Blog

iconprint · Share

You Won’t Get Fooled Again

icon Blog on Technology  •  posted 03/02/16
In a recent blog post and YouTube video, Matthew Jakubowski, a security researcher with Trustwave, showed how a pocket size electronic lock pick, disguised as a magic marker, could be used to open a lock that protects rooms in as many as 22,000 hotels. 
 
A small port on the lock’s bottom, designed for hotels to set master keys, appears to be the vulnerability. The lock’s maker responded with a security fix, but it requires hardware changes. 
 
It may seem to be a rare manufacturer oversight, but Roger Johnston, Ph.D., section manager at Argonne National Laboratory, believes overlooked vulnerabilities—in the very security devices that are designed to offer companies’ protection—are more common than security professionals think. 
 
According to Johnston, engineers and manufacturers focus on making things easy for the user and simplifying the service of devices. These very conveniences, however, make it easy to tamper with devices, and allow an industrious intruder to modify and fool a door access control unit, for example. Security is about inconvenience, but engineers like to make things easy, notes Johnston.
 
Security executives often forget—but shouldn’t—to evaluate the security of a device as closely they do other criteria, such as compatibility, features, and price. Often, even basic security precautions are ignored in the manufacture of security devices, like tamper-indicating enclosures or only utilizing a mechanical tamper switch (which is about the same as having no tamper detection, says Johnston). 

Workplace Violence Report

Featured Membership Content

Popular Tools & Resources

Featured Premium Resources

Upcoming Events

Advisory Services

SDR Advisory Services can help improve your operations Contact us to learn more

New to Premium
iconMaster Guide to Workplace Violence: Threats, Prevention, Policies & Best Practices

Stay Compliant

Newsletter
Sign up for our FREE weekly Corporate Safety & Security e-newsletter.