RFID access control systems are becoming increasingly popular and are now commonplace in office buildings, hotels, apartment complexes, universities, and many other locations. You probably heard about RFID tags cloning, or even tried it. But what if cloning someone’s card isn’t an easy option? How else can one gain entry into high-security areas without direct access to the credentials?
In my presentation, I will discuss techniques for bypassing physical access control security mechanisms in Red Teaming scenarios. We will see:
- how to intercept the communication between the reader and the controller that are using the Wiegand protocol, along with the demo of this attack;
- how the reader can be weaponized to perform downgrade attack, allowing for the creation of a malicious clone of a card that would otherwise be difficult to forge;
- how the OSDP protocol addresses the shortcomings of Wiegand, and what are the security implications of using it;
- what are the other ways to bypass the access control security mechanisms?
I will also share some interesting and fun stories from Red Team engagements, demonstrating practical applications of these techniques in real-life scenarios – hopefully without getting caught 😉
