Two keyless entry door locks vulnerable to unauthenticated requests

By on
Two keyless entry door locks vulnerable to unauthenticated requests

A vulnerability found in two keyless entry door locks enables local attackers to lock and unlock doors as well as create their own RFID badges by sending unauthenticated requests to affected devices.

The exploit was discovered by Secureworks researchers Mike Kelly and John Mocuta and is caused by incorrect access control vulnerabilities in AMAG Technologies Symmetry Edge Network Door Controllers, according to a 9 December security advisory.

Researchers reverse engineered the basic structure of the network communication and found an attacker with network access to bypass physical controls and gain access to a secured physical area, thus changing the scope of affected resources.

The attacker could also inject fake card values, which can then be used to physically bypass the door since the primary function of a door controller is to help control access, researchers said in the advisory.

Researchers reached out to AMAG in April 2017 and by November 2017 had spoken with a company executive who reputedly told the security firm that AMAG would notify its clients prior to the public disclosure of the vulnerability.  

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

Have you adopted agile methodologies?
Yes - And it made a big different improve productivity
Yes - But it's not made a big difference to productivity
No - But we're thinking of giving it a try
No – We’re happy with our current methods
No - Because it is a stupid idea and a fad
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?