Aiphone door entry systems can be bypassed ‘easily’ thanks to NFC error • TechCrunch

A security research firm says it has discovered a vulnerability that can be exploited “easily” in the door entry security system used in government buildings and apartment complexes, but warns that the vulnerability cannot be fixed.

Norwegian security company Promon says the bug affects several Aiphone GT models that use NFC technology, often found on contactless credit cards, and allow bad actors to access sensitive facilities by forcing a door entry system security code.

Door entry systems allow Safe access to buildings And the Residential complexesbut are increasingly digital, making them vulnerable to physical and remote compromises.

Aiphone considers both the White House and the British Parliament to be customers of the affected systems, according to company brochures seen by TechCrunch.

Promon security researcher Cameron Lowell Palmer said a potential intruder could use an NFC-enabled mobile device to quickly cycle through each switch of the four-digit “administrator” code used to secure each Aiphone GT’s door system. Because the system doesn’t limit the number of times a code can be tried, Palmer said it takes just minutes to cycle through each of the 10,000 possible four-digit codes used by the door entry system. This code can be punctured into a system keyboard, or moved to an NFC tag, allowing bad actors to access restricted areas without ever having to touch the system.

In a video shared with TechCrunch, Palmer built a proof-of-concept Android app that allowed him to check every four-digit code on a vulnerable Aiphone door entry system in his test lab. Palmer said that the affected Aiphone models do not store logs, allowing the bad actor to bypass system security without leaving a digital trace.

Image credits: Cameron Lowell Palmer / Promon

Ballmer revealed a vulnerability in Aiphone in late June 2021. Aiphone told the security company that systems manufactured before December 7, 2021 are affected and cannot be updated, but systems after that date have a software fix that limits the rate of door entry attempts.

It’s not the only bug that Promon has detected in the Aiphone system. Promon also said that it discovered that the application used to set up the door entry system was providing an unencrypted text file containing the admin code for the back-door system. That could also allow the intruder to gain access to information needed to access restricted areas, Promont said.

Aiphone spokesperson, Brad Kimchev, did not respond to requests for comment sent prior to publication.

Meanwhile, earlier this year, a college student and security researcher discovered a vulnerability in the “master key” in a file Widely used door entry system It was built by CBORD, a technology company that provides access control and payment systems for hospitals and campuses. CBORD fixed the bug after a researcher reported the problem to the company.