Security Breach Case Study: A Literal Key to NY City

Author: Brian Rhodes, Published on Oct 04, 2012

How much would it take to bring a city to it's knees? How about $150? It sounds impossible, but that is exactly what has happened in NYC. A major security vulnerability has been exposed with a simple set of keys - a "fireman's key ring" - illegally sold to a newspaper. In this note, we peek into the security firestorm, the backstory, the costs involved to recover from improperly managed 'master' keys, and discuss how to prevent similar events in the future.

The Story

** * ********** ************** ** ******* ************, * ******* ********* (*********) ******* ** **** * *** of ****** **** ********* ******* ** **** ** ** ****** auction. **** ********** *** ** **** ** **** ********, *** to *** ******* ** '***********' **** ** ******* *** ******** common ** *** *********** **** *** ********* ****:

  • ******** ******* ******* ***:**** ******* *** ******** ** **** ** ** ******** ** the ****** ***** *** '****** ***' ** ******* ** ******* during * **** *****. **** ******** ******** ********* **** ******** trapped ****** ****, ** *********** ******* *** **** *** * car **** **** ****** ** **********.
  • ****** **** ****** ***:******* ******* *** **** ** ******* ****** ** ********** ***** of ***'* ****** ******, *** *** ** ****** **** ****** these *****.
  • ******* ******* *******/******: ***** ******** ********** ******* ***** * ****** *** *** quick ****** ** ******* ****** ************ *******.
  • ************ **** *********:******* ** '*********', ******* **** ** *** **** ********** ****** *** *********** holding *** **** *** ****** ************ ******** (* ***** ***** Center *** *****.)

*** *** ****** ** **** ********** *** **** ***** **** in *** '**** ******' ** **** **** ******** ** ***'* **** ********** ***** can ** ******* ******* ************* ** ******* ********** - ****************** **********, *******, ************.

***** ** ******* **** *** **** ***** ** *** *****, selling **** ******** ** * *****, *** *** ****** ****** has **** ***** *** ****** - **** *** ******* *** the *********** ***** ** ** ******** ***********.

The ****

**** ************ ********* ***** *** **** ** **** ***** ** tens ** *********, *********** ** ** ******** ** ********* ** dollars.

******** **** * ****** '****** ***' ***** **** **** ********* locks ********** *** ****, ****** * **** ** * **** can ****** ****** **** ********** *****. ******** **** *** ******* cost ** ********* * ****** **** ** $**-$**, **** *** effort ** ******** **** *** ***** ***** ***** ******* $**,*** - $**,***. **** ******** **** *** ******** *** ********** **** of ********* ****, ********** (** **** *****, ****) *********, *** the ******* ********** ***** ******** ** ********** *** ******* *** work.

Solving *** *******

***** *** ****** ** ******** *** ****** ******** ** *** story, *** ******* ******* ** ****** *** *******. ** ** previously ********* ** *** "*** *** ********** *** *******?" ******, **** **** ********** ****** ** ******** ********** ** also *** ** *** **** ********.

***** ** ********** ** * *** ********** ****** ** ***** by *** ******* *******, ******* ** *** *** ******* **** been **** ** ********** ********* ** **********. ********** ** *** details ** *** ********** ****** ** *****, *** ************ ***** a ********* ** **** ** *** * *** ** ****** keys ****** ***** *** ** ******** ** ***** *** ********** was ** *****.

***** ******** ******** ******, **** * ******** *** (********** * 'master' ***) ** **** ** ****** ** *********** ********, ** at ***** ********** ** ** ******* ****** ******* ********* ******. At *** ***** * *** ** *******, ********** *** ********** action *** ** ***** ** ******* *** *** ** *****/****** affected *****, ****** **** * *************** '****-****' ******** ****** ** fear.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Dell EMC Surveillance Division Profile on Apr 20, 2017
With revenue growth from traditional IT customers slowing, Dell has set a focus on the security industry as a market where the company can offer...
2Gig Intrusion Megatest (GC2 & GC3 Panels Tested) on Mar 28, 2017
2Gig is one of the most widely used intrusion systems, with two product lines that are the main offering of many alarm companies, huge national...
Lock Keyways For Access Control Guide on Mar 23, 2017
Lock keyways can be the difference between a lock working or not. Understanding keyways is important for access control. Indeed, a member recently...
Unikey Smart Phone Access Control Platform on Mar 21, 2017
More and more people carry smart phones. Many think this could replace the conventional key or card for access control. However, using a phone...
Glass Doors and Access Control Tutorial on Feb 22, 2017
The biggest challenge for many access control systems are glass doors. Here's what happens when a maglock is improperly installed to an existing...
Integrator's Top Selling Cameras 2017 on Feb 13, 2017
8 manufacturers accounted for 80% of the top selling camera lines for ~150 integrator responses. This report demonstrates which brands integrators...
Arecont Lowest Favorability Results on Jan 25, 2017
Given Arecont is 3 time defending integrator choice for worst camera manufacturer, it should be little surprise they had the lowest score in the...
Axis TCO Study Examined on Oct 31, 2016
Axis is doing a full marketing push for a new TCO study, with various Axis divisions and their media partners promoting this TCO study. This...
Top 5 Biggest Access Control Problems 2016 on Oct 06, 2016
New IPVM survey data reveals integrator's top 5 problems with electronic access control: High Cost Complex Doors and Hardware Lowball...
Allegion NDE Wireless Lock Examined on Sep 29, 2016
While wireless locks are one of the hottest areas of access control, two of its biggest challenges are high cost and limited integration with...

Most Recent Industry Reports

IP Networking Course May 2017 on Apr 21, 2017
NOTE: Registration ends this Thursday. This is the only networking course designed specifically for video surveillance professionals plus it...
PureTech Video Analytics Examined on Apr 21, 2017
PureTech's analytics were chosen for a US border protection system (see related post), which the company claims no other analytics vendor was able...
US Border RVSS / Video Analytics System Examined on Apr 21, 2017
US Customs and Border Protection has been rolling out a video analytics-based detection system along the US/Mexico border, with detection ranges...
Beware The "Hit List" Ranking on Apr 21, 2017
The hit list. Kirschenbaum's recent newsletter complained about a 'hit list', bemoaning how a company took aim at ADT. Alas, that's the Google...
Ring Floodlight Cam Tested on Apr 20, 2017
Ring has released their latest entry, the Floodlight Cam, calling it the "Evolution of Outdoor Security", touting motion activated floodlights,...
Lenel President Is Out on Apr 20, 2017
Lenel's challenges continue. Now, Lenel's President is out, suddenly. This follows increasing challenges for the company who has broadly upset...
Dell EMC Surveillance Division Profile on Apr 20, 2017
With revenue growth from traditional IT customers slowing, Dell has set a focus on the security industry as a market where the company can offer...
PatriotOne Deep Neural / Radar Weapon Detection Examined on Apr 19, 2017
The bodyscanner/weapons detection sector has seen several new products, some using advanced approaches like metamaterials (Evolv) or terahertz...
Failing at Marketing, "ALL HIKVISION PRODUCTS" On Sale on Apr 18, 2017
The ballerinas are out. The price cuts are back. Hikvision is struggling to build a premium brand (i.e., 'The Art of Video Surveillance') so...
Axis Network Horn Tested on Apr 18, 2017
We bought and tested the Axis network horn C3003-E, examining setup and calibration, event audio, VMS integration, and sound pressure levels...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact