Thursday, March 3, 2005

Yet another lockmaker doesn't want to talk about vulnerabilities

Bruce Schneier writes:

The Winkhaus Blue Chip Lock is a very popular, and expensive, 128-bit encrypted door lock. When you insert a key, there is a 128-bit challenge/response exchange between the key and the lock, and when the key is authorized it will pull a small pin down through some sort of solenoid switch. This allows you to turn the lock. Unfortunately, it has a major security flaw. If you put a strong magnet near the lock, you can also pull this pin down, without authorization -- without damage or any evidence. The worst part is that Winkhaus is in denial about the problem, and is hoping it will just go away by itself. They've known about the flaw for at least six months, and have done nothing. They haven't told any of their customers. If you ask them, they'll say things like "it takes a very special magnet."
What is it with physical security types just not getting it?

No comments:

www.flickr.com