When was the last time you saw a hotel that still used traditional key locks? Odds are that you haven’t unless you are sleeping at a very small private hotel or a very low cost chain. Modern card-based locks are easier for the hotel to keep up with and are more convenient for the guests that use them as well, but how safe are they in reality? According to a Mozilla software developer, Cody Brocious, not nearly as safe as we would hope.

Brocious is set to deliver a presentation today at the Black Hat USA 2012 security conference that will show just how easy it is to open a hotel lock with cheap, open-source parts that take advantage of a real security flaw in card-based lock systems that are made by manufacturer Onity. The open-source device is designed to insert into the DC power port of a hotel lock by posing itself off as a portable programming device that the hotel staff uses to assign master keys to doors. The device can get the job done in a matter of seconds with almost 100% accuracy on Onity locks that were ordered online, but on-site at a hotel it was proven that it only worked on one out of three locks tested- still that is a very real security hole.

Brocious intends to publish his findings on Daeken after the presentation but is done working on the flaw exploit, fearing it could threaten the overall security of millions of hotel guests. It is said that about four or five million hotels across the globe use Onity locks, so hopefully the presentation of this flaw will encourage Onity to work on fixes that prevent this from ever becoming a real issue. In the meantime, it’s not such a bad idea for hotel guests to use the chain lock inside their rooms as well.

[ source via tecca ]

The post Hacker Finds Way to Crack Hotel Keycard Systems appeared first on Mobile Magazine.

If you have nightmares about being watched, this will be your worst ever. Your mobile phone, the thing that you carry around almost everywhere, might be giving away your location to hackers. According to a new study, anyone with a cheap phone and open source software can easily track the location of a mobile phone (on GSM network, which provides service to 80 percent of the global mobile market) without the owner ever knowing about it.

Computer scientists from the University of Minnesota conducted a study and found out that it is an easy task for a third party to track the location of a cell phone user as long as the networks “leak” the locations of users.

Ph.D. student Denis Foo Kune says, “Cell phone towers have to track cell phone subscribers to provide service efficiently. For example, an incoming voice call requires the network to locate that device so it can allocate the appropriate resources to handle the call. Your cell phone network has to at least loosely track your phone within large regions in order to make it easy to find it“.

What a cell phone tower does is that it will broadcast a page to a phone and then wait for the phone to respond to a call. A hacker can easily force those messages to go out and then hang up before the handset rings. The researchers say that it is possible to track a device within an area of 100 square km just by checking out those messages.

And what are the threats, you ask? The researchers were talking about a few possible ones: “For example, agents from an oppressive regime may no longer require cooperation from reluctant service providers to determine if dissidents are at a protest location. A second example could be the location test of a prominent figure by a group of insurgents with the intent to cause physical harm for political gain. Yet another example could be thieves testing if a user’s cell phone is absent from a specific area and therefore deduce the risk level associated with a physical break-in of the victim’s residence“.

But they are saying that a few low-cost techniques which require no hardware changes can solve the problem. They are currently in talks with AT&T and Nokia regarding the matter.

Head here to take a peek at the full research paper.

The post Hackers Can Easily Track Your Mobile Phone, Says Study (Video) appeared first on Mobile Magazine.

Sony made the announcement yesterday, one full week after learning of the intrusion. The announcement was possibly delayed in order for evidence to be gathered against the hackers. And of course, they didn’t want to ruin your easter weekend with this news.

A theory surfacing from Reddit explains that PSN was shut down to prevent users of custom firmware (CFW) from using a recently discovered method of pirating PSN content.

It’s obvious Sony has made some enemies as of late, whether or not this is a result of recent action towards the hacking community is unknown, but is timely.

For now, since you cannot get on the PSN, going on day 5, you can simply disconnect your PS3 from the network and keep a watchful eye on your credit cards used on the PSN.

The post PSN Still Down, Was This A Retaliation? appeared first on Mobile Magazine.

The two, using the name “Goatse Security” as a façade internet research security group, claimed responsibility for hacking into AT&T’s servers last June, apparently intending to damage the cellular company. According to U.S. Federal prosecutors at a press conference today, they’re each being charged with conspiracy to access a computer without authorization and fraud in connection with personal information.

“Each count carries a maximum of five years in prison and a fine of $250,000,” said Paul J. Fishman, a U.S. Attorney for the District of New Jersey, during his speech at today’s press conference. “In addition, if each is convicted they will also be ordered to repay AT&T for the cost of the breach.”

“The hallmark of this criminal hacker subculture is malicious one-upsmanship,” Fishman continued, adding that “the safety and security of computer networks and computer infrastructure is an issue of national security.”

The case will undoubtedly serve as a precedent setting for future hackings, but may also prove to deter future would-be hackers from considering the idea of messing with the FBI.

“Let me be clear,” Fishman said in his closing statement. “Computer hacking is not a competitive sport.”

[Wall Street Journal]

The post Charges laid against iPad hackers appeared first on Mobile Magazine.

The group replied last week saying it exposed the security flaw to inform and protect consumers, and refused to make public their discoveries until AT&T repaired the issue. In response to the FBI’s claim that they’ve begun investigating the incident, the hacker organization said simply, “We did not try to hack your iPads, your iPads are safer now because of us”. They also noted that all findings have been destroyed by both the hackers and Gawker Media’s Valleywag website who received the data from them.

In spite of potentially exposing information in over 114,000 iPad users, AT&T is standing behind their efforts to protect the privacy of customers. In her email, Attwood noted “AT&T takes your privacy seriously and does not tolerate unauthorized access to its customers’ information or company websites. We will cooperate with law enforcement in any investigation of unauthorized system access and to prosecute violators to the fullest extent of the law.”

According to the same hackers that used the automated PHP script to harvest the user information, Apple still has not remedied the security hole.

Apple has not commented on the incident as of yet.

[Device Mag via PC World]

The post AT&T slams hacker group responsible for “malicious” attack appeared first on Mobile Magazine.