Other issues in this category (12)
A door key as an anachronism
Friday, July 22, 2016
An anachronism is a thing or phenomenon that doesn't belong in the period in which it exists.
It wasn’t too long ago that thieves used picklocks to open doors.
Times change, and so do the tools.
A smart home is likely to open the door for its master automatically. Today, even hotel room doors can be opened with a card. How convenient!
A severe vulnerability was discovered in HID’s door controllers. Criminals can exploit it to remotely disable alarms and turn electronic locks. The problem is caused by a feature that enables administrators to change the LED blinking pattern. The blink program command is issued with an argument that determines how many times the LED should blink. Once the argument is received, it is inserted into the Linux command prompt and then the system is called to run the command.
The developers have not provided a validation routine that would filter out arguments that aren't numbers, so the system routine will execute anything. Attackers can insert other commands that will all be executed using administrator permissions.
A criminal entered a hotel room using a special device that exploits a vulnerability in Onity locks. Twenty-seven-year-old Matthew Allen Cook, who had a previous criminal record of burglary and theft, was charged with breaking and entering. The police found the man after he pawned a laptop stolen from the hotel.
Do you know how the burglar learned about the vulnerability? Did he invest a lot of time and effort in examining the firmware in card readers used by hotels?
The lock system vulnerability was originally showcased at the Black Hat Security conference where Cody Brocious showed how a device costing less than $50 could be used to open any Onity door—according to Forbes, these doors are used in four million hotel rooms worldwide.
The vulnerability can be exploited using the lock's socket, which is used by hotel staff to charge its battery and program the lock with the specific hotel sitecode. This 32-bit key is used to identify the hotel. A hacker can plug a portable device into the socket and read the key from the memory. Then the device returns the key to the lock and the door opens.
The Anti-virus Times recommends
Times change, and for criminals, change means new opportunities. We will never again be able to trust smart door locks. And what device controls a smart home and the locks that open its doors? That's right—a smart phone. And you’ve probably already heard a lot about how intruders get access to these.