Talk

Behind Closed Doors – Hacking RFID Readers

March 13, 16:00 (CAMPUS)

RFID access control systems are becoming increasingly popular and are now commonplace in office buildings, hotels, apartment complexes, universities, and many other locations. We place a great deal of trust in these systems—but are they truly secure?
In this talk, I will discuss ways to attack the reader itself to bypass the security mechanisms of physical access control systems. We will see:

  • how to intercept the communication between the reader and the controller that are using the Wiegand protocol, along with the demo of this attack;
  • how the reader can be weaponized to perform downgrade attack, allowing for the creation of a malicious clone of a card that would otherwise be difficult to forge;
  • how the OSDP protocol works and what are the security implications of using it;
  • what are the other ways to bypass the access control security mechanisms.
    I will also share some experience and stories from Red Team engagements to demonstrate how to try and use this knowledge in real life – possibly without getting caught 😉

Speaker

Julia Zduńczyk

Julia performs penetration tests for a wide range of IT Projects as an IT Security Specialist at SecuRing. Her main area of interest revolves around Red Teaming, specifically access control systems assessments, RFID hacking, social engineering, and other related topics. As a Cybersecurity student at the Academy of Science and Technology in Cracow, she had the opportunity to learn a wide range of IT security aspects from the beginning of her academic education. In her free time, she enjoys playing CTFs and researching attacks on access control systems.
She has been selected as the top speaker at CONFidence Conference 2023 (Cracow, Poland) and best speaker at SEC-T 2023 (Stockholm, Sweden).

Organized by

Technology partners

Partner events

Scroll to Top