical locks and metal keys. The following comments made in the article offer insight as to why these systems are so popular with large facilities.

1. The system offers better key control because the key card cannot be duplicated at the local hardware store.

2. The system also offers more security with regard to methods of entry,.

3. The system is more cost effective to manage both in time and money.

One major area of cost management is the replacement of lost keys. With the new system, when a card is lost, the airman is issued a replacement card which invalidates the code on the lost card. This process can be handled in a few minutes by the dorm management department. Previously, lost keys required a call to a locksmith to change the lock, a process which took a few hours to complete.

Facilities contemplating such a purchase should add up the cost of ownership and ongoing maintenance of both high security mechanical systems and stand alone card access systems and use the resulting data as part of your decision factors. Locksmiths who are not currently installing such systems should seriously consider adding them to their areas of expertise or risk losing valuable customers who decide to install electronic access control.

NFC Enabled Electronic Locks.

Near Field Communications, NFC for short, is a next generation technology touted as a replacement for contactless cards or potentially even the entire contents of your wallet. NFC will enable a phone to carry all your credit cards, loyalty cards, maybe eventually even your driver license.

NFC can support a wide range of applications such as opening a door, logging into your computer, signing on to the Internet, or download maps or directions from a kiosk or display.

Co-developed in 2004 by NXP Semiconductors and Sony, it is a short-range wireless technology that evolved from existing contactless technologies. NFC is supposed to simplify the way consumer devices interact with one another, helping people speed connections, receive and share information and even make fast and secure payments.

To encourage development of “cool” NFC applications, the NFC Forum organization conducted an annual contest to encourage out-of-the-box developments.

The first place winner in this year’s competition was VingCard, an ASSA Abloy company. VingCard developed an NFC-enabled lock for hotel rooms. The system enables guests to bypass the check-in process and unlock their hotel room doors using their phones.

The VingCard system was designed to streamline the checkin and check out process by eliminating the need for a guest to stand in line at the front desk. In fact, the hotel chain can sell the room to the guest over their web site, and then encode the room data via an encrypted text message exchange when the guest indicates he has arrived, either at the airport, in the taxi, or the lobby of the hotel.

It doesn’t take much imagination to see how such a system could be deployed for a commercial facility using NFC for access control. Global text messages to all authorized devices could be used to update the system and change access privileges on the fly, for an access system that had buildings located anywhere in the world (where there is cell phone reception of course).

Sony Develops Biometric Finger Vein Authentication.

Sony Corporation today announced the development of a finger vein authentication technology. This technology offers quick response and high accuracy and comes in a compact size designed for mounting on personal computers or mobile phones.

Sony claims that compared to the other biometric authentication techniques, vein authentication technology achieves higher accuracy for personal identification and higher forgery resistance because it uses the veins inside the finger. Finger vein patterns differ from person to person and finger to finger, and it is said that they do not change over the years.

The design uses a unique method where a CMOS sensor diagonally captures scattered light inside the finger veins, resulting in a design that occupies a single planar surface resulting in a design small enough for mobile devices.

The vein pattern is extracted from the captured finger vein image, and data is compressed and corrected to compensate for slightly differing finger positions.

Sony claims a less than 0.1% for the False Rejection Rate and less than 0.0001% for the False Acceptance Rate. They expect to commercialize the technology within the 2009 fiscal year.

So what can we take away from this story? Continuing advancements in user friendly, simple to use, and cost effective biometric authentication devices are  certainly welcome in the security industry. It is even more useful when they are deployed, and consequently debugged in such heavily used consumer devices as laptops and cell phones. Further, the application in such popular devices lowers many of the barriers to implementation confronted by security practitioners.

Panning camera has security applications

You may have already seen the spectacular image of President Obama’s inauguration that was taken by NY photographer David Bergman. If not, head over to the website linked in our show notes and take a look. It is incredible in size, scope, and resolution. He made the special panoramic image from the north press platform during the inaugural address. It’s made up of 220 images stitched together into a final image size of 1,500 megapixels.

The image was created using a Canon PowerShot G10, a 15 megapixel compact digicam with a 5x zoom that retails for about $260, and the GigaPan Epic robotic mount.

The GigaPan is a robotic camera mount that works with most point and shoot cameras to create huge panoramas. It works in conjunction with included stiching software that joins all the smaller images into one large image, and the GigaPan.org website for sharing the images with others.

You simply attach your camera and set the upper left and lower right corner of the scene you want to capture. The robot works out how many pictures it needs to take, and robotically positions the camera and snaps the shutter. And it does all that for the incredibly low price of $379.00, available directly from GigaPan Systems.

GigaPan Systems was established in 2008 as a commercial spin-off of a collaboration between NASA and Carnegie Mellon University. The GigaPan Imager uses the same technology that was used by the two Mars Exploration Rovers, Spirit and Opportunity, to collect amazing panoramic images of Mars.

Of course the security applications for this device are enormous. If you go to the web page in the show notes and look at the image you can see that you can use the web page controls to zoom in on any part of the crowd. Just for fun, count the number security people on the roof tops, or zoom in and read the sheet music in the orchestra pit. Obviously this could be a powerful tool for capturing images of large events for later analysis, and at a price that won’t break even the most modest security budget.

Yet another way to not lose your keys.

In the just for fun department, the folks at Yanko Design give us a new design for a common problem, misplacing your keys. Gone are the days of hanging your keys on a hook, tossing them on the counter, or dropping them in a drawer, attaching them to an electronic finder, or worse doing none of this and forgetting where you put them. The #8 KeyThing circumvents that fact of life by giving you one place to keep all your keys. The lady bug looking contraption is a simple piece of rubber with grip port holes. As long as you remember where you mounted it, losing your keys should be a thing of the past. Check out the link to the web site on our show notes page.

Our Weekly Spy Cam Product

And finally, continuing what seems to be a weekly discovery in small spy camera type devices, we found a new one on the web site Engadget. It is a spy camera disguised as a personal ID badge with a forward looking 1.3 megapixel camera that records a 352×288 image at 15 frames per second. It has 4GM of memory and a USB port and reportedly sells for about $155 US. Put your picture and the phone company logo on the front, break out your hard hat and clipboard, and you could probably roam anywhere you want recording lots of video and audio.

GSA Approved!

And in our final story today we are happy to report that Lockmasters Security Institute is now fully approved by the General Services Administration as a Certified Training Facility for the GSA CERTIFIED Safe & vault Technician Course. With over 400,000 GSA security containers in use today, this is an ideal course for any U.S. military, government and commercial locksmith. You will learn all the skills required to service, maintain and inspect GSA approved security containers. In our GSA Inspector Certification course you will Learn how to confirm if a GSA container or vault door is up to standards, and if it can be labeled as GSA approved. You will be certified to inspect and re-certify any GSA approved container if it meets specifications.

This is the enhanced version of the podcast with embedded images and chapter markers much like a DVD. See PSN009 for the show links and the full text of the podcast.

This is the enhanced version of the podcast with embedded images and chapter markers much like a DVD. See PSN008 for the show links and the full text of the podcast.

Show Links

Welcome to Knollan a new locking mechanism

patent document

blackbag » Michael Huebler’s masterlock article on Toool.nl and discussion thread

Michael Huebler’s original analysis.

Lock Mechanism Visualizer

Pro Security News – PSN007 Script

Master Lock to launch AXIS Combination Padlock

It is not often that we get to report on a new product that very few people have seen, or even heard about. Today is one of those days. Consequently this show will focus on one topic and we will resume our news briefing next week.
Master Padlock will be launching a new combination padlock in May of 2009. Now ordinarily, a new padlock is not really newsworthy, however this product is very different. It breaks all the rules as you know them.
The lock is called Axis, and it presents an entirely  new user interface for unlocking a lock. When you think of a traditional school or gym-locker combination lock, you probably visualize a dial with 30 numbers, or small wheels with 10 numbers each. Now imagine a lock that can be could be opened in complete darkness, with one hand, and one finger, and without a key, in 2 seconds or less.
That is exactly what this new patented mechanism delivers. It was invented by Yehonatan Knoll and licensed to Master Lock company. Mr. Knoll is a principle in the design company of Knollan located in Israel.
The AXIS presents an entirely new interface for opening a padlock. It is the only padlock I know of that could be used by a blind person. Instead of a dial to turn and numbers to set, there is a knob which can slide in 4 directions, top, bottom, left & right.

Opening the Lock

To operate the lock, you must first clear it by pushing down on the shackle. The factory code is TOP, BOTTOM, LEFT, & RIGHT, so you slide the spring loaded knob sequentially in each direction and then pull the shackle to open.

Changing the Combination

The user can set a new combination by first opening the lock, and sliding the lever on the back of the lock to the “R” position. Next, depress the shackle to clear the lock, and then enter a new combination.
There is NO LIMIT to the number of movements you can make with the slide knob. It is limited only by what you can remember. Furthermore, any movement can be repeated any number of times. For example, you could have a combination that required only one down movement, or it could, for example, require 10 down movements.
The lock I have described here has no numbers, however a visit to the website of the inventor shows how numbers could be associated with the direction of movement. For example, TOP could be labeled with the number 1, Right with the number 2, etcetera. The illustration on the website actually shows each direction associated with a grouping of numbers  so as to use all numbers from 0 through 9.
Another method to help remember combinations could be to use letters to correspond to the direction of movement. The letters could appear in an acronym or word that the user can remember. For example, if we label the direction of movement North, South, East & West, the word NEWS could be used as the combination. If you add Up, Down, Top, Bottom, Left & Right, then you increase the words that could be used to help remember the sequence.

How it works

A very good description  and technical analysis of this lock was written by Michael Huebler from Germany. There is a link to his paper on our website. It includes photographs of the inside mechanism, and a well written analysis of how the mechanism operates, and some thoughts about the number of possible combinations.
Michael also created an animated visualization to help understand what is going on when you move the knob. You can interact with this program from any web browser that supports Flash objects. That link is also on our website along with a link to the original patent drawings, and to the website of the inventor.

Conclusions

From a physical strength point of view, the construction of this padlock indicates that the intended market is areas such as school and gym lockers. As to manipulation or other methods of surreptitious entry, I’m sure the locksport community and others will let us know soon enough. Regardless of that outcome it is very refreshing to see  a new security design that is clearly new and innovative. As you will hear in the interview in a few moments, it is possible to create a more secure version of this idea by adding more disks to the design, and by changing the plastic parts to metal parts at an increased cost of course.

Interview

What follows next is an interview I had with Yeshai Knoll, the CEO of Knollan, the company that was founded by the inventor, Yehonatan Knoll and his father, Yeshai, to develop and market this idea.
The next interview is with Michael Huebler from Germany. Michael is a locksport enthusiast who obtained a sample of this padlock at last years hardware show in cologne germany. He wrote a detailed explanation of how it works which can be found as a link in the show notes.
Michael and I ended our conversation a few minutes later & I am most grateful to him for spending some time with us to discuss his finding with this lock. During our conversation we discovered that our sample locks operated differently. His sample lock and his simulator both show that a lock set to the cod of up, down, left & right can also be opened with left left right, however my sample padlock does not behave the same way. I will look into this and report back when I have an answer. In the meantime, watch for the release of this lock, I think you will enjoy playing with one. It truly is unique.