2025-08-10 –, Delphinus
Language: English
Building entrance systems for prisons, hospitals an tv studio's should be secure. But is this really the case?
After "Knock knock who's there 1.0" at MCH2022, we will again look at some high-tech lockpicking, this time at more sensitive locations. The responsible disclosure is a tale of it's own! And why exactly is a 3-letter agency in the US interested in the disclosure?
Feeling safe at home and at work is one of the most basic requirements for living. Part of being, and feeling, safe is the physical access system of the building.
Since the last talk at MCH2022 more building entrance systems have been researched. The findings will be presented in this talk. And these findings have led to multiple CVE's and the discovery of single DES encryption and Mifare classic access card systems.
One manufacturer who makes building entrance systems used at very sensitive objects such as tv studio's and airports managed to leak the private key of a CA they use to manage the building access.
In another case we were able to generate license key files under the name of a very well known person.
In all cases we will look at the vulnerability disclosure and how to make sure you do not end up in prison (although with these locks....)
Jeroen is a technical consultant with a background in electrical engineering and security. He started his consultancy business "CloudAware" located in The Hague in 2002. His consultancy business has been active in a wide spectrum of technologies ranging from signal intelligence to cloud services.
In the last couple of years CloudAware has been particularly active in the field of cyber security.
Jeroen publishes regularly on the blog of CloudAware: https://cloudaware.eu