February 3, 2023

Money News PH

The Premier Blog Where Money Talks

Aiphone door intercoms can be “easily” bypassed thanks to NFC bug • TechCrunch

A security research firm says it has discovered an “easily” exploitable vulnerability in a door entry security system used in government buildings and apartment complexes, but warns the vulnerability cannot be patched.

Norwegian security firm Promon says the bug affects several Aiphone GT models that use NFC technology, commonly found in contactless credit cards, and allows attackers to potentially gain access to sensitive facilities by reading the phone’s security code Brutally enforce door access system.

Door entry systems allow secure access to buildings and apartment complexes, but are becoming increasingly digitized, making them vulnerable to both physical and remote attacks.

According to company brochures viewed by TechCrunch, Aiphone counts both the White House and the British Parliament among the customers of the affected systems.

Promon security researcher Cameron Lowell Palmer said a potential intruder can use an NFC-enabled mobile device to quickly scroll through any permutation of a four-digit “admin” code used to secure any Aiphone GT door system. Because the system has no limit on how many times a code can be tried, Palmer says it only takes a few minutes to cycle through each of the 10,000 possible four-digit codes used by the door entry system. This code can be entered into the system’s keyboard or transmitted to an NFC tag, potentially allowing attackers to access restricted areas without even having to touch the system.

In a video shared with TechCrunch, Palmer built a proof-of-concept Android app that allowed him to verify any four-digit code on a vulnerable Aiphone door entry system in his test lab. Palmer said the affected Aiphone models do not store logs, allowing an attacker to bypass the system’s security without leaving a digital trail.

An animated GIF of the test lab set up with an Android phone quickly going through each permutation of four-digit codes.

Credit: Cameron Lowell Palmer/Promon

Palmer disclosed the vulnerability to Aiphone at the end of June 2021. Aiphone informed the security company that systems manufactured before December 7, 2021 are affected and cannot be updated, but that systems after that date have a software fix that limits the rate of door entry attempts.

It’s not the only bug that Promon has discovered in the Aiphone system. Promon also said it discovered that the app used to set up the door entry system offers an unencrypted plaintext file containing the administrator code for the system’s backend portal. Promon said this could allow an intruder to also access the information needed to access restricted areas.

Aiphone spokesman Brad Kemcheff did not respond to requests for comment sent prior to publication.

In this context, earlier this year a university student and security researcher discovered a “master key” vulnerability in a widely used door entry system built by CBORD, a technology company that provides access control and payment systems for hospitals and university campuses. CBORD fixed the bug after the researcher reported the issue to the company.