floofloof@lemmy.ca to Technology@lemmy.mlEnglish · 8 months agoHackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Secondswww.wired.comexternal-linkmessage-square13fedilinkarrow-up198arrow-down13cross-posted to: hackernews@lemmy.smeargle.fanspulse_of_truth@infosec.pubtechnology@lemmy.zip
arrow-up195arrow-down1external-linkHackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Secondswww.wired.comfloofloof@lemmy.ca to Technology@lemmy.mlEnglish · 8 months agomessage-square13fedilinkcross-posted to: hackernews@lemmy.smeargle.fanspulse_of_truth@infosec.pubtechnology@lemmy.zip
minus-squareZeusbottom@sh.itjust.workslinkfedilinkEnglisharrow-up11·edit-28 months agoIn 2011 I was aghast when I learned a popular keycard / biometric system used FTP to pull down its cleartext list of acceptable keys from the server. The username was something like ADMIN and the password was PASS. And no, that wasn’t the FTP command; that was the password. So I’m not surprised that there are still problems with these devices. edit: more complete thought
minus-squareNOPper@lemmy.worldlinkfedilinkarrow-up5·8 months agoTo be fair to manufacturers for once here, this kind of this is usually due to users not properly securing these systems. The industry is still way behind on proper infosec but they’ve come a long way the last 10 years or so.
In 2011 I was aghast when I learned a popular keycard / biometric system used FTP to pull down its cleartext list of acceptable keys from the server.
The username was something like ADMIN and the password was PASS.
And no, that wasn’t the FTP command; that was the password.
So I’m not surprised that there are still problems with these devices.
edit: more complete thought
To be fair to manufacturers for once here, this kind of this is usually due to users not properly securing these systems. The industry is still way behind on proper infosec but they’ve come a long way the last 10 years or so.