A vulnerability found in two keyless entry door locks enables local attackers to lock and unlock doors as well as create their own RFID badges by sending unauthenticated requests to affected devices.
The exploit was discovered by Secureworks researchers Mike Kelly and John Mocuta and is caused by incorrect access control vulnerabilities in AMAG Technologies Symmetry Edge Network Door Controllers, according to a 9 December Security advisory.
Researchers reverse engineered the basic structure of the network communication and found an attacker with network access to bypass physical controls and gain access to a secured physical area, thus changing the scope of affected resources.
The attacker could also inject fake card values, which can then be used to physically bypass the door since the primary function of a door controller is to help control access, researchers said in the advisory.
Researchers reached out to AMAG in April 2017 and by November 2017 had spoken with a company executive who reputedly told the security firm that AMAG would notify its clients prior to the public disclosure of the vulnerability.