The Security Vulnerabilities of Electronic Lockers
Thousands of electronic lockers found in gyms, offices, and schools are potentially at risk of being compromised by criminals using inexpensive hacking tools to obtain administrator keys, according to recent research presented at the Defcon security conference. Security researchers Dennis Giese and “braelynn” showcased a proof-of-concept attack that demonstrated how a digital administrative key could be extracted, replicated, and used to unlock additional storage lockers, focusing on electronic locks produced by Digilock and Schulte-Schlagbaum.
Research Findings and Methodology
For several years, Giese and braelynn, both experts in lockpicking, have been studying electronic locks equipped with digital keypads that rely on PIN codes for access. By purchasing electronic locks from various sources, including online marketplaces, they were able to analyze older models from Digilock and Schulte-Schlagbaum. Through their research, they discovered vulnerabilities that allowed them to extract sensitive data such as configured PINs, administrative keys, and program keys.
Implications and Response from Manufacturers
By exploiting these security flaws, hackers could potentially unlock all units controlled by the same digital administrative key, posing a serious risk to the security of gyms, offices, and schools. The researchers promptly reported their findings to the affected companies, with Digilock addressing the vulnerabilities by releasing fixes. However, Schulte-Schlagbaum did not respond to the researchers’ report, highlighting potential negligence in addressing security concerns.
Overall, the research underscores the importance of robust cybersecurity measures in safeguarding electronic locker systems from exploitation by malicious actors. As technological advancements continue to shape the landscape of security, constant vigilance and proactive security measures are crucial in mitigating risks and ensuring the protection of sensitive information.
