Posted 03.17.2011 at 4:36 pm
7 Comments
Caribou Hacking App
Michael Gough
White-hat hackers (that's the good, helpful kind) Michael Gough and Ian Robertson have created an Android app that's capable of breaking into the very popular cardkey-type door locks with a single click. It's not foolproof, since it requires some information about each cardkey system that not everyone will have, but it's still pretty amazing/uncomfortable.
The app (which is not in the Android Market, so don't even bother looking for it) is called Caribou, and relies on a vulnerability in these sorts of security systems that allows them to be unlocked remotely. It's actually a surprisingly lo-fi sort of app: You have to input the IP address of the system you're trying to hack, and then the app will perform a brute force attack (basically trying every single possible combination) until it lands on the correct one. Then the app will unlock the door for 30 seconds while you scoot inside the not-so-secure door.
This isn't exactly cause for panic--more of a warning to those in charge of security system upkeep to make a few easy changes to block this sort of attack. For one thing, if the data the app needs to access is simply behind a firewall, the app won't be able to access it. Some lackadaisical systems make the error of leaving it out in the open for anyone to swipe, which this app does ably.
There's also the small problem of the app needing the IP address of the door it's trying to unlock. It's not clear whether that information is easily obtained, but the fact is that it has to be obtained, somehow. You can't just walk up to any door and hit a button; there needs to be some recon work to secure the IP addresses first. Still, it's a nice illustration of a weakness in this sort of security system, and the team is actually working with US-CERT (the U.S. Computer Emergency Readiness Team) to ensure that the loophole is patched.
[CyberSecurityGuy via Engadget]
7 Comments
To comment, please Login.
Popular Tags
Technology
|
|
|
|
|
|
June 2013: American Energy Independence
Five amazing, clean technologies that will set us free, in this month's energy-focused issue. Also: how to build a better bomb detector, the robotic toys that are raising your children, a human catapult, the world's smallest arcade, and much more.
Popular on Popsci
Most Commented
Technology
- Defense Distributed's Cody Wilson On Being Told To Remove 3-D Printed Gun Plans: "We Win"
- Thieves Stole $45 Million From ATMs Because The U.S. Uses Absurd 40-Year-Old Technology
- A California State Senator Is Trying To Outlaw 3-D Printed Guns
- 2013 Invention Awards: Family Flier
- Autonomous X-47B Jet Fighter Makes Historic First Launch From An Aircraft Carrier
- U.S. Navy Spends $37 Billion On A Ship That Barely Works
- Time-Lapse GIFs Show Earth Transforming Over 25 Years
- How To Turn An AK-47 Into A Soup Ladle
- America's Road To Energy Independence, Part 1
- Iran Unveils Absurd New Stealth Drone
Most Emailed
Technology
- IBM's Watson Is Bringing "Cognitive Computing" to Customer Service
- Russia Is Building Robots To 'Neutralize' Terrorists
- NASA Invests In 3-D Food Printer For Mars Missions
- Oklahoma Students Design Drones That Can Fly Into Tornadoes
- Russia's 'Space Ark' Returns All Of Its Lizards And Half Its Mice Safely To Earth
- Google Maps Helps People Find Families They Lost Decades Ago
- Norwegian Geologists Begin Drone-Guided Quest For Oil
- Another Big Milestone For The X-47B: Its First Touch And Go Landing
- South Pole Lab Detects Elusive Deep-Space Neutrinos For The First Time
- Yahoo! Officially Acquires Tumblr For $1.1 Billion
Most Viewed
Technology
- IBM's Watson Is Bringing "Cognitive Computing" to Customer Service
- Russia Is Building Robots To 'Neutralize' Terrorists
- NASA Invests In 3-D Food Printer For Mars Missions
- Oklahoma Students Design Drones That Can Fly Into Tornadoes
- Russia's 'Space Ark' Returns All Of Its Lizards And Half Its Mice Safely To Earth
- Google Maps Helps People Find Families They Lost Decades Ago
- Norwegian Geologists Begin Drone-Guided Quest For Oil
- Another Big Milestone For The X-47B: Its First Touch And Go Landing
- South Pole Lab Detects Elusive Deep-Space Neutrinos For The First Time
- Yahoo! Officially Acquires Tumblr For $1.1 Billion
Online Content Director: Suzanne LaBarre | Email
Senior Editor: Paul Adams | Email
Associate Editor: Dan Nosowitz | Email
Assistant Editor: Colin Lecher | Email
Assistant Editor: Rose Pastore | Email
Contributing Writers:
Rebecca Boyle | Email
Kelsey D. Atherton | Email
Francie Diep | Email
Shaunacy Ferro | Email
Today on PopSci.com
Copyright © 2012 Popular Science
A Bonnier Corporation Company. All rights reserved. Reproduction in whole or in part without permission is prohibited.
Thank god for the white hats. Without them everything would probably have a easy to access loophole.
Give me a sledge hammer and I'll get through pretty much any door too... except no IP address required :)
Just for fun put them into a faraday cage so they cant back out.
This article is equal to the "Screaming Canary in the Coal Mine". The USA Government and USA Infrastructure and Business better wake up and stop allowing smart, intelligent devices on their premises… Any country with money, dedicated time, programmer and resources will be hacking and walking into our closed doors at anytime now. China is already HACKING our country constantly on a daily basis. Do we need our Nuclear Power Plants to be HACKED or some other USA Infrastructure or Business to be HACK and cause disaster? There are intelligent crazy people and governments in this world who do bad things, simply because they can. I do not think any smart intelligent device should be allowed on a Military Government Facility, USA Infrastructure or Business unless specifically approved by that facility.
LOL @BubbaGump
lnwolf41
A better target are all the new cars that can be unlocked, started with your phone. No more slim-jims just use a smart phone to steal the car.Then put on a jammer so On-star can't stop or track the car.
@BubbaGump. Yeah, it's gonna be like (I forget it's name, so I'm just gonna guess) Live Free Die Hard!