Close Menu
Technology Mag

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Google just soft-launched nine cool Home app features

    June 10, 2025

    How One Keto Trial Set Off a New War in the Nutrition World

    June 10, 2025

    Nothing Phone 3 leak shows the Glyph lights might be gone

    June 10, 2025
    Facebook X (Twitter) Instagram
    Subscribe
    Technology Mag
    Facebook X (Twitter) Instagram YouTube
    • Home
    • News
    • Business
    • Games
    • Gear
    • Reviews
    • Science
    • Security
    • Trending
    • Press Release
    Technology Mag
    Home » Your Gym Locker May Be Hackable
    Security

    Your Gym Locker May Be Hackable

    News RoomBy News RoomAugust 16, 20243 Mins Read
    Facebook Twitter Pinterest LinkedIn Reddit WhatsApp Email

    Thousands of electronic lockers found in gyms, offices, and schools could be vulnerable to attacks by criminals using cheap hacking tools to access administrator keys, according to new research.

    At the Defcon security conference on Sunday, security researchers Dennis Giese and “braelynn” demonstrated a proof-of-concept attack showing how digital management keys could be extracted from lockers, copied, and then used to open other lockers in the same location. The researchers focused on various models of electronic locks from two of the world’s biggest manufacturers, Digilock and Schulte-Schlagbaum.

    Over the past few years, the researchers, who both have backgrounds in lock picking, have been examining various electronic locks that use numerical keypads, allowing people to set and open them with a PIN. The work comes on the back of various examples of hotel door locks being found to be hackable, vulnerabilities in high-security locks, and commercial safes being alleged to have backdoors.

    For the research, Giese and braelynn purchased electronic locks on eBay, snapping up those sold after some gyms closed during the Covid-19 pandemic and from other failed projects. Giese focused on Digilock, while braelynn looked at Schulte-Schlagbaum. Over the course of the research, they looked at legacy models from Digilock dating from 2015 to 2022 and models from Schulte-Schlagbaum from 2015 to 2020. (They also purchased some physical management keys for Digilock systems.)

    Showing how security flaws could be abused by a prepared hacker, the researchers say they can take the electronic lock apart, then extract the device’s firmware and stored data. This data, Giese says, can contain PINs that have been set, management keys, and programming keys. The manager key ID can be copied to a Flipper Zero or cheap Arduino circuit board and used to open other lockers, Giese says.

    “If you access one lock, we can open all of them in whatever the unit is—the whole university, the whole company,” Giese says. “We can clone and emulate keys very easily, and the tools aren’t that complicated.” Whoever owns the lockers manages them, Giese says.

    Ahead of developing this proof-of-concept attack, Giese says, it took some time and effort to understand how the locker systems function. They took the locks apart and used cheap debugging tools to access the devices’ erasable, programmable read-only memory, known as EEPROM. Often, in the locks they tested, this was not secured, allowing data to be pulled from the system.

    “From the EEPROM, we can pull out the programming key ID, all manager key IDs, and the user PIN/ User RFID UID,” Giese says. “Newer locks erase the set user PIN when the locker is unlocked. But the PIN remains if the locker was opened with a manager key/programming key.”

    The researchers say they reported the findings to both impacted companies, adding they had spoken to Digilock about the findings. Digilock tells WIRED it has issued a fix for vulnerabilities found. The researchers say Schulte-Schlagbaum did not respond to their reports; the company did not respond to WIRED’s request for comment.

    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Email
    Previous ArticleThe Best Bike Locks and Ebike Locks
    Next Article A key part of California’s online safety law for kids is still on hold after appeals court ruling

    Related Posts

    A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account

    June 10, 2025

    The Mystery of iPhone Crashes That Apple Denies Are Linked to Chinese Hacking

    June 10, 2025

    Cybercriminals Are Hiding Malicious Web Traffic in Plain Sight

    June 9, 2025

    ICE Quietly Scales Back Rules for Courthouse Raids

    June 9, 2025

    What Really Happened in the Aftermath of the Lizard Squad Hacks

    June 7, 2025

    How the Farm Industry Spied on Animal Rights Activists and Pushed the FBI to Treat Them as Bioterrorists

    June 5, 2025
    Our Picks

    How One Keto Trial Set Off a New War in the Nutrition World

    June 10, 2025

    Nothing Phone 3 leak shows the Glyph lights might be gone

    June 10, 2025

    Tesla’s Robotaxis Are Rolling Out Soon—With One Big Unanswered Question

    June 10, 2025

    Android 16 has arrived with iPhone-style Live Updates

    June 10, 2025
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    Business

    ‘Uber for Getting Off Antidepressants’ Launches in the US

    By News RoomJune 10, 2025

    Unlike a linear taper, which involves reducing the dose of a medication by the same…

    Nintendo’s Switch 2 Pro Controller is pro enough for me

    June 10, 2025

    Apple turns up the speed on Podcasts and adds a new emoji game to News

    June 10, 2025

    A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account

    June 10, 2025
    Facebook X (Twitter) Instagram Pinterest
    • Privacy Policy
    • Terms of use
    • Advertise
    • Contact
    © 2025 Technology Mag. All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.