DEF CON 23 - Dennis Maldonado - Are We Really Safe? - Bypassing Access Control Systems

8 років тому

Access control systems are everywhere. They are used to protect everything from residential communities to commercial offices. People depend on these to work properly, but what if I had complete control over your access control solution just by using my phone? Or perhaps I input a secret keypad combination that unlocks your front door? You may not be as secure as you think.
The world relies on access control systems to ensure that secured areas are only accessible to authorized users. Usually, a keypad is the only thing stopping an unauthorized person from accessing the private space behind it. There are many types of access control systems from stand-alone keypads to telephony access control. In this talk, Dennis will be going over how and where access control systems are used. Dennis will walk through and demonstrate the tips and tricks used in bypassing common access control systems. This presentation will include attack methods of all nature including physical attacks, RFID, wireless, telephony, network, and more.
Dennis Maldonado is a Security Consultant at KLC Consulting. His current work includes vulnerability management, penetration testing, infrastructure risk assessment and security research. Dennis’ focus is encompassing all forms information security into an assessment in order to better simulate a real world attack against systems and infrastructure.
As a security researcher and evangelist, Dennis spends his time sharing what he knows about Information Security with anyone willing to learn. Dennis has presented at numerous workshops and meetups in the Houston area. Dennis co-founded Houston Locksport in Houston, Texas where he shares his love for lock-picking physical security.

КОМЕНТАРІ: 109

@Rajivrocks-Ltd. 8 років тому

Yo I really like this guy, he is a breath of fresh air to all the other people that talk on the stage.

@Rajivrocks-Ltd. 8 років тому

yeah but I feel like he does it better though/

@Rajivrocks-Ltd. 8 років тому

Yeah, not enough serious talks about real interesting stuff too much nonsense.

@nicolek4076 8 років тому

+Rajivrocks Ltd. This guy's presentation style is one of the worst of this conference. He has too many verbal tics, he's tiring to listen to - his delivery is staccato, too many wrong choices of word, too much laughing at his own (unfunny) jokes. The content is pretty mundane and he underestimates his audience. This symbol "#" is NOT a "pound". It's a hash or octothorpe. A pound sign looks like this "£".

@Rajivrocks-Ltd. 8 років тому

That is really your own opinion, who are you to judge a performance of someone? and jokes are funny in the eye of the beholder its not the same for everyone. and that useless comment at the end. are you really that pretentious? seems like you're just commenting for no reason other then letting people know that you have a somewhat larger vocabulary then the average user on the internet (at least that's what you think). I might be wrong but that is my take on your comment.

@nicolek4076 8 років тому

Rajivrocks Ltd. My comments are result of many years technical training and training trainers.

@POM4R4NC 8 років тому

very good speaker, pleasure to listen to

@disk0__ 6 років тому

@darkdancerman 8 років тому

I like this guy.

@9000fail 8 років тому

So funny. great talk

@BrianDixonFTM 8 років тому

Dennis Maldonado, I have watched many many DEFCON videos, yours was awesome. I was cracking up and you had my attention the entire time. Good job man! I am sure being in front of all those people is nerve racking all on its on. I enjoyed it!

@hellterminator 8 років тому

Wow. He really got drunk from that shot. :D

@tobiashenriksen7068 7 років тому

One of the best presentations I have seen yet - nice job Dennis. :)

@RoSi4You 8 років тому

Gooooooooood speaker! Hoping to see You @24

@jaroslavhromatka3257 7 років тому

Great talk, man. Nice to see somebody comming out and pointing at the flaws of access control systems. These devices are developed without any thought going into securing the control mechanisms that messing with them almost doesn't qualify as hacking.:D You are just using it's features... :D (not trying to undermine this talk, just stating that developers of ACS should really get their s**t together)... And yeah, until then, guys, use just serial connection for this - don't use serial-to-ethernet - doing so means inviting anyone in...

@vladotos 8 років тому

Great speaker :D

@P4ulyAnon 8 років тому

Great speaker, interesting and easy to understand topic! Hope to hear more of this guy and I'm going to download his tool asap.

@Uneke 4 роки тому

With those 500s and 1000s If you call the box’s phone line while dialing it out, it’ll auto pick up your incoming call and you can press 9 on you phone and it’ll open it. This method tricks it into thinking it’s called up and a tenant has answered

@tommydags1 6 років тому

He doesn't remember what happened after he got off the stage lol Such a great talk, so informative AND entertaining. True young professional. Love it man, need more people like this. Confident, tech savvy, clever, and organized, a few jokes, and you got a great DEFCON talk. Love this community

@timkennedy6358 8 років тому

This was an amazing speech, super fun to listen to and try out haha.

@jodelboy 8 років тому

Great talk(er)!

@rogerwilco2 8 років тому

I liked this talk and the speaker.

@xapemanx 8 років тому

This guy is great lol

@SnapcrackerzTeam 8 років тому

good talk

@jav20a 8 років тому

Awesome talk, plus I think this guy got drunk with that shot lol

@renakunisaki 5 років тому

Note, his Twitter is @DennisMald, not @DennisMaid.

@itzSpoke 8 років тому

Dude, this open bottle of water stresses the heck out of me...

@thewatcher_476 8 років тому

+Spoke same. Like "dude don't put an opened bottle of water next to your computer!"... XD

@qtpie2630 5 років тому

you have ocd

@rolfs2165 5 років тому

The way he's placed the bottle, it will fall away from his laptop. I did some amateur theatre tech and was taught this on the first day, to always put my drink behind the mixer. So if it falls over, you'll get some wet cables, but don't drown the expensive stuff.

@TimHoekstra 8 років тому

So secure it makes hacknet look like a simulator. Good work!

@irae9 Рік тому

I wonder how much of this is still relevant. Espec the part about connecting these devices to the internet..since there's still a lot of people connecting things to the internet willy nilly without thinking about the security implications of that. Plugging access control systems to the internet when they already have the ability to be directly managed by a PC seems pointless? Just connect it via serial to a PC on-site, then set up remote access to that management PC. That way you get much better options for access control, since then you're looking at securing access to a regular PC, rather than just some basic device designed to do one thing.

@kkeithf 8 місяців тому

This is the kind of kid that should be president

@d74g0n 8 років тому

moar defcon!

@ShesSometimesDoubleChocolate 6 років тому

"Moar"? Huh, what?

@jackkraken3888 8 років тому

Dennis was great, and that access system really sucks a**.

@sbsftw4232 3 роки тому

I'm just here cuz I'm a delivery driver and I'm sick of customers not giving me gate codes.

@leechowning2712 Рік тому

Look up Deviant This is your key here on YT. It is a whole discussion on master keys, and you will get a lot done.

@KarstCoffee 8 років тому

This guy has some excellent public speaking skills. Great presentation for sure.

@sbsftw4232 3 роки тому

Why don't the devices have the ip kit installed by default? Just have an Ethernet port as part of the existing boards in the box.

@kaceesavage 2 роки тому

Has any of this changed up till now?

@BimbusBucklenuts 7 років тому

Nortek has an older panel called Max 3 and it uses Hub Manager Pro (8.1) as the PC head end software. it is also password protected to log into the program, but you can replace the password files with a default password file and it leaves the fob and user databases in-tact. When you're done, you can replace the password files with the one you don't know the password to. The default password is HUBMAN.

@agustindelanda5791 7 років тому

Good presentation, question, did you try using a connection through the Phone Line ?

@HDReMaster 8 років тому

I FREAKIN' LOVE DEFCON!!!!! SCIENCE BITCH

@ShesSometimesDoubleChocolate 6 років тому

What's the name of your science bitch, Schwaa?

@brashcrab Рік тому

benson & hedges

@asroneightyseven3854 5 років тому

Anyone notice the fastest DefCon speaker is wearing a sloth shirt? He's easily one of my top 5 five DefCon speakers. I hope to see him there for 2019.

@oetken007 7 років тому

How is it possible that some piece of shit like this can be on the market? Does nobody else a kid test these devices? Is no official certification needed for security devices in the US? Unbelievable! Edit: Great talk Dennis, thank you!

@jaroslavhromatka3257 7 років тому

Companies that develop ACS hardly look at securing the device itself and usually don't even have any network guys. And as Mr. Maldonado said during the presentation - customers usually look for the lowest bidding contractor and those usually don't know s**t about network security either... they are just random guys thinking:"yeah, this is so easy to install, let's sell it to anyone..."

@christianbarnay2499 5 років тому

Problem is even if you hire the best contractor who will change the password and physical lock, the stupid firmware will cancel all that work when it decides to run unauthenticated commands (just not giving feedback but still doing the job) to change back the password to default, allow new devices or access codes, or just simply direct door control commands. This "security" firmware is flawed by design. And the company that makes it and uses it in costly "security solutions" needs to face a class action from fooled customers.

@MarkTillotson 5 років тому

It seems that every single decision they made about securing the device they took the wrong path. Not fit for purpose. Anything about that isn't piss-awful? Security theatre only.

@stumm3r 5 років тому

until recently most access control units weren't networked onto main network systems they would sit alone on there own network ,As things have changed no one seems to have taken this into account, its embarrassing

@ruzaesp9023 8 років тому

25:48 What is the python code? I mean the script

@dennismaldonado9830 8 років тому

github.com/linuz/Access-Control-Attack-Tool Still needs lots of work!

@ruzaesp9023 8 років тому

Dennis Maldonado Thanks!

@ShesSometimesDoubleChocolate 6 років тому

They would not make me take that alcoholic drink!

@chrisk2673 6 років тому

He did well, It would be such a feat to perform as he did the first time. For me at least.

@WhoWantsToKnow81 5 років тому

When he said the password can only be 6 numbers (and only numbers), and additionally that there is an unlimited number of tries, I nearly blew my load

@adrenaline19 8 років тому

That's fucking hilarious

@joblessalex 6 років тому

I can confirm shapeways steel key is about $15

@zefftrus9825 2 роки тому

What was the name of the key

@NolePTR 7 років тому

The data is reversed because it's in Little-Endian 14:00 .. But why they store ASCII strings as "little-endian" is beyond me. Hell, why do they even store numbers-only passwords as strings?

@renzohernandez3596 7 років тому

wtf happen to the audio???

@ShesSometimesDoubleChocolate 6 років тому

You tripped on your speaker cable.

@TinKoRlol 8 років тому

So you can earn money by developing security mechanisms which aren't secure. Hilarious. Loved your talk, keep going!

@kd1s 6 років тому

Oh access control systems are fun. They're similar in many ways to alarm systems and as such use a cheap ass processor like a Z80 or a 6502.

@nikanj 7 років тому

How are these security systems so flawed? Why do they hire people who don't care to design them then hire competent people to pen test them. Why not just hire the competent people to design them in the first place?

@MorbusSchmorbus 6 років тому

even some random sps and being crafty could do a better job...

@MarkTillotson 5 років тому

The reason is some company that makes solenoids and door locks thinks they are a software company with security expertese on the basis of someone they hire can write code and someone else is an EE. Hey we can make a door entry system! How hard can it be??! No research, no hiring security consultants (or if they do the managers just ignore the report because they are plonkers (not uncommon?)). Probably never even heard of pen-testing...