Description: RFID Treehouse of Horror
Hacking City-Wide Access Control Systems
In this lecture, we present a black-box analysis of an electronic contact-less system that has been steadily
replacing a conventional mechanical key on multi-party
houses in a big European city. So far, there are est. 10.000 installations of the electronic system. The mechanical key has been introduced about 40 years ago to allow mail delivery services to access multi-party houses but has since then aggregated many additional users, such as garbage collection, police, fire brigade and other emergency services. Over 92% of residential buildings in this city are equipped with such a solution.
We have found several vulnerabilities in the new system caused by the design, technology used, organization, and its implementation. We have further shown that the new system is circumventable with little costs (not higher than the old key is sold under the counter). To acquire keys samples we packed an active mid-range RFID reader with a battery pack into a parcel and send it via post. On its way, the reader wirelessly collected the key(s) of the handling personnel. As a side project, we also present security shortcomings in other access control systems and electronic purse solutions.
For More Information please visit : - https://events.ccc.de/congress/2013/wiki/Main_Page
Tags: securitytube , hacking , hackers , information security , convention , computer security , 30c3 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.