This talk will be about a vulnerability I discovered in DoorKing’s registration system that exposed customer data and telephone entry systems. This talk will cover how I became interested in these systems and how these systems works. I’ll highlight the major problem that could ultimately lead to accounts being compromised. We’ll discuss the impact of customer information being leaked to anyone who knows how to modify a cookie. We’ll also talk about the impact of entry system phone numbers and master codes being leaked and what risk that would pose to end users. Finally, we’ll discuss a speculative attack that could have leveraged this vulnerability. This would include scenarios where an attacker could wipe the entire access system, set new entry codes to allow themselves access to the protected building, backup access control data and more.
This issue was disclosed in line with responsible disclosure. I’ll discuss the timeline of this issue and I’ll also cover my attempts to notify the vendor and the responses I received. I published my findings in February of this year (2017).