Between jewelry, passports, laptops, and even tablets, a lot of us carry some very expensive things when we travel. And we expect the hotel we're staying at to do all they reasonably can to keep us and our belongings safe. But according to a Forbes report, hotel doors with keycard entry offer virtually no security at all — they can be easily hacked with as little as $50 worth of equipment.
According to 24-year old security expert Cody Brocious, if your hotel room door's keycard lock has a DC power port, it can be broken in to with inexpensive software and other hacking tools. And to prove it, Brocious has created a device capable of breaking into as many as 5,000,000 hotel rooms worldwide. The device works by spoofing the all-access cards used by hotel staff. According to Brocious, while every locked hotel room door requires its own access code to open, that access code is programmed into the door itself. The hacking tool can read the code, and then use it moments later to unlock the door.
Brocious will talk more about his hacking tool (and, more broadly, hotel room security) at the Black Hat USA security conference on July 24.
A user at password-hacking forum Inside Pro earlier this month published a half-gigabyte file that contained as many as 11 million passwords collected from users at the popular German gaming site Gamigo, Forbes reports. Even though the file containing the passwords has been removed from the forum, Forbes says the damage may have already been done since the file was available for weeks before being taken down. Steve Thomas, the founder of data breach warning service PwnedList, told Forbes that the published passwords represent “largest leak I’ve ever actually seen,” although he said that he could only count 8.2 million unique email addresses and passwords in the file rather than the 11 million claimed by the original leaker. Gamigo had apparently warned its users months ago that their accounts may have been compromised by hackers, although this past month marked the first time that its users’ email addresses and passwords had been published.
No comments:
Post a Comment