Auf dieser Website werden Cookies u.a. für Werbezwecke, Zwecke in Verbindung mit Social Media sowie für analytische Zwecke eingesetzt. Klicken Sie bitte hier, um anzuzeigen, welche Cookies eingesetzt werden und wie Sie Änderungen an Ihren Cookie-Einstellungen vornehmen können. Wenn Sie weiter auf der Website surfen, erklären Sie sich mit dem Einsatz von Cookies und der Datenschutzrichtlinie einverstanden.

NuoViso NuoViso

Mehr sehen als anderswo

RFID Treehouse of Horror

vor 5 Jahren

RFID Treehouse of Horror
Hacking City-Wide Access Control Systems

In this lecture, we present a black-box analysis of an electronic contact-less system that has been steadily
replacing a conventional mechanical key on multi-party
houses in a big European city. So far, there are est. 10.000 installations of the electronic system. The mechanical key has been introduced about 40 years ago to allow mail delivery services to access multi-party houses but has since then aggregated many additional users, such as garbage collection, police, fire brigade and other emergency services. Over 92% of residential buildings in this city are equipped with such a solution.
We have found several vulnerabilities in the new system caused by the design, technology used, organization, and its implementation. We have further shown that the new system is circumventable with little costs (not higher than the old key is sold under the counter). To acquire keys samples we packed an active mid-range RFID reader with a battery pack into a parcel and send it via post. On its way, the reader wirelessly collected the key(s) of the handling personnel. As a side project, we also present security shortcomings in other access control systems and electronic purse solutions.

Speaker: Adrian Dabrowski
EventID: 5334
Event: 30th Chaos Communication Congress [30c3] by the Chaos Computer Club [CCC]
Location: Congress Centrum Hamburg (CCH); Am Dammtor; Marseiller Straße; 20355 Hamburg; Germany
Language: english
Begin: Sun, 12/29/2013 14:00:00 +01:00
Lizenz: CC-by