Cool. On a similar note, for most gated communities where there is also a keypad (for residents or visitors) to get in, 0911 works on 90+% of them. This is the standard "backdoor" for police/fire/EMS.
This points to a much broader security problem: Default admin passwords. They are everywhere, from elevators to routers, and it seems like 90% of devices are just left out in the open with the default admin password.
Instead of having a default password there should be a step in the setup where you are prompted for an admin password. Yes, there will be a lot of easily guessable passwords, but surely it's better than a factory default.
Having been involved in new products ranging from consumer electronics to security devices, the problem with this is that people will get too creative with their passwords, forget them, and then get mad when a factory default loses all settings.
In my experience, it's a losing battle no matter how you approach it. Make people specify a password, but then often times one person stages it and another installs it, so do you make an easy password for staging it? Do you add the overhead of making a device that enforces strong passwords? And so on...
The closest thing to a best solution I've seen is a 2-factor system, a passcode along with some kind of hardware dongle to default or get admin access.
Good points - this is obviously a hard problem that hasn't been solved. Basically there are two opposites that both need to be fulfilled to solve the problem: It has to be both easy and secure.
If ATMs aren't going to get this right, what hope is there for all the other random security locks?
Keyless entry systems have been a target for decades; read old Phrack issues for stories, and even listings of the (very small) complete sets of combinations. Obviously, conventional tumbler locks have been a target for as long as there's been an MIT.
For other systems throwing some fine dust or flour over the pad before someone uses it will get you 80% there. If it's dry and someone's already used it recently you can spot what the numbers are by brushing the dust off.
along the same lines, older keypads on things like garage door openers that people rarely change the password for but use frequently have serious wear on the keys that are used in the pword. its very easy to open those up. less obvious than a powdery keypad.
2600 magazine had a nice article 10 years ago about default codes for many different keypad locks (including FedEx drop-boxes). I worked in hotel security at the time, and discovered that many of these defaults were in use at assorted locations where I worked.
Could a company like Semtex really overlook that type of thing? I don't really condone breaking and entering, but it kind of shows the issues with anything protected with a password.
I would disagree - end users being lazy/unknowledgeable is something foreseeable, so the company could do something like starting with a random admin password or requiring that the admin password be changed before use. Home router manufacturers seem to be doing increasingly better at this.
AFAIK, most (home/office) security systems are not set up by the end users. Mine has an "engineer" code which is more powerful than the normal user code, and in principle is not left as the default by the installer. He will in turn charge you to come round and enter it if it is ever required.
I question whether publicly posting these discoveries on a blog is in line with the hacker ethic. I have figured out how to open doors before, but I didn't use it for personal gain or feel the need to brag about it.
Part of the "hacker ethic" includes the notion that information should be free. How you use that information is another matter.
If it were commonly known that this default code existed it's less likely that those who are responsible for setting up these keypads would leave the default set.
Those wishing to exploit it are the ones who actively seek out this sort of information.
