Physical security is often considered simpler than digital security since safes are heavy and physical keys take more effort to duplicate than those of the digital persuasion. [Maxime Beasse and Quentin Clement] have developed a smartphone app that can duplicate a key from a photo making key copying much easier. KeyDecoder is an open source Android app that can generate all the necessary bitting info to duplicate a key from just an image. Luckily for the paranoid among us, the image must be taken with the key laying flat without a keyring on an ISO/CEI 7810 ID-1 ID or credit card. A passerby ..read more

When [Zach Hipps] was faced with a locked safe and no combination, it seemed like calling a locksmith was the only non-destructive option. Well, that or doing something crazy like building a safe-opening robot. Since you’re reading this on Hackaday, we bet you can guess which path he took. So far, [Zach] has managed to assemble the custom chuck and spindle for the safe cracker. This construction is then mated with an appropriately precise Trinamic controller for the motor, which is perfect for this heist project. After some early consternation around the motor’s stall detection capabilities ..read more

In what’s being described as a Humpty-Dumpty incident, Rackspace customers have lost access to their hosted Exchange service, and by extension, lots of archived emails. The first official word of trouble came on December 2nd, and it quickly became clear that this was more than the typical intern-tripped-over-the-cable incident. Nearly a week later, Rackspace confirmed what observers were beginning to suspect, it was a ransomware attack. There’s not a lot of other answers yet, and the incident FAQ answers are all variations on a theme. Our investigation into the incident is ongoing and will t ..read more

A common trope in bank heist B-movies is someone effortlessly bypassing a safe’s combination lock. Typically, the hero or villain will turn the dial while listening to the internal machinery, then deduce the combination based on sounds made by the lock. In real life, high-quality combination locks are not vulnerable to such simple attacks, but cheap ones can often be bypassed with a minimum of effort. Some are so simple that this process can even be automated, as [Mew463] has shown by building a machine that can open a Master combination lock in less than a minute. The operating principle is ..read more

There’s a problem in the unrar utility, and as a result, the Zimbra mail server was vulnerable to Remote Code Execution by simply sending an email. So first, unrar is a source-available command-line application made by RarLab, the same folks behind WinRAR. CVE-2022-30333 is the vulnerability there, and it’s a classic path traversal on archive extraction. One of the ways this attack is normally pulled off is by extracting a symlink to the intended destination, which then points to a location that should be restricted. unrar has code hardening against this attack, but is sabotaged by its cross ..read more

Lockpicking is more of an art than a science: it’s probably 10% knowledge and 90% feeling. Only practice will teach you how much torque to apply to the cylinder, how to sense when you’ve pushed a pin far enough, or what it feels like when a pin springs back. Surely a robot would never be able to replicate such a delicate process, wouldn’t it? Well, not according to [Lance] over at [Sparks and Code], who thought that building a lock picking robot would be an interesting challenge. He started out with a frame to hold a padlock and a servo motor to apply torque. A load cell measures the amount o ..read more

Car keys these days are remarkably complex beasts. Covered in buttons and loaded with security transponders, they often cost hundreds of dollars to replace if you’re unlucky enough to lose them. However, back in the day, keys used to just be keys — a hunk of metal in a mechanical pattern to move some levers and open a door. Thus, you could reshape a wrench into a key for an old car if that was something you really wanted to do. The concept is simple. Take a 12mm ratcheting wrench, and shape the flat section into a profile matching that of a key for an older car without any electronic security ..read more

Every time manufacturers bring a new “unpickable” lock to market, amateur and professional locksmiths descend on the new product to prove them wrong. [Shane] from [Stuff Made Here] decided to try his hand at designing and building an unpickable lock, and found that particular rabbit hole to be a lot deeper than expected. (Video, embedded below.) Most common pin tumbler locks can be picked thanks to slightly loose fits of the pins and tiny manufacturing defects. By lifting or bumping the pins while putting tension on the cylinder the pins can be made to bind one by one at the shear line. Once a ..read more

If you are smart, you wouldn’t hand your house key over to a stranger for a few minutes, right? But every time you use your key to unlock your door, you are probably broadcasting everything an attacker needs to make their own copy. Turns out it’s all in the sound of the key going into the lock. Researchers in Singapore reported that analyzing metallic clicks as the key slides past the pins gives them the data they need to 3D print a working key. The journal published research is behind a paywall, but there is a copy on co-author [Soundarya Ramesh’s] website which outlines the algorithm used to ..read more

We are continuously inspired by our readers which is why we share what we love, and that inspiration flows both ways. [jetpilot305] connected a Rothult unit to the Arduino IDE in response to Ripping up a Rothult. Consider us flattered. There are several factors at play here. One, the Arduino banner covers a lot of programmable hardware, and it is a powerful tool in a hardware hacker’s belt. Two, someone saw a tool they wanted to control and made it happen. Three, it’s a piece of (minimal) security hardware, but who knows where that can scale. The secure is made accessible. The Github upload in ..read more