back

RFID Treehouse of Horror

Hacking City-Wide Access Control Systems

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:58:59
Language
English
Abstract
In this lecture, we present a black-box analysis of an electronic contact-less system that has been steadily
replacing a conventional mechanical key on multi-party
houses in a big European city. So far, there are est. 10.000 installations of the electronic system. The mechanical key has been introduced about 40 years ago to allow mail delivery services to access multi-party houses but has since then aggregated many additional users, such as garbage collection, police, fire brigade and other emergency services. Over 92% of residential buildings in this city are equipped with such a solution.

We have found several vulnerabilities in the new system caused by the design, technology used, organization, and its implementation. We have further shown that the new system is circumventable with little costs (not higher than the old key is sold under the counter).

To acquire keys samples we packed an active mid-range RFID reader with a battery pack into a parcel and send it via post. On its way, the reader wirelessly collected the key(s) of the handling personnel.

As a side project, we also present security shortcomings in other access control systems and electronic purse solutions.

Talk ID
5334
Event:
30C3
Day
3
Room
Saal 2
Start
2 p.m.
Duration
01:00:00
Track
Security & Safety
Type of
lecture
Speaker
Adrian Dabrowski
Talk Slug & media link
30C3_-_5334_-_en_-_saal_2_-_201312291400_-_rfid_treehouse_of_horror_-_adrian_dabrowski
English
0.0% Checking done0.0%
0.0% Syncing done0.0%
10.8% Transcribing done10.8%
89.2% Nothing done yet89.2%
  

Work on this video on Amara!

English: Transcribed until

Last revision: 7 months, 3 weeks ago