The famous hacker Samy Kamkar, who recently in the news came with a robot that combination locks can crack, now has developed a tool to access remote garage doors, including a famous Dutch mathematician played a role. OpenSesame , as the tool is called, is actually a Radica Girl Tech IM-ME manufacturer Mattel and uses a new attack on wireless "fixed-peg" devices that discovered the hacker.
The vulnerable garage doors use weak security codes with a limited set of options. An attacker would have 12-bit garage, which supports 12 bits at maximum combinations (4096 combinations), open in 29 minutes. Kamkar first discovered a way to decrease the time required by a factor of five, so there were only six minutes required. Eventually he worked his assault to the "OpenSesame" attack, in which the work of the Dutch mathematician Nicolaas Govert de Bruijn played an important role. De Bruijn developed De Bruijn row . This algorithm is used by Kamkar concerned and, after some adjustments, he eventually all combinations in 8 seconds is recommended.
By adjusting the IM-ME, toys to children to be able to send messages to each other, it is also possible to carry out the OpenSesame-attack on garage doors. The problem is present in garage doors manufacturer Nortek and North Shore Commercial Door. The doors of manufacturers Chamberlain, LiftMaster, Stanley, Delta 3 and Moore-O-Matic were vulnerable, but the problem would be the latest models no longer play. Users of garage doors with "permanent codes" are advised to upgrade to a system with "rolling code", "hopping codes", "Security +" or "Intellicode".
The IM-ME is not available for sale in the shops, but still available through Amazon and eBay. Kamkar the source put online for toys, but adapted so that criminals do not immediately open doors with. The goal is also to educate users. Experts, however, the code can adapt so that it works completely. However, criminals who is an expert in radio frequency and micro controllers are would help anyway not have needed in the first place, as noted on the hacker. Below is a video of the attack is demonstrated.
No comments:
Post a Comment