back to article Hackers electrocute selves in quest to turn secure doors inside out

Not every demo at security cons goes off without a hitch: Badass hackers Ryan and Jeremy electrocuted themselves when building what could have been the first device capable of wirelessly exploiting door-opening push buttons. The pair demonstrated the trial and terror process of building the box at the Kiwicon hacking event in …

  1. Dave Harvey
    Headmaster

    They're still alive after electrocution?

    Electrocute = electric + execute:

    verb: To kill by electric shock.

    1. John Geek
      Devil

      Re: They're still alive after electrocution?

      you beat me to the same comment.

      shocking.

      1. Uffish

        Re: They're still alive after electrocution?

        They're a couple of cool cats. (Useless at high voltage engineering, but cool).

    2. daemonoid

      Re: They're still alive after electrocution?

      Back in the late 19th century you would've been right. As ever though, language moves on and those of us who play with electricity occasionally get electrocuted with little more ill effects than spontaneous expletives.

      (OED is in agreement - injure or kill by electric shock)

      1. Ole Juul Silver badge

        Re: They're still alive after electrocution?

        I think the proper word is "shocked".

        1. Antron Argaiv Silver badge
          Mushroom

          Re: They're still alive after electrocution?

          The technical term is "zapped".

          I speak as a practicing EE. It can refer to you (to be avoided) or a circuit (hey, it happens), or, in this case, both.

          It sounds to me like these two bozos know just enough about electricity to be a danger to themselves.

      2. Graham Dawson
        Alert

        Re: They're still alive after electrocution?

        The iee regs disagreed with the oed last time I looked.

        1. HieronymusBloggs Silver badge

          Re: They're still alive after electrocution?

          "The iee regs disagreed with the oed last time I looked."

          Which IEE (now IET) regulation mentions electrocution?

          1. Anonymous Coward
            Anonymous Coward

            @HieronymusBloggs Re: They're still alive after electrocution?

            They don't, which is the entire point. BS 7671 spends a great deal of time discussing "protection against electric shock" rather than electrocution, as the latter is very narrowly defined in regulatory terms.

      3. P. Lee Silver badge
        Mushroom

        Re: They're still alive after electrocution?

        >(OED is in agreement - injure or kill by electric shock)

        It matters not - even by those lax standards, the usage was incorrect. A "tickle" is not an injury, much less death.

        Not that we were hoping for death, merely for clarity.

        1. Charles 9 Silver badge

          Re: They're still alive after electrocution?

          It is for men for whom evisceration is just a flesh wound.

      4. Anonymous Coward
        Anonymous Coward

        Re: They're still alive after electrocution?

        The OED is irrelevant as a reference and far from being the arbiter of correct usage that people think it is because it's merely a record of common usage, not the definer of it. Try Cambridge, Collins, Mirriam-Webster and you'll get a different definition.

        But then "got a bit of a jolt from" doesn't sell newspapers.

        1. HieronymusBloggs Silver badge

          Re: They're still alive after electrocution?

          "Try Cambridge, Collins, Mirriam-Webster and you'll get a different definition."

          All those (Chambers too) define it as killing by electricity.

          Maybe the researchers submitted their report by ouija board.

    3. Charles 9 Silver badge

      Re: They're still alive after electrocution?

      I thought electrocution was what happened when you ran a computer program: use electricity to carry out a job.

    4. chivo243 Silver badge
      Coat

      Re: They're still alive after electrocution?

      +1 for beating us to it...

      but why do .exe's keep living? They are executable no?

      1. Ralph B

        Re: They're still alive after electrocution?

        > but why do .exe's keep living?

        On the contrary, I think you'll find that .exe died in 2000.

        1. AndyD 8-)₹

          Re: They're still alive after electrocution?

          re: I think you'll find that .exe died in 2000.

          RIP

    5. This post has been deleted by its author

      1. GruntyMcPugh Silver badge

        Re: They're still alive after electrocution?

        Sorry Symon, but 'decimate' is misused. There is no appeal to popular use, because it explicitly states the figure. Imagine this, you ask your grocer for four apples, and he gives you three. He says in popular usage Four means Three. Do you accept that? Nope, things with numbers are absolute.

        But then we have 'Ultimate' which merely means the latest in a succession, 'chronic' which means re-occuring over time, not very bad, things that people quite simply get wrong.

        1. This post has been deleted by its author

          1. GruntyMcPugh Silver badge

            Re: They're still alive after electrocution?

            Ah yes, July and August were inserted into the calendar due to popular demand by the plebeians.

            Sorry, was this about common usage, or the ego of Caesar?

            1. This post has been deleted by its author

    6. allthecoolshortnamesweretaken Silver badge
      Coat

      Re: They're still alive after electrocution?

      OMG - Zombie hackers!!!

      (My coat, please - I'm off to re-review the security concept for [redacted].)

    7. BebopWeBop Silver badge
      Unhappy

      Re: They're still alive after electrocution?

      Modern use of electrocution ( In know it annoys me as well)seems to include injury or just as shock

    8. fidodogbreath Silver badge
      Headmaster

      Re: They're still alive after electrocution?

      Elocution = eloquence + execution.

      EX: "His flawless elocution slayed me."

  2. Mark 85 Silver badge

    Well, in all fairness.. they had fun, no one had permanent damage. Still, with a bit of engineering and selecting the proper parts (ones that don't let the smoke out easily) this could become a real nightmare for physical security.

  3. Anonymous Coward
    Anonymous Coward

    Why didn't they just use a comb?

  4. Christian Berger Silver badge

    There are actually guns available for this kind of thing

    They are commonly used for testing devices, but obviously you can trigger them and do other things with them.

    1. Anonymous Coward
      Anonymous Coward

      Re: There are actually guns available for this kind of thing

      Redneck hacking. It's a thing!

  5. Anonymous Coward
    Anonymous Coward

    Did they cross the streams then?

  6. Prst. V.Jeltz Silver badge

    a picture of the "push to exit" button might be helpful - cos im pretty sure no electromagnet would work on the ones at my office . or my house.

    ( i think im saying ' i dont get it' )

    1. Anonymous Coward
      Anonymous Coward

      From the last picture, I'm guessing maybe these are "touch to exit" capacitive *touch* switches - rather than physcial switches.

      Hence why high voltage/high frequency fields can mess with them.

  7. This post has been deleted by its author

    1. DainB Bronze badge
      WTF?

      Re: "then increased the amount of electrons running through their prototype."

      "they increased the speed of the electrons (current)"

      They did WHAT ?

      1 Ampere is the flow of electric charge across a surface at the rate of 1 Coulomb per 1 second.

      1 Coulomb is equivalent to the charge of approximately 6.242×10^18 protons.

      To increase current to 2 A you need 2 Coulombs per second, which means you need double amount of protons. To fit all those protons you need thicker wire, not longer.

      1. This post has been deleted by its author

        1. DainB Bronze badge

          Re: "then increased the amount of electrons running through their prototype."

          Seriously, get a physics book or something.

        2. Anonymous Coward
          Anonymous Coward

          Re: "then increased the amount of electrons running through their prototype."

          SI units expressed as abbreviations can be and are capitalized. In fact, they MUST be capitalized if named for a person. The Coulomb (C) is named for Charles-Augustin de Coulomb. Same for the (James) Watt (W), (William Lord) Kelvin (K), (André-Marie) Ampère (A), and (Alessandro) Volt(a) (V), among others.

          1. Julian Bradfield

            Re: "then increased the amount of electrons running through their prototype."

            Wrong. The abbreviation is capitalized; the full unit name is not. From the SI Brochure:

            Unit names are normally printed in roman (upright) type, and they are treated like ordinary nouns. In English, the names of units start with a lower-case letter (even when the symbol for the unit begins with a capital letter), except at the beginning of a sentence or in capitalized material such as a title. In keeping with this rule, the correct spelling of the name of the unit with the symbol °C is "degree Celsius" (the unit degree begins with a lower-case d and the modifier Celsius begins with an upper-case C because it is a proper name).

          2. J.G.Harston Silver badge

            Re: "then increased the amount of electrons running through their prototype."

            C W A etc aren't abbreviations of SI units, they are the *SYMBOLS* of SI units.

        3. J.G.Harston Silver badge

          Re: "then increased the amount of electrons running through their prototype."

          It's not degrees Celsius, it's Celsius.

          1. anonymous boring coward Silver badge

            Re: "then increased the amount of electrons running through their prototype."

            It's degrees Celsius, shortened to Celsius.

    2. eldakka Silver badge
      Stop

      Re: "then increased the amount of electrons running through their prototype."

      " increased the speed of the electrons (current). They did this by pushing them harder (voltage)"

      Anyone else need a cold shower after reading that?

      1. anonymous boring coward Silver badge

        Re: "then increased the amount of electrons running through their prototype."

        " increased the speed of the electrons (current). They did this by pushing them harder (voltage)"

        Oh, my lord!

        I missed that and you just had to point it out!

  8. Asylum_visitor

    When I was at school some kid died from investigating an electrical outlet, the headmaster 'told us all his family were deeply shocked.' I got detention for laughing :\

  9. Tinslave_the_Barelegged Silver badge
    Pint

    Missed opportunity, ElReg

    > 'Please don't tell my wife about this' says one, as arcs thrill Kiwi crowds

    Had this demo been at NZ's WETA workshop, that could have been:-

    'Please don't tell my wife about this' says one, as orcs thrill Kiwi crowds

  10. Inventor of the Marmite Laser Silver badge

    "Others interested in the field could leverage their work,"

    Bloody management twatspeak again. What's wrong with "USE"?

    1. Anonymous Coward
      Anonymous Coward

      Re: "Others interested in the field could leverage their work,"

      The word "USE" doesnt demonstrate out of the box bluesky thinking. Obviously.

      To succeed on the world of business you need to synergise your ability to not only look like a twat but sound like one as well.

      Using bourgeoise simple English doesnt make you stand out during the scrum during or following a two week sprint.

      You often need to stand out as a developing talent to maximise your growth potential.

      Isn't it obvious?

      Now you can move forward and help your team improve the deliverable to generate the desired result plus or minus 10% of the actual deliverable regardless of time or budget constraints.

      Management speak...the closest thing white people have to Hip Hop.

      1. fidodogbreath Silver badge

        Re: "Others interested in the field could leverage their work,"

        Using bourgeoise simple English doesnt make you stand out during the scrum

        Actually, I think it would make you stand out, as you'd be the only one doing it.

    2. eldakka Silver badge
      Alien

      Re: "Others interested in the field could leverage their work,"

      The way I'd use USE vs LEVERAGE is in how modified the resultant product/process is.

      If I USEed it, then it's basically a copy, with little or no modification from the original.

      If I LEVERAGED their work, then I'd be using it as the basis or as useful input into a significantly modified version.

      Disclaimer: NFI if it is dictionary correct, but it is how I'd use it and what I'd take it to mean.

      1. Anonymous Coward
        Anonymous Coward

        Re: "Others interested in the field could leverage their work,"

        "Disclaimer: NFI if it is dictionary correct, but it is how I'd use it and what I'd take it to mean."

        You mean leverage?

      2. Glenturret Single Malt

        Re: "Others interested in the field could leverage their work,"

        As long as you pronounce it leeverage and not bloody American levverage.

  11. Anonymous Coward
    Anonymous Coward

    No need for the open button

    The secure doors in our offices are held shut by electromagnets, I'd imagine if you put that device near them, you'd burn out their coils too, opening the door.

    1. Tom 7 Silver badge

      Re: No need for the open button

      A place I worked in had those electromagnetic doors and swipe cards fitted. First day I just walked through four of them on the way to the computer room as they decided not to put them in the same place as the old doors and I walked through them in the dark of an early morning start. Once the boss had recovered from the shock of finding me in the computer room and giving me a swipe card for the doors I tried crashing them again. Didn't seem to work so I guess ignorance is bliss.

  12. Anonymous Coward
    Anonymous Coward

    One of the companies that I work with has these touch to exit buttons on their doors, we found by accident that a handheld radio transmitting 5W on 430 mhz usually opened the doors within 3 seconds of keying up (from about 4 feet away), when it failed to open the doors the sensor was stuck in a locked state where it would no longer respond to touch until it was powered off and on again.

  13. imanidiot Silver badge

    Isn't that a feature?

    I thought any good prototype was supposed to go up in smoke when you turned the dial to 11? Ironing out the bugs and putting in irksome limitations on power is something to be done for production models.

  14. Velv Silver badge
    Boffin

    Push The Button To Exit

    Which is one of the reasons good security doors require you to authenticate every time you open the door no matter which way you are transiting.

    Even more securely some of them will have mechanisms to attempt to ensure only one person can transit at a time, although not being the svelte athlete I once was I have fallen foul of one suggesting there were two people inside :(

    1. Clive Galway

      Re: Push The Button To Exit

      "Which is one of the reasons good security doors require you to authenticate every time you open the door no matter which way you are transiting."

      Aren't there laws against that? Doesn't sound very safe to me.

      1. Charles 9 Silver badge

        Re: Push The Button To Exit

        What if there's a fire? Under most fire codes, any obvious egress must be allowed to open easily from the inside, even without power, in the event a fire knocks out the power (this is due to the panic inherent in a fire; people swarm to the nearest exit regardless of its purpose). Probably why the locks are electromagnetic (active, meaning they only hold while power is applied).

        I'd like to know how a high-security compound meshes with the fire code.

        1. Kernel

          Re: Push The Button To Exit

          "I'd like to know how a high-security compound meshes with the fire code."

          In the most obvious way possible - all the buildings I've worked in that require swipe to exit, or even just pushing a button to exit, automatically release the door magnets when the fire alarms are activated.

          1. Cameron Colley
            Flame

            Re: Push The Button To Exit

            Fire? "Break glass to exit" buttons were used a place I used to work -- not sure whether they were alarmed or not as I only saw then used during the first fire drills after they were fitted, to ensure they worked as expected. Either that of you have fire buttons or just "normal" fire exit doors anyhow which are alarmed. The type of exit being used depending upon the type of security layers the building has (Secure office only, secure lobby only, secure compound...).

          2. Charles 9 Silver badge

            Re: Push The Button To Exit

            "In the most obvious way possible - all the buildings I've worked in that require swipe to exit, or even just pushing a button to exit, automatically release the door magnets when the fire alarms are activated."

            What I'm wondering is how they safeguard against someone sneaking in through these doors DURING a fire, hiding, and then rummaging in the chaos (because we can't rule out someone committing arson in order to commit high-class espionage).

            1. ChrisBedford

              Re: Push The Button To Exit

              What I'm wondering is how they safeguard against someone sneaking in through these doors DURING a fire, hiding

              Huh? With a human guard of some type stationed at said door?

              Security sections aren't all complete idiots. I know the average rent-a-cop walking around with an ill-fitting uniform is a minimum-wage, minimum-IQ drone, but any company worth anything meaningful has somebody with a bit of brains in charge of the loss control department.

              1. Charles 9 Silver badge

                Re: Push The Button To Exit

                So security guards stay at their posts even in the event of a fire? Like I said, the spy may be willing to risk burns for high-value data, but the rent-a-cop?

    2. anonymous boring coward Silver badge

      Re: Push The Button To Exit

      "Which is one of the reasons good security doors require you to authenticate every time you open the door no matter which way you are transiting."

      Sounds like an excellent idea when a fire breaks out.

      1. A K Stiles

        Re: Push The Button To Exit

        Used to work in a building like that - rotating doors with single person sized vestibules that would turn just enough to allow one person through after a successful swipe from either side (it turned in opposite directions depending which side was swiped), and a general kicking if you didn't have matching ins and outs on the daily audit. If you tried to tailgate someone, you'd get stuck in the enclosed vestibule area, and it wasn't possible to transit the other side of the door - don't remember quite how it worked but we did consider it in detail at the time.

        Right next to the rotating door was a large hinged door (glass) that was always locked, except when the fire alarm went off, when it would automatically release so everyone could just flood out quickly. took over 15 minutes to get everyone back in to the building through the rotating door once the alarm was over.

        1. ChrisBedford

          Re: Push The Button To Exit

          rotating doors with single person sized vestibules that would turn just enough to allow one person through

          Unbelievably annoying to try getting through this type of door (let's just call it what it is: a turnstile) with anything larger than a Tupperware lunchbox in your hand. Totally forget a substantial toolbox. Cue up the just as annoying bureaucratic process of getting clearance to bypass the turnstile and use the large (fire escape) door, after security has overridden the alarm, blah blah blah yawn...

  15. rob_leady
    Pirate

    There's always an easy way in...

    At a former workplace, we had fun one day, when the card reader controlling access to the computer room decided it wasn't going to work anymore.

    Fortunately, whoever installed the door control system mounted the box that controlled everything outside the computer room. Once I'd figured out which of the connector blocks went to off to the door exit button, it took a couple of seconds with a paper clip to get the door open.

  16. Stevie Silver badge

    Bah!

    Why do you need a computer to run a HV coil "at different frequencies"? Wouldn't a Bakelite knob do the job?

    I don't suppose anyone noticed that any radio, like the sort carried by security guards, would likely be fizzing and crackling and giving the game away as their hunchback threw the third switch?

    1. Destroy All Monsters Silver badge

      Re: Bah!

      You can put it down to UFOs.

  17. J.G.Harston Silver badge

    "Badass hackers Ryan and Jeremy electrocuted themselves"

    When's the funeral?

  18. jimdandy

    A big hammer would have done the job on those doors without so much fuss.

    And as far as "electrocution" goes, an average human body can deal with a few milliamps of relatively low voltage without death occurring. Jack the voltage up enough and you'll get the "skin" effect where the current will not pass through the blood vessels and nerves, but across the skin/surface as it will then have less resistance than the internal body parts. Doesn't mean you won't get horrific burns, but at 35kv I've known a few workers who only needed a few weeks and some plastic surgery to return to work. They usually chose a slightly different assignment. And of course, some others didn't do so well.

    If the current exceeds 200-300 milliamps (across the body and through the heart), most people will die quickly due to cardiac arrest. At higher amperage, most of the ones whose internals are cooked don't last very long afterwards.

    I'd go back to using the big hammer.

    1. W4YBO

      A big hammer would have done the job on those doors without so much fuss.

      Either a big hammer, or a little automatic centerpunch.

  19. Pete Hinch

    The skin effect is not a consequence of voltage. It occurs when a high frequency alternating current passes through a conductor.

  20. anonymous boring coward Silver badge

    They seem to have no idea wtf they are doing..

    Not recommended if you want to live.

    1. ChrisBedford

      They seem to have no idea wtf they are doing

      I think it's more like the person who wrote the article had no idea wtf they [the hackers] were doing, and wrote a dumbed-down version of the story as s/he understood it. Resulting in making the whole thing incomprehensible, but it's hardly the first news article I've read that is guilty of that.

  21. Richard Pennington 1

    Wouldn't it be easier to use the device to melt its way through the window?

  22. Kevin McMurtrie Silver badge
    Boffin

    Missing flyback cap?

    I wonder if they remembered to bypass the flyback transformer driver with a small amount of capacitance. That captures flyback from nearby inductance and feeds it back into the flyback transformer a moment later. Without it, the driver sees nearly infinite voltage and arcs or avalanches (semiconductor version of arcing over). The EM pulse from that will kill pretty much any nearby semiconductor.

    Avalanching or arcing to create EM pusles is the eventual goal, but you don't want it INSIDE your circuit.

  23. harmjschoonhoven
    Mushroom

    Re: Several pieces of equipment melted

    At Los Alamos National Laboratory they have explosively pumped flux compression generators, devices used to generate a high-power electromagnetic pulse by compressing magnetic flux using high explosives. EPFCGs are intended to selfdestruct.

    1. Charles 9 Silver badge

      Re: Several pieces of equipment melted

      And IIRC that was based on the EMPs they notices when conducting atomic and then fusion bomb tests. I wonder if they've found a way to deal with the EMP a high-powered A- or H-bomb detonating 20 miles or so over South Dakota would make.

  24. JamieL
    Holmes

    Emergency stop buttons - that unstated weakness

    Reminds me of a firm I worked for who had installed so much tech in their building that the power supply couldn't handle it. Never mind, get a big container genny in the car park. And, since the tech is more important than kettles and lights and stuff, leave the computer room on the main power and wire the rest of the building into the genny.

    All was fine until some kids in the car park one evening wondered what happens when you press the big red button.... genny winds down, all the doors pop open!

    More worryingly, how many times have you driven past critical locations (cell towers, office blocks) and seen cooling fans on the outside with that appealing big red button. Press a few and you can be long away before the kit on the other end overheats and services start dropping.

    1. Anonymous Coward
      Anonymous Coward

      Re: Emergency stop buttons - that unstated weakness

      Unfortunately, when you're dealing with anything of an inherently-dangerous nature (like petroleum or high-current electricity), the Panic Button is kinda necessary. Better all the doors open than the current causes the building to burn to the ground, you know. When you're at the point you have to actually USE a Panic Button, security isn't the biggest of your concerns anymore.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019