SoylentNews is people
SoylentNews
A hi-tech padlock secured with a fingerprint can be opened by anyone with a smartphone, security researchers have found.
On its website, Tapplock is described as the "world's first smart fingerprint padlock".
But researchers said it took just 45 minutes to find a way to unlock any Tapplock.
[...] The "major flaw" in its design is that the unlock key for the device is easily discovered because it is generated from the Bluetooth Low Energy ID that is broadcast by the lock.
Anyone with a smartphone would be able to pick up this key if they scanned for Bluetooth devices when close to a Tapplock.
Using this key in conjunction with commands broadcast by the Tapplock would let attackers successfully open any one they found, said Mr Tierney.
In response, Tapplock said in a statement that it was issuing a software update.
-- submitted from IRC
(Score: 1) by anubi on Saturday June 16 2018, @12:27PM
Thanks for your vote of confidence on the Android.
I am on the Android system... and I am afraid of the Google Play Store. I don't want to share my CC information with Google if I can help it. I am afraid of accidentally ordering stuff while I am researching whether or not I want to get something. If no-one has my name or billing credentials, I feel pretty safe to look around. If I get some phish mail in my inbox thanking me for some order, click on the link for details, I know it has to be bogus. And even if I do, I don't have personal info in my phone. I guess my phone number is the only thing in that phone that will tie it into me. And no financial info of mine is in that thing. Nothing in there one could not get from any other public source. Its just a phone, a bunch of EAGLE data file backups ( via FTP server app ), and a bunch of offline maps and offline GPS geolocation stuff. I like to go off in the middle of nowhere now and then, but really like knowing the GPS will tell me where I am, without connecting to cell towers or the internet.
I was so scared of how easy it was to order on Amazon until I discovered I was able to go in and edit my CC number to bogus crap. I just remember to go back to my Amazon account and correct it before I order, place my order, let it go through, then botch it back up again... just to make sure that if anyone gets access to my machine, they don't also get access to a shopping spree at my expense. AliExpress keeps offering to keep my CC number, but so far, they have let me deny them to keep it on their server. The fact I have to deliberately enter the number each time gives me assurance that placing orders on my account is not as trivial as just clicking on it.
I much prefer to keep my financial credentials off other people's machines as much as possible. It was bad enough Equifax got careless and spilled the beans.
Admittedly, Amazon has been very gracious in making things right with me, albeit sometimes their merchants have pulled a fast one on me now and then. You know, show one thing, and ship something similar, but inferior, and once in a blue moon, I receive something that was just plain defective and someone's QC should have caught it before it got to me.
I try to play right by Amazon, as I do appreciate their business model of backing up their sellers and "doing the dirty work" for me if things go sour, and will not abuse that, as I know returns are terribly expensive and time consuming for all involved. I do my best to make damn sure that's what I want before I order it, and also do my best to keep fraud at bay, which means if I believe my system is insecure ( which I do, others have access to it when I am not around ), I will do every trick I know to make things hard to screw up.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]