Hi
I was interested into getting your opinion on a thought that I had just today. I'm a security / hacking fan but I don't think that I could say that I have a very strong knowledge about it -just as a disclamer.
Weeks ago, I started wondering about how hackable are vigik locks at the entrace of nearly all Paris' buildings. I thought that -as pretty much everything around us in this city- it was poorly secured and that I'd be able to find a universal pass even on ebay. Turns out that I was wrong and, to this day, apparently no one has successfully hacked it or at least the most that we can read on the internet is that tech experts think that it'll be hacked in the next years.
There actually are universal pass for the mail, electricity and internet workers but each key has its own data and it becomes outdated every two days. Then you have to update it with vigik professionnal tools.
So I thought that leaks and stolent hardware would be easy to find and it seems that I was wrong about it. Then I finally came to the conclusion that in order to always have a valid pass, you'd need to have a friend who works in the mentionned fields and that he'd have to copy and send his key every two days to you with the help of his smartphone. Dead end : I don't have any friend working in these compagnies.
I really thought that this quest was over and that there wasn't any possible turnaround left.
And finally, today, I got randomly stroke by an idea : what if you just don't ask the mailman ? What if he has everything you need in his pocket and by this I mean the Vigik key AND the mean to copy and deliver it to you without implying any action on his side ? Most of post employees obviously will put their keys and their phone at a close distance. So what you basically need isn't to hack vigik but hack a phone with a silent nfc cloner.
That's pretty wicked, indeed. But in fact you don't even need to infect a phone. What if, just as card stealers, I'd 3D-print a fake vigik badge reader that'd be slightly bigger than the original, put it onto a real vigik device at the entrace of a building and create some kind of "man-in-the-middle-ish" device that'd send every scanned-badge's key on my phone ?
And finally, what if having a series of outdated keys collected thanks to my device could help me predict the next one and maybe crack vigik's encryption ?
What do you think ?
Please pardon my eventual english mistakes as I'm a non-native speaker and thanks for sharing your thoughts about this idea.
[link] [comments]
from hacking: security in practice https://ift.tt/3ztRKxd
Comments
Post a Comment