Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label cybersecurity vulnerability. Show all posts
software vulnerabilities
ATM Cyber Security Cybersecurity measures cybersecurity vulnerability Encryption Software Updates software vulnerabilities

The Expanding PKfail Vulnerability in Secure Boot and Its Alarming Impact

 

The PKfail vulnerability in Secure Boot has grown into a far-reaching security threat, affecting thousands of devices across multiple sectors. Originally believed to be a limited issue, it arises from manufacturers releasing hardware with known compromised software, allowing unauthorized software to bypass Secure Boot encryption. Even after the initial leak of the Secure Boot encryption code in 2022, manufacturers continued to distribute devices with compromised security, and some even included warnings like “DO NOT TRUST” in the firmware. 

The original discovery indicated that devices from top manufacturers such as Dell, Acer, and Intel were compromised. However, recent investigations have expanded the list to include other major brands like Fujitsu, Supermicro, and niche producers like Beelink and Minisforum. Alarmingly, the list of impacted devices has grown to nearly four times its original size, now encompassing around a thousand models of laptops, desktops, and other x86-based hardware. What’s more concerning is that the PKfail vulnerability isn’t limited to standard consumer devices. It extends to enterprise servers, point-of-sale systems, gaming consoles, ATMs, and even medical and voting machines. 

These revelations indicate that the Secure Boot vulnerability has a much wider reach, exposing critical infrastructure to potential attacks. According to Binarly’s detection tool, this breach affects numerous industries, making it a significant cybersecurity risk. The challenge of exploiting Secure Boot remotely is substantial, often requiring advanced skills and resources, making it a tool primarily used by hackers targeting high-profile individuals or organizations. It’s particularly relevant for high-net-worth individuals, government agencies, and large corporations that are more likely to be the targets of such sophisticated attacks. 

State-sponsored hackers, in particular, could leverage this vulnerability to gain unauthorized access to confidential data or to disrupt critical operations. Addressing the PKfail vulnerability requires immediate action, both from manufacturers and end-users. Device manufacturers must issue firmware updates and improve their security practices to ensure their hardware is protected against such threats. Meanwhile, organizations and individual users should regularly check for software updates, apply patches, and implement stringent cybersecurity measures to minimize the risk of exploitation. 

The PKfail incident underscores the critical importance of cybersecurity vigilance and reinforces the need for robust protection measures. As cyber threats continue to evolve, organizations and individuals alike must stay informed and prepared to defend against vulnerabilities like PKfail.
Read more »
Unsaflok flaw
Cyber Security cybersecurity vulnerability Hacking Risk Hotel door security hotel room access Unsaflok flaw

This Security Flaw Enables Hackers to Unlock Millions of Hotel Doors

 

Researchers have unveiled vulnerabilities impacting approximately 3 million Saflok electronic RFID locks found in 13,000 hotels and homes globally, which could potentially enable unauthorized access to any door in a hotel by creating fake keycards.

Discovered by a team of researchers including Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, shell, and Will Caruana in September 2022, these security flaws, dubbed "Unsaflok," were brought to light during a private hacking event in Las Vegas. At the event, various teams competed to identify vulnerabilities within a hotel room and its associated devices. The researchers focused on scrutinizing the Saflok electronic lock system and uncovered flaws that could compromise the security of any door in the hotel.

After notifying the manufacturer, Dormakaba, of their findings in November 2022, the researchers allowed time for the vendor to address the issues and inform affected hotels without publicizing the matter.

Despite no confirmed instances of exploitation in the wild, the researchers caution that these vulnerabilities have existed for over 36 years, raising concerns about potential misuse. The researchers publicly disclosed the Unsaflok vulnerabilities, alerting the public to their impact on nearly 3 million doors utilizing the Saflok system.

The Unsaflok vulnerabilities involve a series of exploits that, when combined, allow an attacker to unlock any door using a pair of counterfeit keycards. This attackThe Unsaflok vulnerabilities involve a series of exploits that, when combined, allow an attacker to unlock any door using a pair of counterfeit keycards. This attack method requires the attacker to obtain method requires the attacker to obtain one legitimate keycard from the property, which can include their own room keycard. 

By reverse-engineering Dormakaba's front desk software and lock programming device, the researchers were able to spoof a master key capable of opening any room. Creating forged keycards involves cracking Dormakaba's key derivation function and utilizing readily available tools such as Proxmark3, Flipper Zero, or an NFC-enabled Android smartphone.

Affected Saflok models include Saflok MT, Quantum Series, RT Series, Saffire Series, and Confidant Series managed by System 6000 or Ambiance software. These models are deployed in 13,000 properties across 131 countries, with Dormakaba actively working on mitigations. However, the process is complex and time-consuming, with only 64% of locks upgraded as of March 2024.

While Dormakaba issued a statement acknowledging the vulnerability and their efforts to address it, the researchers stress the importance of heightened awareness among hotel staff and guests. Measures such as auditing entry/exit logs and using the NFC Taginfo app to check keycard types can help detect potential vulnerabilities. The full details of the Unsaflok attack will be shared once the remediation efforts reach satisfactory levels.
Read more »
Subscribe to: Posts (Atom)