Presented at
DEF CON 16 (2008),
Aug. 9, 2008, 3 p.m.
(50 minutes).
This year new shiny toys are abound, as I'll tell you about the credentials in your wallet, and even in you. How secure (or not) they are and a few ways to duplicate / replicate /emulate them.
Last year at Defcon 15 I had a bit of a chat with you guys and gave you an overview of access control systems, told you of their common flaw, and showed you some cool toys that exploit it. This year, from the humble magnetic stripe card to the modern hand geometry scanner, I will take you through some simple (and not so simple) ways to get in, so you can try and keep them out.
Physical access control systems are shockingly vulnerable. As far as I am concerned most have the security equivalence of a "Please keep off the grass" sign.
Take that "Please keep off the grass" sign, add poor implementation, bad products, and a security industry that charges extra for any security whatsoever, poor locks that are pickable/bumpable, add accountants that nickel and dime their organization's security budget (because it doesn't have to be secure, it just has to enable them to tick a box in their corporate filings), and you end up with a sign that says "eep ass" which only delays an intruder in as much, as they briefly stop to ponder WTF you meant by the sign in the first place.
Why are you here? Why aren't you at home on the porch with a shotgun protecting your property?!
Wait a minute...... Why am I here?!
Presenters:
-
Zac Franken
- Security Researcher
Zac Franken is an independent security researcher based in London, currently looking at physical access control systems. When he is not speaking at Defcon, he is running Defcon operations, I.E. losing his mind because of YOU! Or speaking at other security conferences around the world.
Links:
Similar Presentations: