Security Insecurity By Curt Priest
Connectivity and Security are always two opposites • Internet accessible devices hard to secure • Computers • Ip cameras • Complete security systems (dashboards) • Open transmission systems • Wireless access points • Radio / television communications • Network connections • Easier to secure • Closed circuit television • Twisted pair telecom • Secured intranet (no outside connection to internet)
Vulnerability is the intersection of three elements • System susceptibility or flaw • Attacker access to the flaw • Attacker capability to exploit the flaw http://en.wikipedia.org/wiki/Vulnerability_(computing)
Onity Security Systems • Manufacturer of door security lock systems for government buildings and major hotel chains. • About 4 to 5 million Onity locks are installed on hotel room doors around the world. • A service port allows a technician to power a dead lock and use a master code to unlock.
Onity’s flawed Security lock “According to Brocious, who should be scolded for not disclosing the hack to Onity before going public, there is no easy fix: There isn’t a firmware upgrade — if hotels want to secure their guests, every single lock will have to be changed.” Cody Brocious demonstrating his unlocking tool on an Onity lock in a New York City hotel. http://www.forbes.com/sites/andygreenberg/2012/07/23/hacker-will-expose-potential-security-flaw-in-more-than-four-million-hotel-room-keycard-locks/
TrendnetSecurity Cams • Manufacturer of security cameras for home and business use. • Security flaw found in camera firmware • Company issued firmware update • Discontinued products not able to be updated • Many people do not register products (not aware of problem)
Security flaw allows unauthorized access to security system • Access to CGI (common gateway interface) folder at ROOT. • Access to camera video by simply adding cgi request with the IP address. • IP location can be found using whatismyipaddress.com/ip-lookup
Security systems are not always secure. • Questions?