Автор: Marc Weber Tobias, J.D.
Издательство: Wiley
Год: 2024
Страниц: 722
Язык: английский
Формат: pdf (true)
Размер: 23.5 MB
Locks and keys, in various forms, have been employed to protect people, places, information, and assets for the thousands of years. And just as long as there have been locks, there have been people who want to open them without the key or combination. While improvements in lock design, metallurgy, integration of electronics in locks, and other advances should make locks more reliable, the truth is that for a persistent attacker, locks are just as vulnerable as ever and in some cases, even more so. This book examines the multitude of ways that locks are built and designed. More importantly, it then looks at the even greater variety of ways that lock pickers and hackers have found to open locks. Copying a key no longer takes a complex grinder and instead can be done with an easily available 3D printer. If you don't know the digital code to open a lock, what happens to it when you attack it with RF or an EMP generator? And has the designer of the tubular lock your company is spending millions to promote compared the size of the locking mechanism to an off the shelf ball point pen?
The book compiles the knowledge Marc Tobias accumulated when he started breaking things at the age of five years. He has since made a career of discovering and exploiting security and related legal vulnerabilities in locks, safes, and security systems. The business of locks is complex and involves liability and compliance issues as well as engineering requirements. This book analyzes different basic lock designs and presents many case examples of often-catastrophic design failures that in some instances resulted in death and property destruction, or compromise of critical information, and millions of dollars in damages.
What Does This Book Cover?
In the simplest of terms, this book is about what makes a lock or associated hardware “secure” and what can go wrong in the design. In more than one case, the result was the expenditure of millions of dollars on the research and development (R&D) of a high-security lock that was defeated in a few seconds by an 11-year-old kid with virtually no expertise. In my experience consulting for most of the world’s largest lock manufacturers, lock designs fail because of a lack of imagination on the part of everyone involved in the process. This lack of imagination has had significant and costly ramifications in terms of security failures, legal damages, an inability to meet state and federal standards, and a loss of credibility among customers. Ultimately, it puts consumers at risk, and they usually don’t know it. The results are from what I call insecurity engineering, which is the inability to design secure locks because of many factors in the education and training of engineers. That is what this book is about.
Electromechanical and electronic locks are slowly changing the landscape in physical security, but they’re subject to even more attacks by “lock pickers” and hackers. Technologies such as 3D printing, radio frequency (RF) and electromagnetic pulse (EMP) generators, electronic and mechanical decoders, and various forms of lock bumping, along with the employment of more sophisticated attack vectors, raise the stakes for manufacturers and end users. These problems pervade the industry and highlight the inability of engineers to think “out of the box” to conceive of possible methods of compromise or failure.
"Tobias on Locks and Insecurity Engineering" is written for design engineers, security and IT professionals, risk managers, government services, law enforcement and intelligence agencies, crime labs, criminal investigators, and lawyers. Even for these professionals, there is a lack of understanding of how to evaluate locks in terms of specific security requirements. Relying upon industry standards does little to define what security means and how to defeat it when considering forced entry, covert entry, and key-control issues. The reader will gain an in depth insight into lock designs and technology and how to better assess whether specific solutions will meet security requirements for their needs. The author presents detailed information that can help prevent manufacturers from producing locks that are insecure, and assist risk management personnel in reviewing current or proposed systems. For risk management, criminal investigators and crime laboratories, the information provides a roadmap as to how locks and security systems can be or may have been compromised by criminals or rogue employees.
Contents:
Скачать Tobias on Locks and Insecurity Engineering