[ame=http://www.youtube.com/watch?v=gBDVkY9KgtM&feature=player_detailpage]YouTube - Cardkey system exploited using an Android app[/ame]
Above is a fairly scary demonstration of just how powerful an Android app can be. Security researcher Ian Robertson, has created an Android app called 'Caribou', that has the ability to easily bypass security on the wide-spread Cardkey door control systems. These are systems in place in numerous places, like office buildings and hotels.
The app can even remotely take over all the doors of a Cardkey system! In fact, to further scare the 'bejeezus' out of us, here's a quote from his website at cybersecurityguy.com,Lest you think that we are supporting thieves here on the website, please realize that Mr. Robertson is paid to do this professionally. Here's what his website further elaborates that he and his partner, Michael Gough, are...with the IP address of the target cardkey device, a single-button "Unlock" will access the cardkey system, unlock all available doors in sequence, allow 30 seconds for entry, and then re-lock all those same doors. Caribou has the capability of performing a brute-force of any customized security PIN used with the system.It's still pretty incredible to ponder just how powerful 'Andy' really is. James Bond would use Android....actively engaged with US-CERT and the manufacturers in order to improve the security of the products and provide better documentation and instructions to system installers.
Caribou is a proof-of-concept and is not available to the public.
Source: Android.net via Cybersecurityguy.com