{"id":9591,"date":"2015-08-18T09:45:18","date_gmt":"2015-08-18T13:45:18","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=9591"},"modified":"2017-09-24T08:14:45","modified_gmt":"2017-09-24T12:14:45","slug":"security-week-digest-33","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/security-week-digest-33\/9591\/","title":{"rendered":"Security Week 33: Doors without locks, invulnerable Microsoft, disassembler and pain"},"content":{"rendered":"

Welcome to this week\u2019s edition of Security Week. In the maiden installment<\/a>, we learned of self-unlocking cars, the Android\u2019s chronic Stage Fright and that we won\u2019t be watched in the Web any longer (actually we still will be).<\/p>\n

\"Security<\/a><\/p>\n

In this post there are two seemingly unrelated pieces of news which nevertheless have one thing in common: vulnerability sometimes arises from reluctance to take available security measures. And the third story is not about security at all, but rather concerns particular cases of relations within the industry. All the three are funny enough to be different within from what they appear.<\/p>\n

Let me remind the rules of Security Week: the editors of Threatpost<\/a> pick three most significant news stories each week, to which I add an expanded and ruthless commentary. You may find all episodes of the series here<\/a>.<\/p>\n

Hacking hotels\u2019 doors<\/h3>\n

The Threatpost story<\/a>.<\/p>\n

They say that there is dichotomy of the Sciences and the Arts, and the experts of these two disciplines can hardly understand each other. There is a strong belief that a humanist intellectual just cannot turn into a scientist or an engineer.<\/p>\n

\"Security<\/a><\/p>\n

This stereotype was once defied by trained musician John Wiegand. In the 1930\u2019s he had been a piano player and a children\u2019s choir conductor<\/a>, until he got interested in designing audio amplifiers. In the 1940\u2019s he worked on that time\u2019s novelty \u2013 magnetic tape recording. And in 1974 (at the age of 62 years) he made his major discovery.<\/p>\n

This Wiegand wire, as it\u2019s called, is a magnetic cobalt iron and vanadium alloy wire treated so that it forms a hard outer shell around a soft inner core. External fields easily magnetize the outer shell, which also resists demagnetization, even when external fields are removed \u2014 a characteristic called higher coercivity. The soft wire filling behaves differently: it\u2019s not magnetized until after the shell gets its fill of magnetization.<\/p>\n

At the moment that the wire\u2019s shell becomes fully magnetized, and the core is finally allowed to collect its own portion of magnetization, both core and shell switch polarity. The switch generates significant voltage that can be harnessed for all kinds of sensing and motion applications, making the effect usable, for instance, in hotel keys.<\/p>\n

Unlike in modern cards, ones and zeroes are not recorded in the chip, but in the direct sequence of specially laid wiring. It is impossible to reprogram such a key, and the general scheme of it is rather not like modern proximity public transit fare cards or banking payment cards, but similar to magnetic stripe cards \u2013 only more reliable ones.<\/p>\n

Shall we scrap proximity cards then? Not yet<\/em>. Wiegand gave his name not only to the discovered effect, but also to the data exchange protocol, which is quite old<\/a>. Everything about that protocol is pretty bad. Firstly, it has never been properly standardized, and there are many different implementations of it.<\/p>\n

#Security Week 33: Doors without locks, invulnerable #Microsoft, #disassembler and pain<\/p>Tweet<\/a><\/blockquote>\n

Secondly, the original card\u2019s ID can amount 16 bits yielding very few possible combinations. Thirdly, the design of those proximity cards with wiring, which were invented before we learned how to put a computer in a credit card, restricts the key length to just 37 bits with the reliability of reading dramatically falling in longer keys.<\/p>\n

Recently, at the Black Hat conference researchers Eric Evenchick<\/a> and Mark Baseggio<\/a> showed their device for intercepting (unencrypted) key sequences during authorization. The most interesting detail here is that cards have nothing to do with it at all since the information is stolen while transmitting data from a card reader to a door controller where that Wiegand protocol is historically used.<\/p>\n

The name of the device is BLEkey \u2013 it is a tiny piece of hardware that needs to be embedded in a card reader, for example, of a hotel\u2019s door. The researchers showed that the whole operation takes several seconds. Then everything is simple. We read the key, wait for the real owner to leave and open the door. Or we don\u2019t wait. Or we never open. Without going into technical details, the dialogue between the door and the reader\/wireless becomes like this:<\/p>\n

\u201cWho\u2019s there?\u201d
\n\u201cIt\u2019s me.\u201d
\n\u201cHere you are. Get in!\u201d<\/em><\/p>\n

\n

Final talk run through! pic.twitter.com\/TQB472izkO<\/a><\/p>\n

\u2014 Eric Evenchick (@ericevenchick@mastodon.social) (@ericevenchick) August 6, 2015<\/a><\/p><\/blockquote>\n