Automatic doors could also be hacked. I am sure you are pretty amazed by my first line but it is true. Doors used in secure areas likes airports, hospitals, government facilities and other organizations can easily be hacked due to a vulnerability in networked door controllers.
According to Ricky Lawshae, a researcher with Trend Micro's newly acquired DVLabs division, the security flaw exists in the VertX and Edge lines of door controllers from HID Global, manufacturers of smartcards, card readers and access control systems.
The problem lies in the HID's VertX and Edge controller which can be remotely controlled over the network and have a service called discoveryd (discovery daemon) that listens to UDP probe packets on port 4070.
When it receives a packet, the door controller automatically responds with its physical MAC address, device type, firmware version and other identifying information, like the human readable name that was assigned to it.
"Since the device in this case is a door controller, having complete control includes all of the alarm and locking functionality," Lawshae said in a blog post. "This means that with a few simple UDP packets and no authentication whatsoever, you can permanently unlock any door connected to the controller."
HID have been informed about the flaws, and they are working to release the patch as soon as possible, but probably it will take a long to reach all customers or it might reach everyone ever.
According to Ricky Lawshae, a researcher with Trend Micro's newly acquired DVLabs division, the security flaw exists in the VertX and Edge lines of door controllers from HID Global, manufacturers of smartcards, card readers and access control systems.
The problem lies in the HID's VertX and Edge controller which can be remotely controlled over the network and have a service called discoveryd (discovery daemon) that listens to UDP probe packets on port 4070.
When it receives a packet, the door controller automatically responds with its physical MAC address, device type, firmware version and other identifying information, like the human readable name that was assigned to it.
"Since the device in this case is a door controller, having complete control includes all of the alarm and locking functionality," Lawshae said in a blog post. "This means that with a few simple UDP packets and no authentication whatsoever, you can permanently unlock any door connected to the controller."
HID have been informed about the flaws, and they are working to release the patch as soon as possible, but probably it will take a long to reach all customers or it might reach everyone ever.