Friday, March 1, 2013

Fire Fighting Security Notes: Security expert claims he hacked #KnoxBox

Posted by

Security expert warns fire department lockboxes can be hacked


(Reuters) - A security expert warned that criminals can gain access to locked businesses and apartments across the United States by reproducing the master keys now issued only to firefighters during emergencies.
Typical Knox Box Installation
Photo Credit: Forestvillefire.org
SAN FRANCISCO — A security expert says he has identified a flaw in heavy metal boxes that are found outside many locked companies and apartments and warns that criminals can gain access to these businesses by reproducing master keys issued only to firefighters.

 The boxes manufactured by Arizona-based Knox Co. are outside of millions of apartment complexes and companies across the country, including cities like Chicago, Atlanta and San Francisco, according to Reuters. Knox is looking into the claim.

 Justin Clarke, a cyber security researcher said he was able to create a key that was able to open a Knox Box by ordering a box and blank keys and reproducing the master key that is usually issued to firefighters from the Box.

 Knox officials said they were unaware of any safety issues with the boxes and would look into it. An engineer with company said he found the hacking hard to believe.

 "I'm not saying that somebody can't eventually make one, but I haven't seen it yet," Knox Engineer Dohn Trempala said.

 Clarke claims that because only one master key cut is issued for firefighters in each city, it is possible for a reproduced key to give criminals access to every box in that city.

 Using a metal file, and specific measurements from the box, Clarke says he was able to make a "hacked" key in about four hours.

 "A highly motivated criminal with plenty of time on their hands and incredible focus could do this. All it takes is time, focus and intent," said Clarke told Reuters.

 Lock expert Marc Weber Tobias told Reuters he thinks the hack is possible and that Knox can prevent it by changing how it ships its product.

 "What he did is not technical. It's not sophisticated," Tobias said. "It's good research. He alerted everybody to a vulnerability."

 Tobias said that Knox should ship its boxes to customers without locks and send the locks directly to the fire department that would then install both the box and lock. Currently, fire departments install the boxes with the locks in place.

 The FBI and Department of Homeland Security are also looking into the issue, Trempala told Reuters.

 Source: Reuters. - http://www.reuters.com/article/2013/03/01/us-security-lockbox-idUSBRE92004T20130301

at
Reactions: 
Labels: , , , , , , ,

No comments:

Post a Comment

CAL FIRE NEWS LOVES COMMENTS...
- Due to rampant abuse, we are no longer posting anonymous comments. Please use your real OpenID, Google, Yahoo, AIM, Twitter, Flickr name.


Subscribe to: Post Comments (Atom)

Participate and help others get the real scoop - News, Pictures, Video, Intel

CAL FIRE NEWS
WANTS YOUR
INFO, INTEL, PICTURES,
209 REPORTS, VIDEOS, STORIES,
STATION AND CREW LINKS
send to
CAL FIRE NEWS WEBMASTER
ROCDAD@GMAIL.COM

How fires get their names

Every year in California thousands of wildfires start throughout the state. In most cases, the dispatch center sending the initial resources to a wildland fire will designate a name for the fire, but the first on scene engine or fire official can also name the incident. Fires are usually named for the area in which they start – a geographical location, local landmark, street, lake, mountain, peak, etc. Quickly naming the fire provides responding fire resources with an additional locater, and allows fire officials to track and prioritize incidents by name. For example during the Southern California Fire Siege of 2003, the largest wildland fire in California history, the Cedar Fire in San Diego County, was named after the Cedar Creek Falls area where it started. The destructive Old Fire, which burned during the same time period in San Bernardino County, was named after the road along which it started - Old Waterman Canyon Road.
CAL FIRE is the largest fire department in California and the second largest fire department in the United States. CDF - CAL FIRE Firefighters answer the call more than 300,000 times a year. CAL FIRE Firefighters make up the fire department for 30 of our 58 counties in California and more than 100 local communities. We serve as the incident command during many of California’s most serious disasters. CAL FIRE Firefighters respond to many various types and forms of calls ranging from structural fires, to auto accidents, to earthquakes, to floods, to the spilling of hazardous materials, to every conceivable disaster; CAL FIRE answer's the calls. CAL FIRE is the largest fire department in California and the second largest fire department in the United States . CAL FIRE firefighters protect 33 million acres of State Responsibility Area (SRA). We have over 4,000 members within CAL FIRE and CAL FIRE is associated with the California Professional Firefighters (CPF) and the International Association of Firefighters (IAFF).

View blog top tags
---------------------
CLICK HERE TO GO BACK TO TOP OF CALIFORNIA FIRE NEWS HOME PAGE