Android app pwns cardkey entry systems, opens all the locks

Caribou is an Android app that demonstrates the terrible security in popular card-key entry systems. It can brute-force these systems with just the IP address of their server:

By providing Caribou only with the IP address of the target cardkey device, a single-button "Unlock" will access the cardkey system, unlock all available doors in sequence, allow 30 seconds for entry, and then re-lock all those same doors. Caribou has the capability of performing a brute-force of any customized security PIN used with the system.


(via Engadget)