Security Breach Case Study: A Literal Key to NY City

Author: Brian Rhodes, Published on Oct 04, 2012

How much would it take to bring a city to it's knees? How about $150? It sounds impossible, but that is exactly what has happened in NYC. A major security vulnerability has been exposed with a simple set of keys - a "fireman's key ring" - illegally sold to a newspaper. In this note, we peek into the security firestorm, the backstory, the costs involved to recover from improperly managed 'master' keys, and discuss how to prevent similar events in the future.

The Story

** * ********** ************** ** ******* ************, * ******* ********* (*********) ******* ** **** * *** of ****** **** ********* ******* ** **** ** ** ****** auction. **** ********** *** ** **** ** **** ********, *** to *** ******* ** '***********' **** ** ******* *** ******** common ** *** *********** **** *** ********* ****:

  • ******** ******* ******* ***:**** ******* *** ******** ** **** ** ** ******** ** the ****** ***** *** '****** ***' ** ******* ** ******* during * **** *****. **** ******** ******** ********* **** ******** trapped ****** ****, ** *********** ******* *** **** *** * car **** **** ****** ** **********.
  • ****** **** ****** ***:******* ******* *** **** ** ******* ****** ** ********** ***** of ***'* ****** ******, *** *** ** ****** **** ****** these *****.
  • ******* ******* *******/******: ***** ******** ********** ******* ***** * ****** *** *** quick ****** ** ******* ****** ************ *******.
  • ************ **** *********:******* ** '*********', ******* **** ** *** **** ********** ****** *** *********** holding *** **** *** ****** ************ ******** (* ***** ***** Center *** *****.)

*** *** ****** ** **** ********** *** **** ***** **** in *** '**** ******' ** **** **** ******** ** ***'* **** ********** ***** can ** ******* ******* ************* ** ******* ********** - ****************** **********, *******, ************.

***** ** ******* **** *** **** ***** ** *** *****, selling **** ******** ** * *****, *** *** ****** ****** has **** ***** *** ****** - **** *** ******* *** the *********** ***** ** ** ******** ***********.

The ****

**** ************ ********* ***** *** **** ** **** ***** ** tens ** *********, *********** ** ** ******** ** ********* ** dollars.

******** **** * ****** '****** ***' ***** **** **** ********* locks ********** *** ****, ****** * **** ** * **** can ****** ****** **** ********** *****. ******** **** *** ******* cost ** ********* * ****** **** ** $**-$**, **** *** effort ** ******** **** *** ***** ***** ***** ******* $**,*** - $**,***. **** ******** **** *** ******** *** ********** **** of ********* ****, ********** (** **** *****, ****) *********, *** the ******* ********** ***** ******** ** ********** *** ******* *** work.

Solving *** *******

***** *** ****** ** ******** *** ****** ******** ** *** story, *** ******* ******* ** ****** *** *******. ** ** previously ********* ** *** "*** *** ********** *** *******?" ******, **** **** ********** ****** ** ******** ********** ** also *** ** *** **** ********.

***** ** ********** ** * *** ********** ****** ** ***** by *** ******* *******, ******* ** *** *** ******* **** been **** ** ********** ********* ** **********. ********** ** *** details ** *** ********** ****** ** *****, *** ************ ***** a ********* ** **** ** *** * *** ** ****** keys ****** ***** *** ** ******** ** ***** *** ********** was ** *****.

***** ******** ******** ******, **** * ******** *** (********** * 'master' ***) ** **** ** ****** ** *********** ********, ** at ***** ********** ** ** ******* ****** ******* ********* ******. At *** ***** * *** ** *******, ********** *** ********** action *** ** ***** ** ******* *** *** ** *****/****** affected *****, ****** **** * *************** '****-****' ******** ****** ** fear.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Smartphone Controlled Kevo Lock Tested on May 04, 2017
Smartlocks are a growing market, with millions sold. Kwikset's Kevo is one of the most common choices, using the Unikey smart phone access control...
Dell EMC Surveillance Division Profile on Apr 20, 2017
With revenue growth from traditional IT customers slowing, Dell has set a focus on the security industry as a market where the company can offer...
2Gig Intrusion Megatest (GC2 & GC3 Panels Tested) on Mar 28, 2017
2Gig is one of the most widely used intrusion systems, with two product lines that are the main offering of many alarm companies, huge national...
Lock Keyways For Access Control Guide on Mar 23, 2017
Lock keyways can be the difference between a lock working or not. Understanding keyways is important for access control. Indeed, a member recently...
Unikey Smart Phone Access Control Platform Profile on Mar 21, 2017
More and more people carry smart phones. Many think this could replace the conventional key or card for access control. However, using a phone...
Glass Doors and Access Control Tutorial on Feb 22, 2017
The biggest challenge for many access control systems are glass doors. Here's what happens when a maglock is improperly installed to an existing...
Integrator's Top Selling Cameras 2017 on Feb 13, 2017
8 manufacturers accounted for 80% of the top selling camera lines for ~150 integrator responses. This report demonstrates which brands integrators...
Arecont Lowest Favorability Results on Jan 25, 2017
Given Arecont is 3 time defending integrator choice for worst camera manufacturer, it should be little surprise they had the lowest score in the...
Axis TCO Study Examined on Oct 31, 2016
Axis is doing a full marketing push for a new TCO study, with various Axis divisions and their media partners promoting this TCO study. This...
Top 5 Biggest Access Control Problems 2016 on Oct 06, 2016
New IPVM survey data reveals integrator's top 5 problems with electronic access control: High Cost Complex Doors and Hardware Lowball...

Most Recent Industry Reports

Anti-Hack Access Card Shields Tested on May 26, 2017
Keeping your access control card information secure is becoming a big priority, especially since cheaper copiers can hack details easily. Multiple...
H.265 / HEVC Codec Tutorial 2017 on May 25, 2017
Since 2013, video surveillance professionals have talked about the potential for H.265. Now, in 2017, H.265 is starting to gain mainstream...
Camera Course Summer 2017 on May 25, 2017
Learn video surveillance and get certified. IPVM provides live online classes, recorded videos, personal help, cutting edge education and...
Most Respected Manufacturer Competitors on May 25, 2017
Manufacturers told IPVM what competitor they most respected. In terms of total revenue, Hikvision, Dahua and Axis are certainly tops but would...
CyPhy 'Unlimited' Flight Time Security Drone Examined on May 25, 2017
Drones face several issues as commercial security platforms - legal restrictions (e.g., in the US, the FAA), costs, and limited flight durations...
Milestone Entry Level Mobile Password Vulnerability Disclosed on May 24, 2017
While many manufacturers have only addressed cybersecurity vulnerabilities after public disclosures were made (or threatened), Milestone has...
How Integrators Use IPVM on May 24, 2017
150 integrators explained how they use IPVM and how it helps them stay informed and improve their business.  The 4 main uses integrators cited for...
Alarm Supervision Guide on May 24, 2017
Burglar alarms can constantly monitor the health of attached circuits, sensors, and devices to ensure that they remain operational. This is known...
Arlo Go Cellular Cloud Camera Tested on May 23, 2017
Totally wireless surveillance cameras are growing but almost all typically depend on a hub and local Internet access. However, many outdoor...
Avigilon New COO James Henderson Profile on May 23, 2017
It has been nearly 2 years since the infamous Bryan Schmode 'resigned' as Avigilon COO. Now, Avigilon once again has a COO, promoting James...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact