November 21, 2005
Old profession, new technology
It seems that the time-old professsion of Safe Cracking is getting some new technology behind it. From the Coredump website comes this clever idea:Cracking safes with thermal imagingHere are two photos:
This inexplicably brief "research" paper presents an interesting physical world attack that may be easily deployed by a determined attacker to compromise many high-security access control systems in use today. Although this paper's findings are hardly groundbreaking (and in some ways, are downright obvious), it includes some cool pictures, and should be most certainly taken into account in risk management, secure zone planning, and when drafting operating procedures for high-risk areas. But most of all, I just wanted to share ;-)
In short, virtually all keypad entry systems - as used in various applications, including building access control, electronic lock safes, ATM input, etc - are susceptible to a trivial low-profile passphrase snooping scheme. This attack enables the attacker to quickly and unobtrusively recover previously entered passphrases with a high degree of success. This is in contrast to previously documented methods of keypad snooping; these methods were in general either highly intrusive - required close presence or installation of specialized hardware - or difficult to carry out and not very reliable (e.g., examining deposited fingerprints).
The attacker can perform the aforementioned attack by deploying an uncooled microbolometer thermal imaging (far infrared) camera within up to approximately five to ten minutes after valid keycode entry. Although this may sound outlandish, the heat transferred during split-second contact of individual keys with human body (even through, for example, gloves) is significant enough and dissipates slowly enough to make this possible after the area has been cleared of all personnel.
Furthermore, since the image can be acquired from a considerable distance (1-10 meters is easy to achieve), the attacker can afford to maintain a remarkably low profile through the process.
Comments
Post a comment