An unchanged credential allows anyone to virtually control door locks and elevators at dozens of apartment buildings across North America, a security researcher found.
Holy shit. This is one of the worst ones I’ve ever seen.
Want to get a list of insecure apartment buildings, with addresses, and a complete list of the residents, which rooms they’re in, and what their normal schedules are of using their fobs to get in and out? And then authorize yourself a fob that will work to get in the building and unlock their doors?
And then authorize yourself a fob that will work to get in the building and unlock their doors?
While electronic access is common for the main building doors; I don’t think I’ve ever seen the actual apartment units secured with electronic locks. That’s always been a physical key in my experience. (except; mo/hotels, or owned units where the owner can install whatever lock they choose)
They typically use cheap easily pickable locks inside though. The one on my door I can rake open in 2 seconds. (can’t change it due to the lease)
This. Apartment building doors being unlockable exposes you to the same risk as the extremely troubling technique of clicking every number and shouting “Amazon delivery!”.
Remote access to FOB logs is much worse, though. And somebody needs to explain to me how these installers managed to somehow enter all the real names of the building tenants into an online-facing listing but not change the default password.
I mean, granted, that also is the same level of exposure as with the “get in there and look at the mailbox” exploit, but at least you have to physically go to the place for that, you know?
You could probably arrange that if you really tried, and it would be easier with an individual landlord; but barring the tenant from changing the locks (without express written consent) is a pretty standard lease clause. Building management companies don’t want to deal with swapping locks all the time and keeping track of changing keys, especially when there’s 200+ units on the property. They’re usually pretty rigid with the terms of the lease.
yea, for multi unit complexes like apartments, I assume that it could be in place cause the LL likely has a master key that works across all doors as well
Holy shit. This is one of the worst ones I’ve ever seen.
Want to get a list of insecure apartment buildings, with addresses, and a complete list of the residents, which rooms they’re in, and what their normal schedules are of using their fobs to get in and out? And then authorize yourself a fob that will work to get in the building and unlock their doors?
Go right ahead.
While electronic access is common for the main building doors; I don’t think I’ve ever seen the actual apartment units secured with electronic locks. That’s always been a physical key in my experience. (except; mo/hotels, or owned units where the owner can install whatever lock they choose)
They typically use cheap easily pickable locks inside though. The one on my door I can rake open in 2 seconds. (can’t change it due to the lease)
This. Apartment building doors being unlockable exposes you to the same risk as the extremely troubling technique of clicking every number and shouting “Amazon delivery!”.
Remote access to FOB logs is much worse, though. And somebody needs to explain to me how these installers managed to somehow enter all the real names of the building tenants into an online-facing listing but not change the default password.
I mean, granted, that also is the same level of exposure as with the “get in there and look at the mailbox” exploit, but at least you have to physically go to the place for that, you know?
I’m amazed that your LL is against you replacing it out of your own funds and providing them a key. That’s so dumb.
You could probably arrange that if you really tried, and it would be easier with an individual landlord; but barring the tenant from changing the locks (without express written consent) is a pretty standard lease clause. Building management companies don’t want to deal with swapping locks all the time and keeping track of changing keys, especially when there’s 200+ units on the property. They’re usually pretty rigid with the terms of the lease.
yea, for multi unit complexes like apartments, I assume that it could be in place cause the LL likely has a master key that works across all doors as well
Also possibly basement access or similar things that work with all the apartment keys.
JFC…