Key lesson

By Tom on February 4, 2010 8:52 PM | 2 Comments | No TrackBacks
Berni sent us the following story from Steyr in Upper Austria. On a visit at the University of Applied Sciences she found an accessible, locked room on one of the floors. The only drawback, somebody left the keys there. 

FH_Steyr_01.JPG

Now, the question is, how much value does access to this room have? 

FH_Steyr_02.JPG

First of all, you can steal paper, but that shouldn't leave too much damage to the company. Secondly, an intruder could wait for some important documents printed out. As this room is locked during the day, it could be an interesting place for getting information. Another source of information is the key itself. Even if an attacker can't get much value out of the information in the room, she could try to copy the key or just take notes about the cuts of the key. This can enable the attacker to duplicate it or use in combination with some other keys to rebuild the master key of the university's locks.

So the key lesson of this story: never leave your keys unattended - and never leave it on the doors. :) Thanks to Berni for sending in this story and the pictures. 

Update (7/2/2010): Churchy added another security issue that wasn't mentioned in the blog posting above. An attacker could use the printer's network cable to get access to the network. This could be interesting especially in situations where you just have access to a secured WLAN that is separated from the internal LAN.

No TrackBacks

TrackBack URL: http://www.securitypitfalls.org/admin/mt-tb.cgi/103

2 Comments

fl0 | February 12, 2010 2:21 PM | Antworten

Hoi,

additionally you could try to get hold of the stored print-outs in the memory of those machines.

Regards,
fl0

Author Profile Page Tom | February 23, 2010 9:51 PM | Antworten

In addition, you could perform some dumpster diving exercises. :)

Leave a comment

Search

User ranking

User     Reported Pitfalls
Flo4
Norb4
Berni2
Sup2
Ali1
Churchy1
JG1
Nuuz1
Trixi1
vmorbit1

Idea behind SecurityPitfalls.org

SecurityPitfalls is an educational, supportive and fun project and depends strongly on the community that drives this project. For further information visit the article What's the basic idea behind SecurityPitfalls.org

About this Entry

This page contains a single entry by Tom published on February 4, 2010 8:52 PM.

Security in Hostels was the previous entry in this blog.

Ever thought about asking for the master key? is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Categories

Monatsarchive Archives

Send in your photos and stories

SecurityPitfalls.org is a community project where we work together and collect situations where security fails, primarily for educational purpose, as source for discussions and presentations and fun. Send your photos (digi cam/handy), stories or movies to incoming {at} securitypitfalls.org and we will post your experiences you want to share with other people.

Recent Comments

  • Tom: In addition, you could perform some dumpster diving exercises. :) read more
  • fl0: Hoi, additionally you could try to get hold of the read more