Picking Electronic Locks Using TCP Sequence Prediction

Presented at DEF CON 17 (2009), Aug. 1, 2009, 3:30 p.m. (20 minutes)

As networked building access systems become more and more popular, the security of using RFID, magstripe, and biometrics as authentication mediums is constantly under scrutiny. But what about the security of the access system itself? Is it possible to unlock a door by sending a spoofed command to it over the network, bypassing the need for an authentication medium entirely? (SPOILER ALERT: Yeah, it is.)

Presenters:

• Ricky Lawshae / HeadlessZeke - Network Technician, Texas State University   as Ricky Lawshae
  Ricky Lawshae works as a network technician for Texas State University in beautiful San Marcos, Texas. He has been the technical lead on their electronic building access system for more than three years. Coupled with his life-long passion for hobby-hacking, he has managed to gain a unique perspective on the building access industry as a whole. He is a relative newcomer to the scene, but has no shortage of enthusiasm, and is always willing to talk to anyone about hacking, door access, comic books, or whatever else the beer makes him say. Ricky currently holds both an OSCP and a GPEN certification.

Links:

• https://defcon.org/html/defcon-17/dc-17-speakers.html#Lawshae
• https://infocon.org/cons/DEF CON/DEF CON 17/DEF CON 17 video and slides/DEF CON 17 - Ricky Lawshae - Picking Electronic Locks using TCP Sequence Prediction - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=FouQo03oAFw

Similar Presentations:

• REcon 2010 / Picking Electronic Locks Using TCP Sequence Prediction