A push-button door hacking demonstration at the Kiwicon hacking event in Wellington, New Zealand last Friday gave 2 of the featured hackers what can only be described as a ‘real’ shock in front of a crowd of 2,000 onlookers.
Alive and Well.
The 2 men involved in the incident were conducting the live demonstration and testing of a device which was intended to be able to wirelessly exploit door-opening push buttons. Both men survived the receipt of an electric shock. The audience of technology and hacking enthusiasts were reported to have laughed at the potentially dangerous and very public hacking fail.
About The Device.
The device that the hackers were demonstrating at the Kiwicon event was a box-shaped prototype containing a very strong electromagnet. The device was designed to enable a person to activate the push button controls on secure doors in e.g. office buildings from the outside, thereby giving easy, unauthorised access.
The design of the door-hacking device was a re-work of a previous test device which used a combination of an electromagnetic interference fuzzer fed by a scripting language, and augmented with a microphone.
At the heart of the proto-type door opener are a number of (car) ignition coils which are used to generate very high voltage, which is in turn intended to generate a spark that, using the air as a conductor, can jump a gap and in theory touch an exit button on automatic door.
What Went Wrong During the Demonstration?
According to the 2 hackers conducting the demonstration, instead of hitting the button the current passed through one of the men. The heat generated in the device during the experiment also melted a motor driver and some solder. The effect of the powerful electromagnet used in the device is also thought to have been responsible for stopping one of the hacker’s mobile phones from working.
What Does This Mean For Your Business?
Although in this case the hackers were out in the open at an event, and the hack was unsuccessful, it does highlight some important security concerns for businesses, particularly around automatic access, online and data storage systems.
It does seem that a hacker with the will, the determination, and some ingenuity can find their way around many so-called sophisticated and secure systems, and that there is a community of hackers and cyber criminals that the information can be shared with.
It has never been more important therefore for businesses to stay on top of all aspects of online and automated security and to make sure that Disaster Recovery and Business Continuity plans are in place should systems be breached.