IP-Based Card Security Keylocks Cracked by Android App - 'Caribou'
This is a discussion on IP-Based Card Security Keylocks Cracked by Android App - 'Caribou' within the Android News forums, part of the Android.net category; Above is a fairly scary demonstration of just how powerful an Android app can be. Security researcher Ian Robertson, has created an Android app called ...
-
Editor in Chief
IP-Based Card Security Keylocks Cracked by Android App - 'Caribou'
Above is a fairly scary demonstration of just how powerful an Android app can be. Security researcher Ian Robertson, has created an Android app called 'Caribou', that has the ability to easily bypass security on the wide-spread Cardkey door control systems. These are systems in place in numerous places, like office buildings and hotels.
The app can even remotely take over all the doors of a Cardkey system! In fact, to further scare the 'bejeezus' of of us, here's a quote from his website at cybersecurityguy.com,
...with the IP address of the target cardkey device, a single-button "Unlock" will access the cardkey system, unlock all available doors in sequence, allow 30 seconds for entry, and then re-lock all those same doors. Caribou has the capability of performing a brute-force of any customized security PIN used with the system.
Lest you think that we are supporting cyber-thievery here on the website, please realize that Mr. Robertson is paid to do this professionally. Here's what his website further elaborates that he and his partner, Michael Gough, are
...actively engaged with US-CERT and the manufacturers in order to improve the security of the products and provide better documentation and instructions to system installers.
Caribou is a proof-of-concept and is not available to the public.
It's still pretty incredible to ponder just how powerful 'Andy' really is. James Bond would use Android.
Source: Cybersecurityguy.com
Last edited by dgstorm; 03-15-2011 at 11:43 AM.
-
Android.net is the premier
Android Forum. Registered users do not see these ads. .
-
Android Enthusiast
thanks for this dgstorm -- i forwarded this to the community manager here. we use this type of security door in our community. it's 100% gated so that's the only thing separating us from the rest of the world.
brute forcing can be a real pain to defend against if you have a seasoned hacker who knows how to ghost and auto-relay IPs... but if the ip is static it's a no-brainer to block thankfully.
the simplest defense for a static IP brute force attack is to setup server logs (if they already aren't) and setup a loop to continually query the log files for failed login attempts from the same IP and then just block that IP after x number of failed attempts. can be done in a variety of programming languages.
Last edited by RayBan; 03-16-2011 at 11:00 PM.
-
Android Lurker
I would like to get my hands on this app so I can see if it works on the hardware I have to trouble shoot on a daily basis.
-
Android Enthusiast

Originally Posted by
ckb1985
I would like to get my hands on this app so I can see if it works on the hardware I have to trouble shoot on a daily basis.
question: are you the network administrator?
... because this has *nothing* to do with hardware. it's all *network* based.
and there is nothing that this app does that can't also be done from a terminal on a computer using readily available security tools. ... any system admin should know without thinking twice whether or not his/her system is vulnerable to brute forcing or not. and the defenses are literally a google search away.
in short, there is no reason that i can see for anyone to have this tool for "troubleshooting" purposes... hence why it's not available to the public.
Last edited by RayBan; 03-17-2011 at 03:33 PM.
http://www.scramblerducati.org/
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Similar Threads
-
By huskerkate in forum Android Rooting
Replies: 27
Last Post: 04-21-2011, 06:05 PM
-
By dgstorm in forum Android News
Replies: 2
Last Post: 03-10-2011, 02:56 PM
-
By tp76 in forum Android Forum
Replies: 2
Last Post: 02-08-2011, 04:16 PM
-
By wicked in forum Other Carriers
Replies: 1
Last Post: 02-03-2011, 11:21 PM
Search tags for this page
android app caribou
,
android caribou
,
caribou android
,
caribou android app
,
caribou android app download
,
caribou android download
,
caribou app
,
caribou app download
,
caribou download android
,
caribou download app
,
caribou for android
,
caribou for android download
,
download caribou android
,
download caribou android app
,
download caribou app
Click on a term to search our sites for related topics.