Two keyless entry door locks vulnerable to unauthenticated requests

By on
Two keyless entry door locks vulnerable to unauthenticated requests

A vulnerability found in two keyless entry door locks enables local attackers to lock and unlock doors as well as create their own RFID badges by sending unauthenticated requests to affected devices.

The exploit was discovered by Secureworks researchers Mike Kelly and John Mocuta and is caused by incorrect access control vulnerabilities in AMAG Technologies Symmetry Edge Network Door Controllers, according to a 9 December security advisory.

Researchers reverse engineered the basic structure of the network communication and found an attacker with network access to bypass physical controls and gain access to a secured physical area, thus changing the scope of affected resources.

The attacker could also inject fake card values, which can then be used to physically bypass the door since the primary function of a door controller is to help control access, researchers said in the advisory.

Researchers reached out to AMAG in April 2017 and by November 2017 had spoken with a company executive who reputedly told the security firm that AMAG would notify its clients prior to the public disclosure of the vulnerability.  

This article originally appeared at

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register


You have to spend $10k on new business hardware. What do you buy?
Collaboration hardware
Enormous monitors
New smartphones
New PCs
Minimum spec Mac Pro for $9,990.
We'd fake some paperwork and have a party instead
View poll archive

Log In

Username / Email:
  |  Forgot your password?