The locks include their own power supply so they function even when an external source of electricity is cut off. Most versions do not consume extra or randomized power to hide what they are doing. That leaves them open to attack if a thief can get physically close enough and has the right tools, Davis said. “I can download that analog signal and parse through the power trace to get ones and zeroes,” Davis said. “I know what the lock is doing internally.” Inside ATMs, the company’s locks typically protect the cash in the more secure, lower compartment. An upper compartment includes the interface with customers and directs the lower compartment to send up money. The upper compartment often has less physical security, and breaking into it might provide access to the lower vault’s vulnerable lock. A bigger concern is that another series of DormaKaba locks are used on military bases, U.S. presidential jet Air Force One and elsewhere in the government.
pgmrdlm shares a report from Reuters: Hackers could crack open high-security electronic locks by monitoring their power, allowing thieves to steal cash in automated teller machines, narcotics in pharmacies and government secrets, according to research to be presented Friday at the annual Def Con hacking conference in Las Vegas. Mike Davis, a researcher with security firm IOActive, discovered the vulnerability last year and alerted government officials and Swiss company DormaKaba Holding, the distributor of multiple brands of locks at issue. In an interview with Reuters, Davis said he used an oscilloscope worth about $5,000 to detect small changes in the power consumption, through what is known as a side-channel attack. The method worked best in older models.