Friday, October 30, 2015

Security Director Alert - 80% Chance Your Card Key System Can Be Bypassed

A device the size of a quarter that can be installed in 60 seconds on a proximity card reader could potentially be used to break physical access controls in 80 percent of deployments.

The device, dubbed BLEKey, is used to read cleartext data sent from card readers to door controllers to either clone cards or feed that data to a mobile application that can be used to unlock doors at any number of installations.

The hack unveiled at Black Hat is worrisome for facilities reliant on proximity cards and readers for access to buildings in critical industries or enterprises. Researchers Eric Evenchick, an embedded systems architect at electric car manufacturer Faraday Future, and Mark Baseggio, a managing principal consultant at Optiv (formerly Accuvant), used the ubiquitous HID cards and readers in a number of successful demos during their talk, but said that it’s likely the same weaknesses that facilitate their attacks are present in devices from other manufacturers. more video

Really Scary: 29:35 minutes into the video they explain how to make a card-key interceptor, stick it into a back pack, go to the target workplace, get in an elevator with employees (or just close to one of them), secretly read everyone's cards, and make a clone card.
Happy Halloween ~Kevin