Hacker at the door (I hope HID does slap me with a restraining order for reprinting this)
Joel Rakow has a fun newsletter. He authorized me to reprint this story. If you want to get on his mailing list, drop him a note at firstname.lastname@example.org
Many security professionals are concerned about IP access control readers being a source of vulnerability. Think about it: A network device on the unsecured side of every door. Remove the cover and you have direct access to the enterprise network. The assumption is that card readers based on the Weigand protocol…you know those HID readers..are secure. If you are one-of those consider the following hack:
Use a proximity card in combination with a small PIC micro-controller chip (a Programmable Intelligent Computer chip). Embed a program in the chip this requests a display of the code on the card of the last card holder that gained access. The PIC chip is spliced between one of three wire lines on the backside of a Wiegand reader. The entire manufacturing cost of the PIC device and wires is less than $3. This hack can also be used to lock all of the doors so that nobody can gain access. , wires to outsmart the Wiegand-based readers communications standard, allowing him to gain access to restricted areas protected by the readers. Franken says he spent 12 hours working on his method, which included
Embed a program onto and programming was about $3. The program is written to replay the code on the card of the card-holder who most recently gained access.
This hack is outlined here to help both security professionals and manufacturers maintain security. Manufacturers need to prevent such simple hacks and professionals need to deploy readers knowing how they might be vulnerable.
Follow this link for the complete story.