There was a well in the dark tone of OFweek's Smart Hardware Network. The screen flashed and a long-haired woman suddenly appeared beside the well.
“Oh,†Cuihua, an office worker, hurriedly turned off the TV. The boyfriend had an entertainment this evening. She alone had no guts to continue to watch this horror movie. A layer of white wool sweat on the back had already wet the clothes, but Cuihua did not dare to wash the bath, fleeing into the bed to get into a ball. As everyone knows, the smart security door just outside the house has been quietly opened with the night...
The cell phone on the bedside received a message saying “the door was open.†Soon the house came in a shaky, humanoid shadow, and Cuihua suddenly jumped out of bed and his hair was standing upright...
However, sometimes life like noodles boiled out of white water can be filled with fullness but lack of stimulation, plain and odorless, it turned out that her boyfriend came home late to return. The boyfriend drunk and drunk and fell asleep. The intelligent electronic door lock did not lock the boyfriend outside the door, proving that he did not drink unconscious, at least remember the password.
Maybe life is normal, but what Cuihua does not know is that there are not only boyfriends who know the lock code but also hackers who dominate in cyberspace.
Intelligent security doors quickly captured a large number of customers who pursued quality of life with their convenient and intelligent features: no key, enter the password to enter the house; relatives and friends to visit, just send the virtual key on the phone can save the need to hand over the keys The door was damaged by violence, and the mobile app will send a reminder message to the owner...
It is no accident that such a convenient and technologically pleasing product is popular. For hackers whose doors are open, it is not so difficult to black out an electronic lock.
Want to crack a lock, first of all have to figure out the principle of unlocking.
For the traditional mechanical lock, each “groove†on the key corresponds to the fixed position of the pin in the key hole. When the key is inserted into the key hole, the pin will be topped to a fixed position, and then the key can be unlocked by turning the key. .
Looking at the map will not be difficult to crack.
â–² old school unlock "craftsman" necessary skills
However, the more exotic attack idea is to bypass the lock itself to the final goal.
â–² The style is very clear and odd
What about smart door locks that incorporate electronic devices and even operate directly on mobile apps?
To know that many domestic manufacturers do smart door locks from the ordinary lock to the smart lock industry, the security of the Internet of Things may not occupy an important position in their hearts. After all, this is a closed environment. Unlike computers, laptops, and other plug-in cables, they can be networked devices. Therefore, protection is also good, encryption is worth mentioning, are still stuck in the use of good standards.
The result of self-deception is to create loopholes that give intruders an opportunity. Venus Star active defense laboratory security expert "big pineapple" will tell the secret of the smart lock to tell Lei Feng network channel guest.
"Big Pineapple" said
The door lock that we tested could be connected to the home Wi-Fi and control the door lock through the wireless router at home. I will introduce two situations. One is to crack the lock when the Wi-Fi password is known. One is to crack this lock directly without knowing the Wi-Fi password.
1. Knowing the Wi-Fi password
According to the “big pineapple†analysis, all the instructions of the tested smart electronic locks were completed with 64 bytes (not all smart locks are 64 bytes). Including the device's matching, binding, unlocking, locking the door, and so on... So he compares these 64 bytes to 64 “imperial edictsâ€, which is equivalent to the life of the smart lock. At the same time, he also discovered that after several checks of the communication between the lock and the router, the 62 bytes in the 64 bytes, all locks for this model of the manufacturer are working.
In addition, the lock itself will not verify the source of the 64 bytes, nor will it verify that it is trusted, is accurate, and will only perform unconditionally.
Just like the simple horses that began in the rivers and lakes, the eldest brother told him to never go west to the east, and he would not think about whether his boss was a Luchi.
â–² Big Brother, who do you cut?
The communication protocol between the lock and the router is UDP. The feature of this protocol is that the source can be forged and can be broadcast arbitrarily, providing great convenience for the intruder's work.
Big Pineapple's approach is to reverse the App that matches the smart lock, and finds that the program's code hard-codes the manufacturer's smart lock password 6*****1, not only a weak password, has not been reinforced, so The entire code logic can be clearly seen after going backwards from this program.
He said that a total of five electronic door locks were detected. It can be said that the passwords for four electronic door locks were written in the code.
The latter work is not difficult, because knowing the wireless password can be connected to the Wi-Fi of the resident with a mobile phone, and because its communication protocol is UDP, it can be broadcast, so when the lock receives the Find command, it will put itself The serial number SN (as each car has its own frame number, the smart lock also has its own device serial number.) Tell the App that at the same time know the lock password is 6*****1, send the data packet, Changing the status to Open unlocks successfully.
They also tried to get the SNs of the six locks on the table by broadcasting, and then opened them one by one with hard coding, confirming that the lock itself does not consider the cruel fact that the source is credible.
â–² How loneliness is invincible
2. Don't know the Wi-Fi password
As mentioned earlier, the serial number of the door lock, its role is when the owner forgets to bring the key, the manufacturer emergency processing can be unlocked by the serial number. So the serial number is written directly on the panel of the lock, just by opening the cover of the smart lock outside the door.
So, theoretically speaking, anyone can see the serial number. All they need to do is find a tool to open the panel of the door lock, and the identity information of the lock will be shown at a glance. Here only need to download the serial number SN of the door lock, the hard code is 6*****1, send the command packet, the lock can be opened.
Big pineapple said
The most terrifying thing is that the SN sequence number of the lock is regular. There are 3 locks in the 6 locks, which are even numbers. We can see that the 4 digits are changing. No matter where I was, I downloaded this app and sorted the numbers from head to tail. Is everybody's door open? The server will feel that you are rich and have real estate all over the country and can open the door.
Lei Feng network resident channel summed up, this lock is not bound to the phone; device number is predictable; App itself is not reinforced; cloud does not do the number of attempts to block ... these fatal flaws may be due to manufacturers' weak security awareness resulting in.
However, the tree is quiet and windy. In the eyes of intruders, loopholes are used instead of neglected. It should also be a senior master unlocked life insight - any anti-theft door is only anti-gentleman, there is no lock can not be opened, the craftsman only care about worth.
---
Listening to the squeak of a boyfriend, Cuihua sat down to sleep with satisfaction. The darkness outside the house is strong. It should be a quiet image of a locked security door. Suddenly, the door handle slowly turned and the door quietly opened a seam...
Communication gateway series products can collect a variety of communication protocols
and upload data to small gateway equipment of cloud platform or local monitoring system; Gateway products in the field of industrial control support data analysis and calculation, automatic logic control, docking with multiple platforms, flexible web configuration and other functions; For the distributed system platform, it supports the secondary development and integration of various standard power protocols, Modbus industrial standards, MQTT protocol and non-standard protocols.
Communication Gateway,Communication Smart Gateway,Wireless Communication Smart Gateway,Industrial Communication Gateway
Jiangsu Sfere Electric Co., Ltd , https://www.elecnova-global.com