IP-Based Card Security Keylocks Cracked by Android App - 'Caribou'

This is a discussion on IP-Based Card Security Keylocks Cracked by Android App - 'Caribou' within the Android News forums, part of the Android.net category; Above is a fairly scary demonstration of just how powerful an Android app can be. Security researcher Ian Robertson, has created an Android app called ...

Results 1 to 4 of 4

Thread: IP-Based Card Security Keylocks Cracked by Android App - 'Caribou'

  1. #1
    Editor in Chief dgstorm's Avatar
    Join Date
    Dec 2010
    Posts
    4,720
    Thanked
    711 times

    IP-Based Card Security Keylocks Cracked by Android App - 'Caribou'


    Above is a fairly scary demonstration of just how powerful an Android app can be. Security researcher Ian Robertson, has created an Android app called 'Caribou', that has the ability to easily bypass security on the wide-spread Cardkey door control systems. These are systems in place in numerous places, like office buildings and hotels.

    The app can even remotely take over all the doors of a Cardkey system! In fact, to further scare the 'bejeezus' of of us, here's a quote from his website at cybersecurityguy.com,
    ...with the IP address of the target cardkey device, a single-button "Unlock" will access the cardkey system, unlock all available doors in sequence, allow 30 seconds for entry, and then re-lock all those same doors. Caribou has the capability of performing a brute-force of any customized security PIN used with the system.
    Lest you think that we are supporting cyber-thievery here on the website, please realize that Mr. Robertson is paid to do this professionally. Here's what his website further elaborates that he and his partner, Michael Gough, are
    ...actively engaged with US-CERT and the manufacturers in order to improve the security of the products and provide better documentation and instructions to system installers.

    Caribou is a proof-of-concept and is not available to the public.
    It's still pretty incredible to ponder just how powerful 'Andy' really is. James Bond would use Android.

    Source: Cybersecurityguy.com
    Last edited by dgstorm; 03-15-2011 at 11:43 AM.

  2. Android.net is the premier Android Forum. Registered users do not see these ads. .

  3. #2
    Android Enthusiast RayBan's Avatar
    Join Date
    Jan 2011
    Posts
    312
    Thanked
    19 times
    thanks for this dgstorm -- i forwarded this to the community manager here. we use this type of security door in our community. it's 100% gated so that's the only thing separating us from the rest of the world.

    brute forcing can be a real pain to defend against if you have a seasoned hacker who knows how to ghost and auto-relay IPs... but if the ip is static it's a no-brainer to block thankfully.

    the simplest defense for a static IP brute force attack is to setup server logs (if they already aren't) and setup a loop to continually query the log files for failed login attempts from the same IP and then just block that IP after x number of failed attempts. can be done in a variety of programming languages.
    Last edited by RayBan; 03-16-2011 at 11:00 PM.

  4. #3
    Android Lurker ckb1985's Avatar
    Join Date
    Mar 2011
    Posts
    1
    I would like to get my hands on this app so I can see if it works on the hardware I have to trouble shoot on a daily basis.

  5. #4
    Android Enthusiast RayBan's Avatar
    Join Date
    Jan 2011
    Posts
    312
    Thanked
    19 times
    Quote Originally Posted by ckb1985 View Post
    I would like to get my hands on this app so I can see if it works on the hardware I have to trouble shoot on a daily basis.
    question: are you the network administrator?

    ... because this has *nothing* to do with hardware. it's all *network* based.

    and there is nothing that this app does that can't also be done from a terminal on a computer using readily available security tools. ... any system admin should know without thinking twice whether or not his/her system is vulnerable to brute forcing or not. and the defenses are literally a google search away.

    in short, there is no reason that i can see for anyone to have this tool for "troubleshooting" purposes... hence why it's not available to the public.
    Last edited by RayBan; 03-17-2011 at 03:33 PM.

Remove Ads

http://www.scramblerducati.org/

Sponsored Links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Similar Threads

  1. {New Recovery} Raidzero's Custom SPR-based RZRecovery
    By huskerkate in forum Android Rooting
    Replies: 27
    Last Post: 04-21-2011, 06:05 PM
  2. Replies: 2
    Last Post: 03-10-2011, 02:56 PM
  3. Replies: 2
    Last Post: 02-08-2011, 04:16 PM
  4. Virgin Mobile Gets Android-based LG Optimus V
    By wicked in forum Other Carriers
    Replies: 1
    Last Post: 02-03-2011, 11:21 PM

Search tags for this page

android app caribou
,
android caribou
,
caribou android
,
caribou android app
,

caribou android app download

,

caribou android download

,
caribou app
,

caribou app download

,
caribou download android
,
caribou download app
,
caribou for android
,
caribou for android download
,
download caribou android
,
download caribou android app
,
download caribou app
Click on a term to search our sites for related topics.
Android Forum