Close Menu
Technology Mag

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    You can own a functional version of Jeff Koons’ Balloon Dog sculptures for $750

    June 11, 2025

    Apple Home is expanding its energy management features 

    June 11, 2025

    Google will reduce Pixel 6A battery capacity due to overheating issues

    June 11, 2025
    Facebook X (Twitter) Instagram
    Subscribe
    Technology Mag
    Facebook X (Twitter) Instagram YouTube
    • Home
    • News
    • Business
    • Games
    • Gear
    • Reviews
    • Science
    • Security
    • Trending
    • Press Release
    Technology Mag
    Home » Your Gym Locker May Be Hackable
    Security

    Your Gym Locker May Be Hackable

    News RoomBy News RoomAugust 16, 20243 Mins Read
    Facebook Twitter Pinterest LinkedIn Reddit WhatsApp Email

    Thousands of electronic lockers found in gyms, offices, and schools could be vulnerable to attacks by criminals using cheap hacking tools to access administrator keys, according to new research.

    At the Defcon security conference on Sunday, security researchers Dennis Giese and “braelynn” demonstrated a proof-of-concept attack showing how digital management keys could be extracted from lockers, copied, and then used to open other lockers in the same location. The researchers focused on various models of electronic locks from two of the world’s biggest manufacturers, Digilock and Schulte-Schlagbaum.

    Over the past few years, the researchers, who both have backgrounds in lock picking, have been examining various electronic locks that use numerical keypads, allowing people to set and open them with a PIN. The work comes on the back of various examples of hotel door locks being found to be hackable, vulnerabilities in high-security locks, and commercial safes being alleged to have backdoors.

    For the research, Giese and braelynn purchased electronic locks on eBay, snapping up those sold after some gyms closed during the Covid-19 pandemic and from other failed projects. Giese focused on Digilock, while braelynn looked at Schulte-Schlagbaum. Over the course of the research, they looked at legacy models from Digilock dating from 2015 to 2022 and models from Schulte-Schlagbaum from 2015 to 2020. (They also purchased some physical management keys for Digilock systems.)

    Showing how security flaws could be abused by a prepared hacker, the researchers say they can take the electronic lock apart, then extract the device’s firmware and stored data. This data, Giese says, can contain PINs that have been set, management keys, and programming keys. The manager key ID can be copied to a Flipper Zero or cheap Arduino circuit board and used to open other lockers, Giese says.

    “If you access one lock, we can open all of them in whatever the unit is—the whole university, the whole company,” Giese says. “We can clone and emulate keys very easily, and the tools aren’t that complicated.” Whoever owns the lockers manages them, Giese says.

    Ahead of developing this proof-of-concept attack, Giese says, it took some time and effort to understand how the locker systems function. They took the locks apart and used cheap debugging tools to access the devices’ erasable, programmable read-only memory, known as EEPROM. Often, in the locks they tested, this was not secured, allowing data to be pulled from the system.

    “From the EEPROM, we can pull out the programming key ID, all manager key IDs, and the user PIN/ User RFID UID,” Giese says. “Newer locks erase the set user PIN when the locker is unlocked. But the PIN remains if the locker was opened with a manager key/programming key.”

    The researchers say they reported the findings to both impacted companies, adding they had spoken to Digilock about the findings. Digilock tells WIRED it has issued a fix for vulnerabilities found. The researchers say Schulte-Schlagbaum did not respond to their reports; the company did not respond to WIRED’s request for comment.

    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Email
    Previous ArticleThe Best Bike Locks and Ebike Locks
    Next Article A key part of California’s online safety law for kids is still on hold after appeals court ruling

    Related Posts

    The US Is Storing Migrant Children’s DNA in a Criminal Database

    June 11, 2025

    Ross Ulbricht Got a $31 Million Donation From a Dark Web Dealer, Crypto Tracers Suspect

    June 10, 2025

    A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account

    June 10, 2025

    The Mystery of iPhone Crashes That Apple Denies Are Linked to Chinese Hacking

    June 10, 2025

    Cybercriminals Are Hiding Malicious Web Traffic in Plain Sight

    June 9, 2025

    ICE Quietly Scales Back Rules for Courthouse Raids

    June 9, 2025
    Our Picks

    Apple Home is expanding its energy management features 

    June 11, 2025

    Google will reduce Pixel 6A battery capacity due to overheating issues

    June 11, 2025

    Reddit is looking for a new product boss

    June 11, 2025

    A Google Shareholder Is Suing the Company Over the TikTok Ban

    June 11, 2025
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    News

    Meta’s new AI video tool can put you in a desert (or at least try to)

    By News RoomJune 11, 2025

    Meta is launching new video editing tools that will let you transform videos using AI.…

    The US Is Storing Migrant Children’s DNA in a Criminal Database

    June 11, 2025

    Inside the AI Party at the End of the World

    June 11, 2025

    Apple’s updated parental controls will require kids to get permission to text new numbers

    June 11, 2025
    Facebook X (Twitter) Instagram Pinterest
    • Privacy Policy
    • Terms of use
    • Advertise
    • Contact
    © 2025 Technology Mag. All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.