Biometric locks turned trojan


In the same vein as our recent Defcon article on biometric cloning, White Wolf Security has released this article about turning a biometric door lock into a trojan. They note that there are many common ways to break into one, from harvesting fingerprints to using gummy bears to fake a finger. This hack involves having full access to the unit so you can disassemble it.

The unit has a system built-in where you can touch a 9-volt battery to some connectors on the bottom to power it in case of a building power failure. The researchers simply routed some wires from the motorized lock to the plates used for the 9-volt and then reassembled the lock. The door can then be opened at any time without verification, even if the software on the unit is reset.

[Thanks, dwight]

Comments

  1. Jason says:

    Not news, not a hack, and not in any way impressive, useful, or interesting at all. WTF is so special about making a motor work when you apply power to it?

    This site has really gone to hell.

  2. Jason says:

    To clarify my disappointment, this is the daily hack and all these ‘researchers’ did was route the wires from the motor controller directly to the power connectors on the bottom of the lock. Requiring full access to do it makes it even less of a ‘hack’.

    A real trojan door would save the readings to a log allowing a hacker to create a replica with which to gain access to non hacked doors in a fashion similar to a key logger.

    There is nothing even remotely useful, worthwhile, security related, or interesting about this.
    NEWS FLASH: Powering motors makes them move!

    And to the people that don’t like it when people complain about shit like this, kindly STFU. This shitty rewiring project is put up as the daily hack so it’s fair game.

  3. ken says:

    While I agree that this is rather a useless posting, sometimes you’re going to get a turd with all the relevant stuff.

    Relax. It just may be a slow news day.

  4. Jason says:

    You’ve missed my point. With the increased volume of posts on the site, the amount of ‘good’ material out there is greatly reduced as it gets covered much faster and often times multiple good ‘hacks’ go by each day. The increase in posts causes increased difficulty in finding ‘good hacks’ to post and results in news posts and garbage like this.

    Hackaday was once an internet icon with a massive cult following. Hackers the world over actually had a sense of accomplishment to have their work ‘featured’ for a whole day on hackaday instead of crammed in between this shit.

    The reason for the outcry is because hackaday actually ised to mean something. You were a real hacker to have your work posted on hackaday. Now you’re just another fucktard that can solder 2 wires to a motor.

    I have no problem with the news articles really. I was a proponent of telling people to use the daily filter to see only the hacks. The problem is this is the daily hack and it’s shitty as all hell. The Lego plotter bot should have been the daily, but that skilled hacker will never know that fame. This piece of shit post was made the daily hack just hours before.

    People that say “just chill and dont read it” are why this site is dieing. If you’ll notice, Juan Aguilar, of the really shitty news articles is no longer posting. Clearly all the bitching about shitty hacks does get noticed!

  5. Richard says:

    @ Jason

    It’s the negative comments like yours that make Hack-a-day less pleasant to visit… if you’re actually ‘proud’ to have driven somebody away – even if they post tripe (which I’ll agree he did) then you’re not part of the solution, you’re part of the problem.

    I don’t have the talent of the guys like the ‘lego plotter’ hacker, so I don’t aspire to be featured – but if you’ve got a problem with the quality of posts, surely the solution is to provide the editors with a steady supply of ‘good hacks’ to choose from… as in, get off your high horse and get into your shed with your toolkit, and come back with a hack yourself. ;-)

    Richard

  6. Jason says:

    Richard, you too fail to see the point. If hackaday is going to keep posting crap like this as the daily hacks, then many good hacks will fall into obscurity as they get posted minutes after the daily is posted.

    If I wanted to find hacks I would start my own site like miked did. I come here to see hacks that others have done. With the site the way it currently is, I wouldn’t submit a hack to it because there would be no glory in it for me.

    What it comes down to is this:
    If H-A-D is going to make money by posting hackers’ work and having ads next to it, the hacker that supplied them content should at least get his or her day in the sun.

    We don’t bitch because we could do better work, we bitch because we want things to return to the way they were, back when 1 _hack_ was posted _a day_. A news section is fine; a craphack section is fine; just keep it off the main page.

    The main page should be 1 featured hack a day, the way it used to be.

  7. aterinperator says:

    While jason’s negative comments are annoying, I agree to an extent: quality not quantity. If you up the quantity and keep the 1 quality article a day, it just gets buried in all the other stuff and I can’t keep up with this site so I stop coming. I currently get hundreds and hundreds of articles a day from various news sites, I’m quickly dropping sites that have anything slightly more than extremely high quality articles.
    This article sounded interesting, and turned out to be quite lame (read: not really a trojan). I saw some of jason’s other posts, and I was kind of upset that he was so upset, but having gone through several articles now that I have been severely disappointed with, I’m starting to (sadly) think his point is much more correct than I originally thought.

  8. Pretty good post. I just came across your site and wanted to say that I’ve really liked browsing your posts. I hope you post again soon!

  9. The door can then be opened at any time without verification, even if the software on the unit is reset.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 94,054 other followers