New Video from @BlackHatOfficialYT: Expert Shares Insights on Bypassing Physical Access Control Systems and RFID Readers

In this captivating presentation, Julius Dunuk, a cybersecurity specialist at Securing, shares his knowledge and experiences in bypassing physical access control systems and RFID readers. Julius begins by emphasizing the importance of considering the entire security system, not just RFID readers and locks, to identify potential vulnerabilities.

One of the first examples he provides is the use of an under-door tool to open a door without a handle on his side. Using this tool, he manages to grab the handle on the other side of the door and open it, completely ignoring the nearby RFID reader. This example illustrates how simple solutions can sometimes be more effective than complex technological attacks.

Julius then explains the basics of RFID technology, which is used for tracking clothing, contactless payments, and access control systems, among other things. He mentions more unusual uses, such as coffee filters with RFID tags to prevent the use of non-original filters, or road signs equipped with RFID to locate them in case of theft.

The presentation then focuses on cloning RFID cards. Julius explains that cloning is sometimes possible, especially if the system is not very secure or if employees leave their cards unattended. However, he emphasizes that not all systems are as easy to hack, especially those using cards with non-standard encryption keys.

Julius divides access control systems into two types: standalone RFID locks and systems with controllers. For standalone locks, he demonstrates how to add and remove cards using a specific management card or a default PIN code. He also discovers a vulnerability where a card with a specific identifier (all bits set to 1) can always open the lock, even after being removed from the system.

Another method he explores is the use of an electromagnetic pulse (EMP) generator to disrupt the locks. Although this method can sometimes open the locks, it is also risky as it can damage the hardware. Julius advises against its use due to its unpredictable nature.

For systems with controllers, Julius focuses on the Wiegand protocol, often used for communication between the reader and the controller. He demonstrates how to intercept this communication to obtain the card identifier in plain text, even if the card uses complex encryption. Using a tool called "theic," he manages to read the card data and open the door remotely.

Julius also explores the possibility of cloning a secure card using a less secure card, an attack known as a "downgrade attack." By exploiting legacy settings enabled on the reader, he manages to write the decrypted identifier of the secure card onto an unsecured card and use it to open the door.

The presentation concludes with practical advice for securing access control systems, such as using controllers in secure areas, updating the firmware of readers, and disabling legacy identifiers. Julius emphasizes the importance of considering the entire security system and not focusing solely on RFID readers.

In conclusion, this presentation offers a fascinating overview of the vulnerabilities in physical access control systems and methods to exploit them. It highlights the importance of physical security and awareness to protect critical infrastructure.