Competition description

Competition goal.
The idea is to break through Loxet security and demonstrate opening the car without physically touching it or the phone with running application. Contestants can try and hack either Loxet itself or the smartphone with a manner they choose.
The device.
Loxet will be mounted in car’s central locking. The device controls servomotors and provides API allowing remote door opening and closing. Loxet communicates with smartphones through Bluetooth Low Energy and is built based on BLE112 Bluegiga module, which works as a peripheral device and can be identified as an iBeacon.

API methods access requires authentication. Calling out API methods is not encrypted. The device doesn’t have other external interfaces besides Bluetooth Low Energy (ex. WiFi, GPS, etc.)
The application.
An HTC smartphone with an app running on manufacturer’s Android OS will be placed near the car. The phone will connect to Loxet every 10 minutes, authorize the connection and stay connected for 15 seconds. During this time the device will open the car door every 5 seconds for exactly one second. You can download the app which will be used during the competition at www.loxet.io/competition.apk.
Timing.
The hacking competition ends on 30th april.

Back