Sebastian Anthony, writing for ExtremeTech:
I wish I could say that Brocious spent months on this hack,
painstakingly reverse-engineering the Onity lock protocol, but the
truth is far more depressing. “With how stupidly simple this is,
it wouldn’t surprise me if a thousand other people have found this
same vulnerability and sold it to other governments,” says
Brocious, in an interview with Forbes. “An intern at the NSA could
find this in five minutes.”
Update: I got a nice email from Cody Brocious, the security researcher who discovered this. He wrote:
One thing I’d really like to clarify (which ExtremeTech still
hasn’t) is that it did take me months. In fact, the work I
released is the product of 3 years of reversing the entire system.
The simplicity of the result really hides the work that was done
to reach this point.
That said, thanks for covering this; anything that gets the word
out about the (lack of) security here is a Good Thing (TM).
★ Thursday, 2 August 2012