"Knock, Knock: Aiphone Bug Allows Cyberattackers to Literally Open (Physical) Doors"
A flaw in a number of popular digital door-entry systems offered by Aiphone allows hackers to gain access to the systems by using a mobile device and a Near-Field Communication (NFC) tag. The devices in question, including GT-DMB-N, GT-DMB-LVN, and GT-DB-VN, are used by high-profile customers such as the White House and the Houses of Parliament of the UK. Cameron Lowell Palmer, a researcher with the Norwegian security firm Promon, discovered the flaw and the fact that there is no limit to the number of times an incorrect password can be entered on some Aiphone door-lock systems. After discovering the admin passcode, the malicious actor could inject the serial number of a new NFC tag containing the admin passcode back into the system's log of approved tags. This would provide the attacker with both the plaintext code that can be entered into the keypad and an NFC tag that can be used to gain access to the building without touching any buttons at all. There is no digital trace of the hack because the Aiphone system does not keep logs of attempted entries. Promon first informed Aiphone of the problem in June 2021. The company stated that systems built before December 7, 2021, are unfixable, but systems built afterward include a feature that limits the number of passcode attempts that can be made. Despite the troubling findings, Palmer describes this type of Internet of Things (IoT) security oversight as "fairly typical." Adding NFC was a win from an administrative standpoint, but it exposed the system to this new attack vector, he explains. The system began with some reasonable design choices, but the addition of the NFC interface made the design dangerous. This product appears to be based on the concept of physical security, and when NFC was added, they added a touchless high-speed data port on the building's exterior, which violated the premise. This article continues to discuss the vulnerability affecting several Aiphone GT models using NFC technology and enables malicious actors to potentially gain access to sensitive facilities.