Jump to content
Forumu Destekleyenlere Katılın ×
Paticik Forumları
2000 lerden beri faal olan, çok şukela bir paylaşım platformuyuz. Hoşgeldiniz.

Kapı kilit hack


dasaaa

Öne çıkan mesajlar

http://vimeo.com/21137418
Opening doors with wireless RFID cardkeys is old hat at this point, but opening those doors with a smartphone is rather more intriguing. Doing so without permission of the people who put the locks on the doors, well, that brings things up to a whole new level of awesomeness. That's what Caribou does, a little Android app that remotely connects to a server managing the locks at a supposedly secure location. The app then diddles the ports and security settings of that server until it finds the magic phrase and, in a couple of seconds, it's open sesame time. Doors are unlocked remotely and then, 30 seconds later, automatically locked again. How thoughtful.

We first saw this demonstrated a few days ago but weren't entirely convinced of its legitimacy. But now, after exchanging a few e-mails with Michael Gough, who discovered the exploit, and Ian Robertson, who wrote the app, we're convinced. They're actually working with US-CERT on this issue so that appropriate measures will be taken but, in the short-term, if you have a system like this and it's sitting out there, IP open to the internet and being caressed by every passing breeze, you might want to think about pulling that in behind your firewall. Lots more info at both source links below, though you can see it working for yourself right here in a video after the break, running on an HTC Incredible.
http://www.engadget.com/2011/03/17/caribou-android-app-opens-doors-over-the-internet-needs-neither/

O_O tıklayıp izleyin
Link to comment
Sosyal ağlarda paylaş

açıklama şurada
http://hackerhurricane.blogspot.com/2011/03/w-my-security-research-discovers-major.html

buna güldüm
said:
Before you ask again, 'No we will not release the APK'. We believe in responsible disclosure and that does not include giving away an exploit that would put a vendor and their systems at risk.

Once the information has been fully shared with the vendors, all vulnerabilities remediated or identify actions a user can take to protect themselves would we discuss the details, but hey.. Thanks for asking.

If you want to be on our list to be notified of new documentation, feel free to send us an email from your organizations Chief Security Officer (CSO), CEO or equivalent that can be verified. Once verified, we will add you to the list once we publish so you can check your environment for any vulnerable systems.


bu arada.. bazı siteler var abi. tr'de millet görse kesin kendi pisliği için kullanır.
paso security siteleri ama tersini yapmak isteyenin önünde de duramazsın hani.

wireless için commentlerden şuna güldüm bayağı
http://lmgtfy.com/?q=android+airsnort

o değil de bu toplaşmalar tr'de de olsa, gitsek de iki bilgi alsak güzel olurdu yahu.
tr'de hekır tayfası anca sayfalara "ccc dünya türk olacakgh" yazma seviyesinde mi kalabildi? yazık olmuş hani..
Link to comment
Sosyal ağlarda paylaş

yok abi çok basit aslında bu sistemlerin olduğu .güvenliksiz ağlara dalıyorlar. sonrası bruteforce sadece.

çok çok basit diye donanıma falan koymadım zaten.

ama böle bi açığın var olması eğlenceli :D
şirketlerle konuşuyorlarmış. kapatılında daha bilgi vericekler.
Link to comment
Sosyal ağlarda paylaş

×
×
  • Yeni Oluştur...