Widespread Doorking Callbox Key Vulnerability

A member forwarded us this tweet about a widespread Doorking Callbox vulnerability, where doors/gates can be opened via default enclosure key and shorting lock contacts:

The risk is the default enclosure key, a Doorking 16120 was used as factory default on thousands of callboxes and is inexpensive to buy, i.e. ~$7.00 from distributors and even less expensive off eBay. Doorking no longer uses this key code and changes it regularly for new callboxes, but presumably many sites are still using factory default keys.

Doorking installers have been told to replace factory 16120 key locks for many years, and replacement randomized keys/locks are inexpensive (i.e.: ~$12), but installers need to replace factory defaults (just like changing default passwords on network equipment).

This risk is not new and has been covered by many, including videos by Deviant Ollam that show just how easy it is to pull off:

We have reached out to Doorking tech support for recommendations to mitigate this risk.

Have you seen this problem in the field? How have you addressed it?

Login to read this IPVM discussion.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

**** ** ** ********* common ************* **** ** encounter ******** ** *********** properties :

********* ******* (** ********* order ** *************):

*. ********* ******** ******* cam **** **** **** type ** **** *** not ***** ** ***** key. (* ******** ***** lock **** ** ** packed ** *** *** with ******** *****, *** most ********** ***** **** the **** ** ****** the ******* ****).

*. ********* ******** ******* cam ***** **** ****-******** cam ***** **** ** Medeco.

*. ****** * ******* to ****** ** **** sides ** *** ***** (ugly *** *********).

*. ****** * ********** metal ****** ****** ****** face ** **** (******** done ** **** ********* areas.)

*. ****** ******-****** ** face ** **** *** connecting ** ****** ****-*** circuit. **** ******* *********** electric **** ******** **** intercom **** ***** ***** from ******. **** ******* can ****** ** ***** with ***** $** ***** of *****

***** ** * **** blog **** *********** ***** ********* *** Prevention (****)**** ***** ******** ** protective ***** ******* *** a *** ***** *********.

IPVM Image