IBL News | New York
A vulnerability on an app called GET Mobile allows opening remotely unlocked doors on campuses.
TechCrunch reported about it yesterday through a featured article titled “How a simple security bug became a university campus master key.”
This app, developed by CBORD, a technology company that brings access control and payment systems to hospitals and universities, fixed the bug last month, but some customers didn’t receive any notification, according to TechCrunch.
GET Mobile allows students at universities to pay for meals, get into events and even unlock doors to dorm rooms, labs, and other facilities across campuses.
Students found the vulnerability after examining the CBORD’s lists of commands available through its API.
They described it as a “master key” to his university — at least to the doors that are controlled by CBORD.