Article 6DPF0 Next-gen OSDP was supposed to make it harder to break in to secure facilities. It failed.

Next-gen OSDP was supposed to make it harder to break in to secure facilities. It failed.

by
Dan Goodin
from Ars Technica - All content on (#6DPF0)
access-control-security-checkpoint-800x5

Enlarge (credit: Getty Images)

Researchers have discovered a suite of vulnerabilities that largely break a next-generation protocol that was designed to prevent the hacking of access control systems used at secure facilities on US military bases and buildings belonging to federal, state, and local governments and private organizations.

The next-generation mechanism, known as Secure Channel, was added about 10 years ago to an open standard known as OSDP, short for the Open Supervised Device Protocol. Like an earlier protocol, known as Wiegand, OSDP provides a framework for connecting card readers, fingerprint scanners, and other types of peripheral devices to control panels that check the collected credentials against a database of valid personnel. When credentials match, the control panel sends a message that opens a door, gate, or other entry system.

Broken before getting out of the gate

OSDP came about in the aftermath of an attack demonstrated in 2008 at the Black Hat security conference. In a talk there, researcher Zac Franken demonstrated a device dubbed Gecko, which was no bigger than a US quarter. When surreptitiously inserted by a would-be intruder into the wiring behind a peripheral device, Gecko performed an adversary-in-the-middle attack that monitors all communications sent to and from the control panel.

Read 33 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments