Friday, March 18, 2011

Caribou and Cardkey Door Control Systems

Caribou is a proof of concept exploit application that targets cardkey systems like the prox cards that you're likely familiar with from parking lots, apartment complexes, and possibly your entry access system at your employer.

Per the site and demo:

"By providing Caribou only with the IP address of the target cardkey device, a single-button "Unlock" will access the cardkey system, unlock all available doors in sequence, allow 30 seconds for entry, and then re-lock all those same doors. Caribou has the capability of performing a brute-force of any customized security PIN used with the system."
While the proof of concept code isn't provided, the speed with which is unlocks the door indicates that the keyspace for the pin is likely relatively small, and the author provides a series of tips on securing HOA and other common spaces that use devices of this type. The most important item is the common sense (but often ignored) need to place the entry access system on a private network so that it can't be brute forced via open wireless or wired networks.

No comments: