Breaking Access Controls with BLEKey

Presented at Black Hat USA 2015, Aug. 6, 2015, 11 a.m. (50 minutes)

RFID access controls are broken. In this talk, we will demonstrate how to break into buildings using open-source hardware we are releasing.

Over the years, we have seen research pointing to deficiencies in every aspect of access control systems: the cards, the readers, and the backend. Yet, despite these revelations, there has been no meaningful change in their design or reduction in use around the world. Do these companies not care about physical security, or do they not understand the implications of these weaknesses?

We have improved upon previous research with an open-source hardware device that exploits the communication protocol used by the majority of access control systems today. Using a tiny device that can be easily embedded in an RFID reader, attendees will learn how to use Bluetooth LE and a cell phone (or PC) to circumvent access controls, log access information, and clone RFID cards.

Our goal is to use this device to help those relying on insecure devices understand the risks. We will also explain what can be done to lower the risk of access control attacks.

Presenters:

• Mark Baseggio - Accuvant
  Mark Baseggio is a Principal Consultant on Accuvant's Attack and Pen team and is based out of Toronto, Canada. The team specializes in network penetration testing, vulnerability assessments, physical assessments, and social engineering. Mark has been with Accuvant LABS Attack and Pen team for nearly three years, and in this time has had the opportunity to perform assessments for clients in Asia, Europe, and North America. Prior to Accuvant, Mark worked for several local security firms in Toronto. In his spare time, Mark likes to tinker with electronics and has been known to thoroughly enjoy an IPA (preferably while listening to jam bands). Mark has previously presented at the Sector and B-Sides Toronto security conferences on physical assessments, social engineering, RFID, and hardware hacking. Mark also holds the GWAPT certification from SANS.
• Eric Evenchick
  Eric Evenchick is a freelance embedded systems developer. While studying electrical engineering at the University of Waterloo, he worked with the University of Waterloo Alternative Fuels Team to design and build a hydrogen electric vehicle for the EcoCAR Advanced Vehicle Technology Competition. Eric has also worked on automotive firmware at Tesla Motors, and is a contributor for Hackaday.com.

Links:

• https://www.blackhat.com/us-15/briefings.html#breaking-access-controls-with-blekey
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2015/video/Black Hat USA 2015 - Breaking Access Controls With BLEKey.srt (subtitles)
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2015/video/Black Hat USA 2015 - Breaking Access Controls With BLEKey.mp4
• https://www.youtube.com/watch?v=iH7VPUNz-dU
• https://www.blackhat.com/docs/us-15/materials/us-15-Evenchick-Breaking-Access-Controls-With-BLEKey.pdf
• https://www.blackhat.com/docs/us-15/materials/us-15-Evenchick-Breaking-Access-Controls-With-BLEKey-wp.pdf

Similar Presentations:

• Black Hat Europe 2015 / Breaking Access Controls with BLEKey
• Kawaiicon (2019) / Physical Access Control on Sesame Street
• CarolinaCon 13 (2017) / RFID is dead; long live RFID!