Above is a video showcasing a piece of software called Caribou, a proof-of-concept Android application which can brute-force the control system on a very popular card-key based door security system. The software isn’t available to the public, but if Ian Robertson was able to figure this out, I have no doubt that other security specialists could do the same and release the software for public consumption. Caribou requires the IP of the cardkey system to perform the hack, but apparently that’s not especially difficult to acquire. Why a security system would be configured to broadcast its IP address I can’t begin to imagine, and I have a feeling that after seeing this video, cardkey security system manufacturers will head back to the drawing board.
