Open sesame: Smartphone hack for electronic entry systems
Security specialist Michael Gough, best known for his attacks on VoIP systems, appears to have discovered a vulnerability in LAN-attached access control systems. The vulnerability apparently allows electronic locking systems to be opened without authorisation over a network. Working with developer Ian Robertson, Gough has developed an Android app called Caribou which exploits the vulnerability to unlock doors for which an RFID key card would normally be required.
All the Android app requires to carry out a successful attack is the IP address of the access control system. It follows that only systems which are accessible from the web or via Wi-Fi will be vulnerable to this attack. Gough has not revealed precise details of the attack and is working on the problem with US-CERT. He also has no intention of making the app publicly available at this time.
He has, however, posted a video on YouTube which shows the attack being put into practice. Gough has also declined to reveal which specific products are affected by the problem – many different companies sell systems of this type. However, based on the video, the affected systems (cards and readers) appear to be from HID Global. Current advice for people running this kind of system is simply to protect it from being accessed over the internet by placing it behind a firewall.
- My security research discovers major provider of card key systems can be exploited, blog post by Michael Gough.