Electronic locks have come to make our lives easier. With a card, a code or mobile, we can open the house door or access specific work areas No need for traditional keys. For those who manage who enters and who leaves, they also suppose a great advantage: a couple of clicks are enough to activate or disable access. So simple.
But this option, by modern and practical that it seems, can also become a headache. The best example is found in the finding of Eric Daigle, a computer student who, according to Techcrunch, discovered how to open the dozens of tens of buildings in a few minutes using only his mobile and a little ingenuity.
The problem is on default passwords
Daigle warns that many Enterphone Mesh users never changed the administration panel password. In addition, some have left it exposed on the Internet. The result: A critical security failure which allows anyone to use predetermined credentials visible in the User Manual to grant new accesses or eliminate existing.
The finding has given rise to vulnerability CVE-2025-26793, classified with maximum gravity (10 out of 10). According to the CVE database, the affected systems are in Canada and the United States. He also explains that the manufacturer continued to send devices with predetermined passwords until 2024, a fact that is still worrisome.
Default passwords are designed to facilitate the initial configuration of a device, but We should change them As soon as we finish the adjustments. We do many, for example, when installing a new router, but there is not always a notice that remembers it. If it goes unnoticed, we leave an open door to possible attacks.
Hirsch, the company responsible for the Enterphone Mesh, has said that users should have followed the instructions in the instruction manual. In the system documentation, it is apparently recommended that the default password change, but the system itself did not require users to take this step to improve their safety.
A few days ago we talked to several experts about when we should change our passwords, and one of the key cases was Before a security incident. Although the recommendations did not focus on electronic locks, they can also apply perfectly here: we are facing a confirmed vulnerability.
This can be a good time to review whether our safety systems, such as electronic locks or video surveillance, continue to use default passwords or are exposed to the Internet. Whatever the brand or model, it is advisable to take measures to strengthen security.
Images | Hirsch | Jcomp
In WorldOfSoftware | The rear door that the United Kingdom wants in Icloud is a nightmare for all: Apple has just taken an unprecedented measure
