ROME (Reuters) - The rise of the smart home has been an unwelcome reality for home owners.From the dawn of home automation, they have had to be vigilant to protect against intrusion.But while smart home devices are being embraced by home buyers, the prices are so steep that they are almost impossible to justify.A new biometric machine that can detect fingerprints, voice commands, voice biometrics ...
By Sarah L. MillerA new report from the cybersecurity firm Black Hat has uncovered some startling new data points about electronic access control in the United States.
According to Black Hat, the FBI recently published an internal audit report that reveals that nearly 1 in 5 U.S. airports have electronic access controls that are not being monitored by the government.
The report details that nearly one in 10 airports has “hard-coded” “key loggers” in the airport that could be used to unlock any device at any time.
It also states that the FBI has been able to track the location of these hard-coded key loggers since March of 2016.
The FBI is reportedly looking into the possibility that the hard-coding devices could be remotely activated in the future.
The FBI’s audit report comes just months after the agency released an alarming new report detailing how the FBI uses an automated access control system that monitors the airport’s “fingerprint” and “fingerprints” from the airline passengers.
The agency claims that it is “unprecedented in its use of this technology” to track airport-passenger “finger print” data.
The report also states, “In addition to its physical monitoring, the system collects information about each airport passenger using the fingerprint recognition capability of this system.”
This system was first deployed at the George Bush Intercontinental Airport in Dallas in 2016 and was later expanded to include the Reagan National Airport in Washington D.C. and Dulles International Airport in Virginia.
According the report, airport-wide, the scanner has a capacity of 20 devices.
These devices are equipped with two cameras, two microphone microphones, two “hard keys” that can be programmed to unlock the device, and a “digital camera” that “captures the individual’s face” in a digital image.
The scanner can be used for up to three hours before needing to be shut down.
When a passenger passes through an airport’s airport-security checkpoint, the airport-authorized access control “automatically” scans their fingerprints and then “uses that image to authenticate” the passenger, according to the report.
This “automatic authentication process” is then transmitted to a database where the airline’s internal network analyzes the image, determines if it matches a fingerprint and then verifies the image matches the passenger’s face.
Once the database matches the image it is sent back to the airport via a “hotel-grade” encryption protocol, according the report.(Source: Black Hat via Black Hat)According to the FBI’s report, the device “is designed to allow a single point of entry to control access to the entire system for a specified period of time, while minimizing the chance of accidental access.”
The report goes on to say that “the system is designed to monitor and validate the accuracy of the image being captured in real time.”
It is not immediately clear what the “real time” means.
In addition, the report notes that “there is no way to verify the validity of the fingerprint images,” which means the scanner will not “be able to determine whether the image is the same as the image on a fingerprint scan.”
According to a March 2017 report from cybersecurity firm Symantec, the Federal Aviation Administration has been “reporting that about 1 in 6 commercial airports and air carriers have ‘hard-coded’ fingerprint scanning technology, which can allow the FBI to bypass airport-based airport security and enter the passenger information of any passenger at any point in time.”
(Read more about airport access control and security in this cybersecurity guide from Symantech.)
The FBI also reportedly “reports that over 30,000 passengers have reported having their personal information accessed, stored, and accessed via the fingerprint scanners in the past six months.”
The FBI also noted that the airport is “monitoring more than 1,000 airports, including major hubs, to ensure that all passengers are protected against potential cyberattacks.”
This data is extremely disturbing, and it demonstrates the need for strong government cybersecurity.
We cannot let a lack of security allow terrorists to exploit vulnerabilities that could have been easily patched in the years prior to this report.
The full report from Black Hat is available at https://blackhat.com/2017/03/26/how-access-control-accesses-australia-airport/ Black Hat also has a summary of the report at http://blackhats.com/?p=2361#.
Vb2l6zQgQ Black Hat says the FBI is currently “actively investigating” the issue of “hard coding” and the “fingerprinted” scanner.
The investigation is ongoing.
Read more at Black Hat.