Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Friday June 15 2018, @01:20PM   Printer-friendly
from the where's-the-blockchain? dept.

A hi-tech padlock secured with a fingerprint can be opened by anyone with a smartphone, security researchers have found.

On its website, Tapplock is described as the "world's first smart fingerprint padlock".

But researchers said it took just 45 minutes to find a way to unlock any Tapplock.

[...] The "major flaw" in its design is that the unlock key for the device is easily discovered because it is generated from the Bluetooth Low Energy ID that is broadcast by the lock.

Anyone with a smartphone would be able to pick up this key if they scanned for Bluetooth devices when close to a Tapplock.

Using this key in conjunction with commands broadcast by the Tapplock would let attackers successfully open any one they found, said Mr Tierney.

In response, Tapplock said in a statement that it was issuing a software update.

-- submitted from IRC


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by JoeMerchant on Saturday June 16 2018, @11:49AM (1 child)

    by JoeMerchant (3937) on Saturday June 16 2018, @11:49AM (#693921)

    I am extremely uncomfortable with "one click ordering"

    Me too. However, when my kids order a bunch of stuff with their (supposedly locked out) Kindle, Amazon has always very graciously refunded all the purchases - for the mere price of 5 minutes of chatting with them - all in all a good trade for what the kids get out of the Kindle when they are not ordering stuff on it.

    I have also had good luck reversing CC charges which have appeared on my bill fraudulently, including stuff like Legos ordered to another address - the fact that the goods are shipped to a strange address seems to be enough to do the trick. These cost more - maybe 20 minutes on the phone, but they're the price of having a CC account and all the convenience it brings. Both the fraud and the kids only come up once every couple of years, so all in all it's not a big load.

    As for Android Pay, it feels pretty hard to do that one by accident - it's NFC, it only works when my phone is unlocked, it BING's me when it happens, pops a notice on the screen and sends an e-mail, and then it goes through the CC which has already established a level of comfort for me.

    I know people who have had their identity stolen multiple times, and it is clearly a living hell (though I wonder about some of them whether they might be letting their identity get stolen in an attempt to get out of some charges of their own...) I wonder, though, if it is any worse than being robbed at gunpoint for the cash you would carry if you didn't use CCs?

    --
    🌻🌻 [google.com]
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 1) by anubi on Saturday June 16 2018, @12:27PM

    by anubi (2828) on Saturday June 16 2018, @12:27PM (#693929) Journal

    Thanks for your vote of confidence on the Android.

    I am on the Android system... and I am afraid of the Google Play Store. I don't want to share my CC information with Google if I can help it. I am afraid of accidentally ordering stuff while I am researching whether or not I want to get something. If no-one has my name or billing credentials, I feel pretty safe to look around. If I get some phish mail in my inbox thanking me for some order, click on the link for details, I know it has to be bogus. And even if I do, I don't have personal info in my phone. I guess my phone number is the only thing in that phone that will tie it into me. And no financial info of mine is in that thing. Nothing in there one could not get from any other public source. Its just a phone, a bunch of EAGLE data file backups ( via FTP server app ), and a bunch of offline maps and offline GPS geolocation stuff. I like to go off in the middle of nowhere now and then, but really like knowing the GPS will tell me where I am, without connecting to cell towers or the internet.

    I was so scared of how easy it was to order on Amazon until I discovered I was able to go in and edit my CC number to bogus crap. I just remember to go back to my Amazon account and correct it before I order, place my order, let it go through, then botch it back up again... just to make sure that if anyone gets access to my machine, they don't also get access to a shopping spree at my expense. AliExpress keeps offering to keep my CC number, but so far, they have let me deny them to keep it on their server. The fact I have to deliberately enter the number each time gives me assurance that placing orders on my account is not as trivial as just clicking on it.

    I much prefer to keep my financial credentials off other people's machines as much as possible. It was bad enough Equifax got careless and spilled the beans.

    Admittedly, Amazon has been very gracious in making things right with me, albeit sometimes their merchants have pulled a fast one on me now and then. You know, show one thing, and ship something similar, but inferior, and once in a blue moon, I receive something that was just plain defective and someone's QC should have caught it before it got to me.

    I try to play right by Amazon, as I do appreciate their business model of backing up their sellers and "doing the dirty work" for me if things go sour, and will not abuse that, as I know returns are terribly expensive and time consuming for all involved. I do my best to make damn sure that's what I want before I order it, and also do my best to keep fraud at bay, which means if I believe my system is insecure ( which I do, others have access to it when I am not around ), I will do every trick I know to make things hard to screw up.

    --
    "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]