13 comments

[ 2.9 ms ] story [ 40.9 ms ] thread
This one literally hits close to home since our building uses them and has been dealing with break-ins recently. --I don't think the thieves around here are smart enough to figure out how to exploit this vulnerability vs just ringing numbers until somebody lets them in, but we can't know for sure yet.
When does your door camera come on? Won't you see who is doing this?
Most people here don't have a screen to see who's at the door - it was a pretty significant cost to upgrade to that. As a result, not every floor even has the necessary hardware installed for people to install them after the fact.
It's laughable really - it is how "hacking" is pictured in low budget movies... a device firing every combination at the lock!
(comment deleted)
‚NFC bug‘… that’s very generous of TechCrunch haha
A company named "Aiphone"?!

I can't believe Apple isn't suing them for similarity in name to iPhone.

They're a 70 year old company, with over 50 years in North America...
Are they unable to patch a rate limit into it?

It also seems incredibly incompetent to create a password system that doesn't have a rate limit as a basic precaution against brute force attacks to begin with.

There's no way to update the firmware on these devices, at least not without soldering on a connector first.
4 digits. Amazing.
The researchers missed a great opportunity to make the app look like John Connor’s debit card and access card hacking tool in Terminator 2!
This reminded me of a hack/cheat someone implemented for a video game called Rust (Rust is a multiplayer survival FPS where players can build bases). The game has code locks on doors, 0000-9999. What the person did was isolate the network packet sending one attempt at the code lock, and the using networking tools and a bit of automation, sent a stream of all possible permutations towards the server. Apparently people who were in the vicinity of a person employing this cheat heard a steady stream of beeps (each attempt did a short beep noise), and then inevitably the combination was found and the lock was cracked... if I recall correctly it took less than 6 minutes for it to go through all attempts and gain access to another player's base, and their treasures. After the developers heard of it, they implemented rate limiting and a small amount of 'shock' damage to the player to resolve the issue.