5mo ago

A single default password exposes access to dozens of apartment buildings

techcrunch.com

A single default password exposes access to dozens of apartment buildings | TechCrunch

24 comments

Fucking hell. The blog post for what the researcher found.
https://www.ericdaigle.ca/posts/breaking-into-dozens-of-apartments-in-five-minutes/
Default accounts on internet accessible building infrastructure.
- Holy shit. This is one of the worst ones I've ever seen.
  Want to get a list of insecure apartment buildings, with addresses, and a complete list of the residents, which rooms they're in, and what their normal schedules are of using their fobs to get in and out? And then authorize yourself a fob that will work to get in the building and unlock their doors?
  Go right ahead.
  
  And then authorize yourself a fob that will work to get in the building and unlock their doors?
  While electronic access is common for the main building doors; I don't think I've ever seen the actual apartment units secured with electronic locks. That's always been a physical key in my experience. (except; mo/hotels, or owned units where the owner can install whatever lock they choose)
  They typically use cheap easily pickable locks inside though. The one on my door I can rake open in 2 seconds. (can't change it due to the lease)
  
  JFC…
- ... Did... did you expect landlords, or building managers... to be competent at anything other than figuring out how to withhold your security deposit, and overcharge you for utilities?
  
  No, but if I were a building manager I would expect the company I hire to install the system to at least change the fucking password.
- So dumb. Holy shit.
As a cybersecurity professional I will not be installing a eletronic lock in my house for the same reason no army will store their lunch codes in a conected computer. If you want security keep it offline and physical.
- Since an army marchs on its stomach, it makes sense they'd protect the lunch codes.
  
  They even need multiple people to turn keys at the same time.
  
  touche
Realistically this doesn't sound like it'll actually lead to much (if any) increase in crimes against you. Most physical locks are just meant to be a mild deterrent, not actually be an impenetrable gate. They're just there to prevent crimes of convenience. If someone really wants to get into a door then they'll be able to get into the door regardless of how secure your lock is
- It does increase the risk of opportunistic crime though. If someone just unlocked all the gates and doors of an entire apartment building for shits and giggles, and you're in an area where there are people who go around apartment complexes randomly trying doors, there's certainly an increased risk.
  
  That's a huge "if" for both those things to happen at the same time before a resident or staff noticed it happening
"we use that password for ever and we have no problem"

24 comments