RFID access control systems are becoming increasingly popular and are now commonplace in office buildings, hotels, apartment complexes, universities, and many other locations. We place a great deal of trust in these systems—but are they truly secure?
In this talk, I will discuss ways to attack the reader itself to bypass the security mechanisms of physical access control systems. We will see:
- how to intercept the communication between the reader and the controller that are using the Wiegand protocol, along with the demo of this attack;
- how the reader can be weaponized to perform downgrade attack, allowing for the creation of a malicious clone of a card that would otherwise be difficult to forge;
- how the OSDP protocol works and what are the security implications of using it;
- what are the other ways to bypass the access control security mechanisms.
I will also share some experience and stories from Red Team engagements to demonstrate how to try and use this knowledge in real life – possibly without getting caught 😉