Digital Skeleton Keys - We’ve got a bone to pick with offline Access Control Systems

Talk by Miana (She/Her)

Saturday from 12:00 PM - 12:40 PM in Stage A

Offline RFID systems rely on data stored within the key to control access and configuration. But what if a key lies? What if we can make the system trust those lies? Well then we can do some real spooky things… This is the story of how a strange repeating data pattern turned into a skeleton key that can open an entire range of RFID access control products in seconds. It’s a scrappy but scary hack that spawned from something we noticed whilst trying to duplicate an access card onto a subdermal RFID implant. This covers the discovery of the flaw, how we investigated it, and how significant the flaws ended up being.

If you would like to mark this as a favourite please log in.

 

Return to: