<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>Locks &#8211; Noise</title>
	<atom:link href="https://noise.getoto.net/tag/locks/feed/" rel="self" type="application/rss+xml" />
	<link>https://noise.getoto.net</link>
	<description>The collective thoughts of the interwebz</description>
	<lastBuildDate>Tue, 16 Sep 2025 16:10:41 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>
	<item>
		<title>Hacking Electronic Safes</title>
		<link>https://noise.getoto.net/2025/09/17/hacking-electronic-safes/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 17 Sep 2025 11:05:59 +0000</pubDate>
				<category><![CDATA[backdoors]]></category>
		<category><![CDATA[disclosure]]></category>
		<category><![CDATA[Locks]]></category>
		<category><![CDATA[patching]]></category>
		<category><![CDATA[safes]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70818</guid>

					<description><![CDATA[<p>Vulnerabilities in <a href="https://www.wired.com/story/securam-prologic-safe-lock-backdoor-exploits/">electronic safes</a> that use Securam Prologic locks:</p>
<blockquote><p>While both their techniques represent glaring security vulnerabilities, Omo says it’s the one that exploits a feature intended as a legitimate unlock method for locksmiths that’s the more widespread and dangerous. “This attack is something where, if you had a safe with this kind of lock, I could literally pull up the code right now with no specialized hardware, nothing,” Omo says. “All of a sudden, based on our testing, it seems like people can get into almost any Securam Prologic lock in the world.”...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Mailbox Insecurity</title>
		<link>https://noise.getoto.net/2024/12/19/mailbox-insecurity/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 19 Dec 2024 15:24:47 +0000</pubDate>
				<category><![CDATA[Locks]]></category>
		<category><![CDATA[mail]]></category>
		<category><![CDATA[physical security]]></category>
		<category><![CDATA[theft]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69707</guid>

					<description><![CDATA[It turns out that all cluster mailboxes in the Denver area have the same master key. So if someone robs a postal carrier, they can open any mailbox.
I get that a single master key makes the whole system easier, but it&#8217;s very fragile security.
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Security Vulnerability in Saflok’s RFID-Based Keycard Locks</title>
		<link>https://noise.getoto.net/2024/03/27/security-vulnerability-in-safloks-rfid-based-keycard-locks/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 27 Mar 2024 11:01:08 +0000</pubDate>
				<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[hotels]]></category>
		<category><![CDATA[Internet of Things]]></category>
		<category><![CDATA[Locks]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68655</guid>

					<description><![CDATA[<p>It’s <a href="https://www.wired.com/story/saflok-hotel-lock-unsaflok-hack-technique/">pretty devastating</a>:</p>
<blockquote><p>Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call <a href="https://unsaflok.com/">Unsaflok</a>. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries. By exploiting weaknesses in both Dormakaba’s encryption and the underlying RFID system Dormakaba uses, known as MIFARE Classic, Carroll and Wouters have demonstrated just how easily they can open a Saflok keycard lock. Their technique starts with obtaining any keycard from a target hotel—say, by booking a room there or grabbing a keycard out of a box of used ones—then reading a certain code from that card with a $300 RFID read-write device, and finally writing two keycards of their own. When they merely tap those two cards on a lock, the first rewrites a certain piece of the lock’s data, and the second opens it...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Security Vulnerabilities in Honda’s Keyless Entry System</title>
		<link>https://noise.getoto.net/2022/07/12/security-vulnerabilities-in-hondas-keyless-entry-system/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 12 Jul 2022 12:23:24 +0000</pubDate>
				<category><![CDATA[cars]]></category>
		<category><![CDATA[keys]]></category>
		<category><![CDATA[Locks]]></category>
		<category><![CDATA[reports]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65653</guid>

					<description><![CDATA[<p>Honda vehicles from 2021 to 2022 are vulnerable to <a href="https://www.vice.com/en/article/z34xnw/hackers-say-they-can-unlock-and-start-honda-cars-remotely">this attack</a>:</p>
<blockquote><p>On Thursday, a security researcher who goes by Kevin2600 <a href="https://rollingpwn.github.io/rolling-pwn/">published a technical report</a> and videos on a vulnerability that he claims allows anyone armed with a simple hardware device to steal the code to unlock Honda vehicles. Kevin2600, who works for cybersecurity firm Star-V Lab, dubbed the attack RollingPWN.</p>
<p>[…]</p>
<p>In a phone call, Kevin2600 explained that the attack relies on a weakness that allows someone using a software defined radio—<a href="https://greatscottgadgets.com/hackrf/">such as HackRF</a>—to capture the code that the car owner uses to open the car, and then replay it so that the hacker can open the car as well. In some cases, he said, the attack can be performed from 30 meters (approximately 98 feet) away...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Bluetooth Flaw Allows Remote Unlocking of Digital Locks</title>
		<link>https://noise.getoto.net/2022/05/20/bluetooth-flaw-allows-remote-unlocking-of-digital-locks/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 20 May 2022 11:02:14 +0000</pubDate>
				<category><![CDATA[bluetooth]]></category>
		<category><![CDATA[cars]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[Locks]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65441</guid>

					<description><![CDATA[<p>Locks that use Bluetooth Low Energy to authenticate keys are <a href="https://www.reuters.com/technology/tesla-cars-bluetooth-locks-vulnerable-hackers-researchers-2022-05-17/">vulnerable to remote unlocking</a>. The research focused on Teslas, but the exploit is generalizable.</p>
<blockquote><p>In a video shared with Reuters, NCC Group researcher Sultan Qasim Khan was able to open and then drive a Tesla using a small relay device attached to a laptop which bridged a large gap between the Tesla and the Tesla owner’s phone.</p>
<p>“This proves that any product relying on a trusted BLE connection is vulnerable to attacks even from the other side of the world,” the UK-based firm said in a statement, referring to the Bluetooth Low Energy (BLE) protocol—technology used in millions of cars and smart locks which automatically open when in close proximity to an authorised device...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/

Object Caching 27/117 objects using Memcached
Page Caching using Disk: Enhanced 
Lazy Loading (feed)
Database Caching using Memcached

Served from: noise.getoto.net @ 2025-12-09 07:33:30 by W3 Total Cache
-->