Subscriber Discussion

Vulnerability Of Doorking Telephone Entry Systems

Avatar
Michael Silva
Jun 24, 2017
Silva Consultants

DoorKing is arguably the market leader in telephone entry systems, and these systems are widely used at apartment buildings, condominiums, and gated communities. They are also used at some commercial office buildings.

These systems are subject to two common "hacks" which seem to be well-known in the criminal community. The first is a vulnerability where the default programming code is never changed by the system installer. This allows anyone familiar with the system and default code to come up and program themselves an entry code. This allows them to return to the property at any time to gain entry. This technique and others are described by a article written by a hacker that is widely available on the internet.  

The second vulnerability is the fact that most DoorKing units come equipped with a lock that uses a standard factory key. This same lock is used throughout the country unless the installer or owner has changed it. It is a simple matter to use the key to open the door to the DoorKing unit, and then use any metal object to short across the postal lock connections. This causes the door to unlock or gate to open. So for the most part, anyone who has a standard DoorKing key has a "master key" to tens of thousands of properties throughout the country.

I find these vulnerabilities on the the majority of multifamily properties that I conduct security assessments for. The solutions are simple: 1) change the programming code to something other than the default, and 2) replace the DoorKing standard lock with a different lock, preferably a high-security type such as the Medeco.

Even if you do not sell or service telephone entry systems, you may want to point out these potential vulnerabilities to your customers that use these type of systems.

(2)
(6)
JH
Jay Hobdy
Jun 25, 2017
IPVMU Certified

DoorKing no longer uses a default master code. It is now blank and must be setup prior to configuration.

But if you have the key, you can easily get past that anyway

(1)
(3)
New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions