Tuesday, 26 July 2016

Hackers thwart TSA luggage locks, see same problems in backdoors

Researchers who successfully reverse-engineered master keys used by the Transportation Security Authority say their work should be a metaphor for the dangers of encryption backdoors.

The TSA requires all luggage to be searchable, with all locks able to be opened by one of eight master keys. Anyone with the keys can open any luggage complying with the rules. A trio of hackers presenting at this weekend’s Hope Conference in New York City showed that with widely available supplies, anyone can reproduce as many as seven of those eight keys.  “Let’s assume that the government has our best interest in mind,” said the hacker Johnny Xmas, who with Nite 0wl and DarkSim905 — each presenting under their nickname — reproduced the TSA keys. Xmas works as a penetration tester for Redlegg Tradecraft labs

“Now that we’ve given government our keys, what happens when the bad guys get them? In security, we assume that networks being compromised is a when, not an if.”

The same is true, he says, of the proposal to provide digital master keys to law enforcement. For the full article click here 



from hacker samurai http://ift.tt/29WW9Sc
via IFTTT

No comments:

Post a Comment