Just when I had been ranting elsewhere about the perils technology providing a false sense of security, along comes an article on Wired News detailing how Kryptonite (and other circular) locks can be defeated with, get this, a ballpoint pen. They even have a video to prove it.
Once again this a flaw in technology that has been known about and published for a long time, apparently for 12 years and has just come to light in the mainstream public consciousness. In the mean time hackers, in this case thieves, have been busy cracking Kryptonite locks with impunity or more accurately, their Bic pen. More surprisingly Kryptonite are only just coming out with a lock that is immune to the mighty ballpoint pen. You would have thought that a company that brags about the impenetrability (pun intended) would have known about the problem and fixed it a long time ago. It kind of reminds you how many software companies have relied of secrecy to avoid fixing vulnerabilities in their code, only to be outed at a later date when their software has become widely distributed.
Fortunately it appears that since the Wired article was written Kryptonite (as of writing their website is dreadfully overloaded) have launched a worldwide free upgrade offer to anyone owning one of their vulnerable locks. Now being the cynic I am I have to point out that while this may appear an overly generous offer, it is probably not being extended out of generosity, only in the interests of saving them a huge pile of money.
You see with the vulnerability now widely known, anyone can claim on Kryptonite's $3,500 replacement warranty saying that their bike has been stolen by someone using a ballpoint pen which (conveniently) leaves no visible sign of attack. Meanwhile they keep their old bike (or sell it on eBay) and make a healthy profit. So the cost to Kryptonite of not replacing locks could be being inundated by thousands, if not hundreds of thousands of such fraudulent claims and cost them tens of millions of dollars or more. Even without fraudulent claims, imagine the number of thieves who are now trolling the streets specifically targeting any lock that says Kryptonite. It's too bad that people are as predictably dishonest and greedy as corporations - but then if they weren't we wouldn't need locks in the first place!
No comments:
Post a Comment