MCH2022

Electronic Locks: Bumping and Other Mischief
2022-07-23, 18:40–19:10, Battery 🔋

Modern electronic locks are often optimized for cost, not security. Or their manufacturers don’t do security research. Or they ignore it.
For whatever reason, many current electronic lock systems are susceptible to surprisingly simple attacks. We’ll look at some of them, and at the underlying basics, so that you can do your own research.


In this talk, we look at a number of modern electronic locks and their security flaws. Surprisingly many current systems are susceptible to very simple attacks, like the equivalent of using bump keys. Of course, there are electronic and/or SW-based attacks, too.
We’ll look at some of them, and at the underlying basics, so that you can do your own research.
Some of the problems have been fixed by manufacturers, but typically only for future production runs, so you will get some practical advice on how to test your own hardware for these critical flaws.

See also: Presentation Slides

Michael has been analyzing, hacking and improving locks since the 1970's. He is an engineer and works in SW development in other technical fields, but still regularly participates in lock manipulation competitions, and helps lock manufacturers to improve their products. His current security research mainly focuses on electromechanical locks and wireless systems like Bluetooth LE.