Friday, March 1, 2013

Fire Fighting Security Notes: Security expert claims he hacked #KnoxBox


Security expert warns fire department lockboxes can be hacked


(Reuters) - A security expert warned that criminals can gain access to locked businesses and apartments across the United States by reproducing the master keys now issued only to firefighters during emergencies.
Typical Knox Box Installation
Photo Credit: Forestvillefire.org
SAN FRANCISCO — A security expert says he has identified a flaw in heavy metal boxes that are found outside many locked companies and apartments and warns that criminals can gain access to these businesses by reproducing master keys issued only to firefighters.

 The boxes manufactured by Arizona-based Knox Co. are outside of millions of apartment complexes and companies across the country, including cities like Chicago, Atlanta and San Francisco, according to Reuters. Knox is looking into the claim.

 Justin Clarke, a cyber security researcher said he was able to create a key that was able to open a Knox Box by ordering a box and blank keys and reproducing the master key that is usually issued to firefighters from the Box.

 Knox officials said they were unaware of any safety issues with the boxes and would look into it. An engineer with company said he found the hacking hard to believe.

 "I'm not saying that somebody can't eventually make one, but I haven't seen it yet," Knox Engineer Dohn Trempala said.

 Clarke claims that because only one master key cut is issued for firefighters in each city, it is possible for a reproduced key to give criminals access to every box in that city.

 Using a metal file, and specific measurements from the box, Clarke says he was able to make a "hacked" key in about four hours.

 "A highly motivated criminal with plenty of time on their hands and incredible focus could do this. All it takes is time, focus and intent," said Clarke told Reuters.

 Lock expert Marc Weber Tobias told Reuters he thinks the hack is possible and that Knox can prevent it by changing how it ships its product.

 "What he did is not technical. It's not sophisticated," Tobias said. "It's good research. He alerted everybody to a vulnerability."

 Tobias said that Knox should ship its boxes to customers without locks and send the locks directly to the fire department that would then install both the box and lock. Currently, fire departments install the boxes with the locks in place.

 The FBI and Department of Homeland Security are also looking into the issue, Trempala told Reuters.

 Source: Reuters. - http://www.reuters.com/article/2013/03/01/us-security-lockbox-idUSBRE92004T20130301

Posted by at

1 comment:

  1. Exotic MediaMonday, September 21, 2020 12:13:00 AM

    Fire safety is very important to have as it is not very rare to be using a fire safety equipment. We produce on of the best fire equipment's and almost everything required with it
    Fire Installation Companies

    ReplyDelete

CAL FIRE NEWS LOVES COMMENTS...
- Due to rampant abuse, we are no longer posting anonymous comments. Please use your real OpenID, Google, Yahoo, AIM, Twitter, Flickr name.


Subscribe to: Post Comments (Atom)

Twitter Buttons

****REMINDER**** Every fire has the ability to be catastrophic. The wildland fire management environment has profoundly changed. Growing numbers of communities, across the nation, are experiencing longer fire seasons; more frequent, bigger, and more severe, fires are a real threat. Be careful with all campfires and equipment.

"I am a firm believer in the people. If given the truth, they can be depended upon to meet any national crisis. The great point is to bring them the real facts, and beer." --Abraham Lincoln

View blog top tags
---------------------
CLICK HERE TO GO BACK TO TOP OF CALIFORNIA FIRE NEWS HOME PAGE

Subscribe via email to California Fire News - Keep track of Cal Fire News

Enter your email address:

Delivered by FeedBurner