During upcoming Confidence conference in Krakow, we will celebrate 15 years of SecuRing.
On this occasion the we will share with you several NFC “research toolkits” hardware sets - that among other things allow to clone card UID and crack Mifare Classic. Come meet us at our booth and solve the NFC challenges to win one!
Also be sure to attend my introductory talk on NFC security “A 2018 practical guide to hacking RFID/NFC” track 1 Jun 4th 11:50am.
Update: slides are available to download here.
Behold The Smart Lock! In case anyone would doubt its smartness, it is literally imprinted.
Fitted with an enormously loud speaker - advertised as a feature to raise a solid anti-thief alarm. Using the same speaker for a normal unlock notification, thus enforcing you to cover your ears while opening, was not the smartest idea though.
Security? Smart my shiny metal (…)!
Enough smart for the introduction. Give me the meat! TLDR exploit.
One of my smart locks, Okidokeys, unexpectedly just turned into a brick, and this time for a change I had nothing to do with it ;) The mobile application barked at me: “Login request has failed. Please try again”. And the more I tried again, the more the login request failed. I finally discovered the vendor’s application server was shut down. And suddenly recalled shutting down their official website, Twitter and Facebook accounts a while before, but did not consider it important back then. Now as it turns out, also the phone number and e-mail server is dead. Following a quick investigation I found out they have been acquired in the meantime. By translating French forum I also realized some locks are undergoing a migration procedure to a new system, and the users are supposedly being notified. I did not get any notification - maybe because based on the serial number my lock was apparently destined for ‘American market’. That market was not covered by the acquisition, and therefore my device is not eligible for migration, as many others also just found out. I guess we can’t count on support any more. I wonder how many of the > 5000 customers (approximation based only on Android mobile application installs) have the same problem. And as of today there is still plenty of offers on US Amazon and Ebay.