DefCon Presenter Uses Networks To Unlock Doors
By Doug Caverly
Network users and managers have, unfortunately, been given yet another reason to be nervous. On the final day of last week's DefCon Hacking Conference, one man demonstrated a novel and rather intimidating way of gaining access to a place.
Kim Zetter reported that Ricky Lawshae "found that he could crack one electronic access system at the network control level and simply open a door with a spoofed command sent over the network, eliminating the need for an access card. He could do it while bypassing the audit log, so the system wouldn't see that someone opened the door."
Which means that a hacker could, instead of stealing just some data, take anything and everything he wanted from an actual, physical facility.
Anyway, the specific setup Lawshae tested was "CBORD's Squadron access control system used with HID Global's V1000 door controller," and a non-random number sequence provided his way in.
CBORD is supposed to be working on an update, so hopefully the main problem will be addressed soon enough. But people with ties to similar networks (which are generally used at places like colleges and hospitals) may want to make sure that they're not susceptible to the same vulnerability.
One last important note: Lawshae works as a network technician for Texas State University, so there's litle need to worry about him using this approach in an illegal manner, at least.
About the Author:
Doug is a staff writer for WebProNews.
Visit WebProNews for the latest eBusiness news.
NetworkNewzis an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
archives | advertising info | news headlines | newsletters | comments/feedback | submit article