Strengths and Weaknesses of (Physical) Access Control Systems

Presented at The Last HOPE (2008), July 20, 2008, 4 p.m. (60 minutes)

Access control systems are widely used in security, from restricting entry to a single room to locking down an entire enterprise. The many different systems available - card readers, biometrics, or even posting a guard to check IDs - each have their own strengths and weaknesses that are often not apparent from the materials each vendor supplies. This talk provides a comprehensive overview of 20 different access control technologies that focuse on weaknesses (particularly little known or not-yet public attacks) and other points that a buyer would not likely get from a vendor. Also presented will be a model for thinking about access control systems in general that will provide a useful framework for evaluating new or obscure technologies.


  • Mike Spindel
    Mike Spindel is a recovering graduate student with a penchant for security research and good bourbon. His interests include distributed systems, MANETs, reverse engineering, and physical access control.
  • Eric Schmiedl
    Eric Schmiedl has spoken at BlackHat 2007, the 2006 Dutch Open, and Defcon 14. He is a member of the TOOOL.US board of directors, maintains a semblance of an undergraduate career at the Massachusetts Institute of Technology, and has been picking locks all his life.


Similar Presentations: