Building Access Security Research

I’ve been researching a lot of contactless payment, and authentication stuff for work, and thought I’d share some of the most interesting links. This post will focus on building access.

Building access

It seems like many building access keycard systems are pretty weak in terms of security. Essentially, many of them present an ID code that is checked against a database. If you can copy that code you can clone the card (replay attack). Also most of them use something called Wiegand signalling as their output which is just a protocol to decode, so if you can tap in, you can sniff or inject stuff pretty easily. There are more secure systems out there that use a cryptographic exchange, but the insecure systems are in abundance!

getksi.com blog — This is a company that sells a more secure building access system, so they’ve done a lot of competitive research about vulnerabilities of common building access systems.

bishopfox.com — Security consulting firm. hacked a long range reader to steal ID’s. Essentially used an arduino to listen in on the Wiegand output.

Jonathan Westhues — EE and software guy did a lot of reverse engineering of some badge signals, later created a whole platform for reading and spoofing badges.