There are many things that do-it-yourself prototyping platforms can be used for, and Cody Brocious has shown how a particularly popular one can be used to break the law.
The man didn't actually break the law. Instead, he demonstrated how one might do so using components worth just $50 / 41 Euro.
Mozilla brought him to work on
Boot to Gecko and he held a
presentation at the annual Black Hat conference in Vegas.
For those unfamiliar with the event, Black hat is a convention taking place between July 21 and July 26 (tomorrow).
Brocious's device, used by a reporter from Forbes, was able to open one out of three locks made by Onity.
The attack is possible due to the DC jack on the underside of the lock, which can reprogram the doors and has direct access to the lock's memory, where the numeric key needed to release the latch is stored (and not very well encrypted).
It is the designer's hope that manufacturers will make up for this oversight before lawless people pick up on the technique, if they haven't already, in which case haste is called for.
It will help that the source code and the design for the unlocker will be published online, along with a research paper on how the locks work and why they aren't safe enough.
Truly, Onity probably isn't having the best time right now, but that may just because the hacker didn't get around to making an unlocker that worked on other types of locks.
At any rate, if one out of three Onity locks is weak to such intrusion, that means that around three million doors in the US are vulnerable.
We are sure the United States will be thankful for this heads up as to how safety may be enhanced. It may not apply to situations where terrorists and
non-terrorist shooters cause death and panic, but better burglar defense is still an improvement.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
