Reverse engineering a remote control attendance system and exploiting its vulnerabilities
- A remote control attendance system was reverse engineered by tapping into the data pins for the SPI bus and packet sniffing the RF signals
- The device uses a basic transposition cipher to shuffle the bits of the device ID and encode the selected answer in the final two bytes of each packet
- The system can be exploited by copying the most popular vote for any given question or performing a denial of service attack by submitting hundreds of votes per second
- A hypothetical student used a self-contained device called a Time Turner to attend two lectures at the same time by hacking the attendance system
The hypothetical student used the Time Turner device to attend class for him while he attended another class. The device was effective and by mid-semester, the student had almost full points in both attendance and quiz correctness.