Cardkey Security Systems Rendered Useless by an Android App


For the past several weeks we have heard a lot of chatter about how vulnerable the Android operating system is when it comes to protecting users from viruses and malware, but Ian Robertson has turned the tables by developing an Android app to expose a completely different type of security risk. The app, called Caribou, can render door locks using an IP-based cardkey system (the type used at many office buildings, apartment complexes, and hotels) useless in one click and a matter of seconds.

The user need only obtain the IP address of the network the security system is operating on and Caribou brute-forces the rest. Once the PIN is cracked, doors are unlocked in sequence and remain unlocked for 30 seconds. No, it might not be as scary at first glance as a virus infecting your smartphone, stealing your data, and running up your bill, but in the wrong hands the technology could give crooks a one up on physical security systems. This is exactly the point Mr. Robertson wants to get across: Shore up those home and business security systems, because the next person using this technology might not have such a benevolent reason to do so.

[via AndroidCentral]

Kevin Krause
Pretty soon you'll know a lot about Kevin because his biography will actually be filled in!

Android App Count Rapidly Gaining on iOS [Chart]

Previous article

Verizon’s HTC Thunderbolt Equipment Guide Confirms March 17th Release Date [Update: Wirefly Pre-Order Begins Tonight]

Next article

You may also like



  2. Coolest thing I’ve ever seen done on Android.

  3. Unsecured wifi?

  4. Ah, it’s the old access the cardkey system, unlock all available doors in sequence, allow 30 seconds for entry, and then re-lock all those same doors using Caribou on Android trick.

  5. Very glad this application is NOT available to the public.

  6. @ari-free


  7. Wonder if this could be used on cars

  8. #mike
    Yeah, all you have to do is get the IP address of the network your car is using….oh wait.

  9. I always forget my cardkey for work. But I always have my Droid handy. I need this app!

  10. cool, but any good IT system admin would keep the security system off the standard IP network. It should always be closed, but cool trick!

  11. So either the security system is using a public IP, or has a WiFi signal that this phone was somehow connected to first? Both scenarios seem pretty unrealistic. Cool trick though.

  12. @cweb hotels do not hire good system admins. Nor should sysadmins be doing this, net admins should. Hotels do everything the crappiest and cheapest way possible.

  13. I need this app… Love the music in the video :-P

  14. Sounds like breaking an entering. But very cool. I wouldn’t do it without authorization.

  15. Why’d he bother hiding the ip address?

  16. $50 straight to whoever can find me this app. I’m locked out of my dorm all the time, as my roommate constantly takes and loses my keycard. I’ll pay in PayPal, I’m serious.

  17. All the naughty things I could do if I had this…

  18. Where can I get it?

  19. Under the new laws of the land, Homeland Security might take an interest in this and render the developer in a little hot water!

    That’s the paranoid part of the post… ;)

    Now… lol, where the hell do I get my hands on this so I can try it out where I work, lmao!

  20. “The IP address of the network” – what is meant by this? The subnet? the IP of the host controlling the security system?

  21. Now its available from the market!!!! I just used it in my hotel! Cool app!!!!! So easy to use too!!!

  22. F’n A!

  23. Love this app!!! Just stayed 2 nights at the Golden Nugget for free. Fuck yeah

  24. Need to unlock a CardKey door lock? There’s an app for that!

  25. I’m holding out for the HID card cracker using the NFC chip.

Leave a reply

Your email address will not be published. Required fields are marked *

More in Apps