Hacking Electronic Locks

[Patrick Star]

There has been a paper published on a sidechannel attack on SImonsVoss locks (sorry, don't have the PDF here and can't find the link) so it's not unheard of.
Aren't custodial locks just standard higher-end locks nowadays, by the way? That's all I've seen atleast (ASSA Twin, KABA, FAS 9 lever locks, ...).
Same with vending machines... Abloy Classic and some dimple locks are what's common here.
Swedish military are huge users of Abloy Classic as well - interestingly enough seems to be the standard profile and not some restricted secret sauce.
All of those (with the possible exception of the FAS locks?) have been discussed extensively on this very forum (huxleypig of course being the slayer of the Abloys ) so certainly these taboos have been broken to some extent...

[Neilau]

Also came across this article.

http://www.tomsguide.com/us/bluetooth-lock-hacks-defcon2016,news-23129.html

I see (well, read about) a growing use of these locks but a perfect example of poor implementation from a security point of view.

All driven by the mighty mobile phone. But, Hey. What do you do with a computer more powerful that what NASA had to put a man on the moon, than you can fit into your shirt pocket.

[Jaakko Fagerlund]

What I'm interested in that talk is how he got the locks penalty feature out of the way to try those combinations. Microcontroller disconnecting the power supply fast enough in case of wrong digit or something more elaborate?

[entropy]

Yes, that's exactly it. Dial the combo, listen for a response from the lock (a beep probably?) then cut power real fast. Amazingly the lock indicates whether the combo is bad before actually recording the fact in the eeprom. Also, it zeros out that byte (eeprom erase) before updating it. So if you timed it right the wrong-tries counter would be set to zero.

Here are the slides:
https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEFCON-24-Plore-Side-Channel-Attacks-On-High-Security-Electronic-Safe-Locks.pdf