Physical Security Lacks Physical Security
I can’t believe that these systems have such a horrible design!
Basically, these guys showed how you can inject a tiny device that can record the data that the scanner reads in such that you can create devices to replay it later.
2 Screws, 1 Plastic Cover, How Many Airports Infiltrated?
besides a meat cleaver or, in the case of your eyeballs, a soup spoon, these systems are all laughably easy to bypass, thanks to a primitive protocol called Wiegand that just about all ACSes (access control systems) have inherited.
At the Defcon hackers conference here on Aug. 4, Zac Franken laid out on a table the components typical of a physical proximity card system, the essential elements of which, at least when you’re talking about the way the ACS decides whether or not to let you in, are the same as a biometrics system. (Franken manages an IT company in London. Like many Defcon presenters, he asked for restricted identification.)
And then Franken proceeded to demonstrate how $10 worth of hardware will enable you to stick a quick connect microprocessor on a spliced wire, and flip the switch on whether the ACS thinks you’ve got access rights. The quick connect device contains a small, programmable microcontroller called a PIC chip. In a nutshell, pop the plastic cover, pull the wire, snip, snip, snap on your quick connect, seal it up, pass your proximity card, green blink, and—bzzzzt—you’re in.