A push-button door hacking demonstration at the Kiwicon hacking event in Wellington, New Zealand gave two of the featured hackers a shock in front of a crowd of 2,000 onlookers.
Alive and Well.
The two men involved in the incident were conducting a live demonstration and testing of a device which was supposedly to be able to wirelessly exploit door-opening push buttons. Both men survived the receipt of an electric shock. The audience of technology and hacking enthusiasts were reported to have laughed at the potentially dangerous and very public hacking fail.
I don’t think you can blame them, the severity of the shock would have been unknown and the end result would have been a giggle. I doubt laughs would have lasted long if the hackers were seriously hurt.
About The Device.
The device that the hackers were demonstrating at the Kiwicon event was a box-shaped prototype containing an incredibly strong electromagnet. The device was designed to enable someone to activate the push button controls on secure doors in office buildings from the outside, thereby giving easy, unauthorised access.
The design of the door-hacking device was a re-work of a previous test device which used a combination of an electromagnetic interference fuzzer fed by a scripting language, and augmented with a microphone.
At the heart of the prototype door opener are a number of (car) ignition coils which are used to generate very high voltage, which is in turn intended to generate a spark that, using the air as a conductor, can jump a gap and in theory touch an exit button on automatic door.
What Went Wrong During the Demonstration?
According to the 2 hackers conducting the demonstration, instead of hitting the button the current passed through one of the men. The heat generated in the device during the experiment also melted a motor driver and some solder. The effect of the powerful electromagnet used in the device is also said to have been responsible for stopping one of the hacker’s mobile phones from working. This could be from an Electromagnetic pulse from the device causing the phone to stop working.
What Does This Mean For Your Business?
Although in this case the hackers were out in the open at an event, and the hack was unsuccessful, it does highlight some important security concerns for businesses, particularly around automatic access, online and data storage systems.
It does seem that a hacker with the will, the determination, and some ingenuity can find their way around many so-called sophisticated and secure systems, and that there is a community of hackers and cyber criminals that the information can be shared with. That’s why they are hackers. They find a way around even some of the most comprehensive systems.
It has never been more important therefore for businesses to stay on top of all aspects of online and automated security and to make sure that Disaster Recovery and Business Continuity plans are in place should systems be breached. But always keep backups and data stored on external drives that can be locked in a safe and secure space, without push-button locks.