Are We Really Safe? - Bypassing Access Control Systems

Presented at DEF CON 23 (2015), Aug. 8, 2015, noon (60 minutes)

Access control systems are everywhere. They are used to protect everything from residential communities to commercial offices. People depend on these to work properly, but what if I had complete control over your access control solution just by using my phone? Or perhaps I input a secret keypad combination that unlocks your front door? You may not be as secure as you think. The world relies on access control systems to ensure that secured areas are only accessible to authorized users. Usually, a keypad is the only thing stopping an unauthorized person from accessing the private space behind it. There are many types of access control systems from stand-alone keypads to telephony access control. In this talk, Dennis will be going over how and where access control systems are used. Dennis will walk through and demonstrate the tips and tricks used in bypassing common access control systems. This presentation will include attack methods of all nature including physical attacks, RFID, wireless, telephony, network, and more.

Presenters:

• Dennis Maldonado / Linuz - Security Consultant - KLC Consulting   as Dennis Maldonado
  Dennis Maldonado is a Security Consultant at KLC Consulting. His current work includes vulnerability management, penetration testing, infrastructure risk assessment and security research. Dennis’ focus is encompassing all forms information security into an assessment in order to better simulate a real world attack against systems and infrastructure. As a security researcher and evangelist, Dennis spends his time sharing what he knows about Information Security with anyone willing to learn. Dennis has presented at numerous workshops and meetups in the Houston area. Dennis co-founded Houston Locksport in Houston, Texas where he shares his love for lock-picking physical security. Twitter: @DennisMald

Links:

• https://defcon.org/html/defcon-23/dc-23-speakers.html#Maldonado
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 slides/DEF CON 23 - Dennis Maldonado - Are We Really Safe - Bypassing Access Control Systems - Slides.mp4
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 video/DEF CON 23 - Dennis Maldonado - Are We Really Safe - Bypassing Access Control Systems - Video.mp4
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 slides/DEF CON 23 - Dennis Maldonado - Are We Really Safe - Bypassing Access Control Systems - Slides.srt (subtitles)
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 video and slides/DEF CON 23 - Dennis Maldonado - Are We Really Safe - Bypassing Access Control Systems - Video and Slides.srt (subtitles)
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 video/DEF CON 23 - Dennis Maldonado - Are We Really Safe - Bypassing Access Control Systems - Video.srt (subtitles)
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 video and slides/DEF CON 23 - Dennis Maldonado - Are We Really Safe - Bypassing Access Control Systems - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=-cZ7eDV2n5Y

Similar Presentations:

• ToorCon San Diego 18 (2016) / R&D report: how to test access control before your IT inadvertently breaks
• BSidesSF 2016 / Access Control in 2016 - deep dive
• DEF CON 15 (2007) / Biometric and token based access control systems: Are you protected by two screws and a plastic cover? Probably.