Overview
Explore the vulnerabilities of physical access control systems in this 48-minute conference talk from Circle City Con 2016. Delve into the components of PACS, including access cards, readers, and control panels. Learn about various attack surfaces and exploits, from long-range access card attacks to BLE reader vulnerabilities. Discover techniques for hunting door controllers and access servers, and understand what information can be gleaned from these systems. Gain insights into the split personality of security and why PACS deployments are often insecure. Examine practical attack methods, such as the Tastic RFID Thief, and understand how to interpret its output files. By the end of this talk, grasp the comprehensive landscape of physical access system security and potential attack vectors.
Syllabus
Introduction
What Is A Physical Access System?
Why Physical Access Systems?
PACS Components
Access Cards
How credentials are read
The Split Personality of Security
Why PACS deployments are insecure
Attack surfaces and exploits
Access card attacks - Long Range
Design 1 - Tastic RFID Thief
Tastic RFID Thief Output File
Access card attacks - low tech
Reader attacks - BLEKey
Request to exit device attacks
Access control panel attacks
Hunting Door Controllers
What Can Controllers Tell Us?
Web Interface
Hunting Access Servers
Putting it all together