REGISTER MY ACCOUNT
Trending Topics
APTOPIX Trump Inauguration Rehearsal
Inauguration Day 2025: D.C.’s highest security event
Copy of TT Thumbnail Templates (6).png
Public events: Planning for the worst-case scenario
Chemistry Explosion
Hazmat suits: From rudimentary rags to cutting-edge protection
IndianLandFireDistrict.jpg
S.C., N.C. first responders save injured worker in water tower
PlaistowFireRescueEMS.jpg
Fire chiefs launch new paramedic program after N.H. hospital ends ALS service
HonoluluEMS.jpg
Patient faces felony charges after assaulting Honolulu EMS crew
ButteSilverBow.jpg
Mont. firefighters make department history as first paramedics
The wall at the border between USA and Mexico
30 feet to catastrophe: The price of a higher wall — injuries at the U.S.-Mexico border
nashuavalley.jpg
Mass. fire chiefs urge governor to approve nearly $10M for EMS
MilwaukeeFireDepartment.jpg
Milwaukee FD launches new medic unit with reopening of firehouse

Security expert claims he hacked Knox Box

The expert says he was able to reproduce a key to access the security boxes; the company is investigating the claim

March 01, 2013 06:16 AM

SAN FRANCISCO — A security expert says he has identified a flaw in heavy metal boxes that are found outside many locked companies and apartments and warns that criminals can gain access to these businesses by reproducing master keys issued only to firefighters.

The boxes manufactured by Arizona-based Knox Co. are outside of millions of apartment complexes and companies across the country, including cities like Chicago, Atlanta and San Francisco, according to Reuters. Knox is looking into the claim.

Justin Clarke, a cyber security researcher said he was able to create a key that was able to open a Knox Box by ordering a box and blank keys and reproducing the master key that is usually issued to firefighters from the Box.

Knox officials said they were unaware of any safety issues with the boxes and would look into it. An engineer with company said he found the hacking hard to believe.

“I’m not saying that somebody can’t eventually make one, but I haven’t seen it yet,” Knox Engineer Dohn Trempala said.

Clarke claims that because only one master key is issued for firefighters in each city, it is possible for a reproduced key to give criminals access to every box in that city.

Using a metal file, and specific measurements from the box, Clarke says he was able to make a “hacked” key in about four hours.

“A highly motivated criminal with plenty of time on their hands and incredible focus could do this. All it takes is time, focus and intent,” said Clarke told Reuters.

Lock expert Marc Weber Tobias told Reuters he thinks the hack is possible and that Knox can prevent it by changing how it ships its product.

“What he did is not technical. It’s not sophisticated,” Tobias said. “It’s good research. He alerted everybody to a vulnerability.”

Tobias said that Knox should ship its boxes to customers without locks and send the locks directly to the fire department that would then install both the box and lock. Currently, fire departments install the boxes with the locks in place.

The FBI and Department of Homeland Security are also looking into the issue, Trempala told Reuters.

Fire-EMS Safety