Explore the vulnerabilities of physical access control systems in this comprehensive conference talk from the Central Ohio InfoSec Summit 2016. Delve into the components of PACS, including access cards and readers, and understand why these deployments are often insecure. Learn about various attack surfaces and exploits, from long-range access card attacks to reader and control panel vulnerabilities. Discover tools like the Tastic RFID Thief and RavenHID, and understand how to hunt for door controllers and access servers. Gain insights into the challenges of securing physical access systems and the long road ahead for improving their security posture.
Overview
Syllabus
Introduction
What Is A Physical Access System?
Why Physical Access Systems?
PACS Components
Access Cards
How credentials are read
The Split Personality of Security
Why PACS deployments are insecure
Attack surfaces and exploits
Access card attacks - Long Range
Design 1 - Tastic RFID Thief
Tastic RFID Thief Output File
Design 2 - RavenHID
Long Range Power
Access card attacks - low tech
Reader attacks - BLEKey
Request to exit device attacks
Access control panel attacks
Hunting Door Controllers
What Can Controllers Tell Us?
Web Interface
Hunting Access Servers
Putting it all together
Long road ahead
