Access Control Exploits: Risky PIRs?

Author: Brian Rhodes, Published on Dec 09, 2012

A panicked end user called us this week about a surprisingly simple way their access control system was compromised. After they shared the details, it became clear that almost any electronic access control system can be impacted. Even though the fix is simple, your systems may be at risk. In the note below, we share the details and the recommended solution.

The Target

*** *** ****, *** **** * ****** ** ****/****** ***** in ***** *********, ****** * ****** ***** ***** * ******* secured **** *** ************* **** ** **** ***** ***** ******* any ******** *****, **** ***********, ** *********. ********** ***** **** should **** **** *** **** ****** ***** ***** **** *** locked, *** *** **** *** **** ** ****** *** ****** it.

**** *** **** *********, ************ *** ************ ****** **** *** building *** ********. ** **** *****, ***** *** **** ******** by * ******** ********* ***** ****** ******* ** ** ******. Alarm ****** *******, ****** **** ******* ********** ** *** *****, and *** ***** *** ******* **********.

*** ******** *********** ************ *** ******** *******, ******* ** ********** how *** ***** *** ********. ***** ******** **** ******** ** how ****** *** ******* *** ** ***** ***, *** *** a **** ****** ** ***** ***** ** ** **** ********** of ***** ****** ******** **.

The *******

*** ***** ******** ** * ***** **** ***** ********** *** homeless ***** **** ****** ** **** ****** ** *****. ** this *****, * ******** ********** *** ******** ** * ***** of ********* **** ******* *** ********** *******. **** ****** *** able ** ***** **** ********* ***** *** **** *****, **** the ****** ****. ******* **** **** *** ***** ******* **** a *******, ***** **** ******** ** **** * '******* ** exit' *** ******* ***** *** ****** **** *****, ** *** maglock ******** ** ** ********* ****** *********.

**** ***, ***** **** *** ****** ******** ******* *** ****, was ******* ** *** ****-*********** ****** ***** ** ********* **** under *** ****. *** ** *** *********'* ******** ** **** and ****** ** *** **** *****, *** *** ****** *** tripped *** ******** *** *******. **** ** **** **** *** door *********, *** *** ******** ********** *** **** ** ***** the ***** ********. *** ***** ***** ** * ******** ************* of * *******/*** ***:

rte pir

*** **** ***** ** *** ******* ******* ************** *** *** - ** ****, *** ****** ********** exactly ** ** ****** ****. *** **** ***** *** *********** to ** *** ********* ***** ******** ** *** *********:

*. *** **** *** *** ************ ******* ** * **** after *****, ** ******* ********** ********. ** *** **** ***** had ****** ****** *** **** ** ********, ** ***** *** have **** ********* ****** ***-********* *****.

*. *** ****** **** *****/********* *** *** ******** ******** *** permitted *** ********* ** ** ******** **** * *** ***. While ** ***** **** * ***** ***** ** *******-*********, *** bottom **** ***** ****** *** *** *** **** ******* ***** like *****, *********, ** ***** ***** **** ******** *** ******* area.

The ********

*** ******** *** *******, *** ******* *********** * ****** ** changes **** ******* ****** ******. *****, *** ****** **** ****** were ******** *** ******** ** ******* *** ****, *** *** access ******* ****** *** ************ ** ****-*** *** *** *** during ********** *****.

******* *** **** ** ******** ** *** ** ******** ********, an ********* ****, *** ** *** **** ** ** ********** with ******** ****** '****** *****', ****** ******* *** *** *** during ********* ***** ** *** * ******* *** *** **** signed *** ** *** ***** **** *******. ** ********, *** customer *** ******** ** ******* ********** '**** ******' ********* **** releases ** ********** ********* ****.

The ****** *******

***** *** *** **** *********** ** **** ** * ****** of **** *****, ** *** ************* ********** *** ***** **** been **** ******. *** **** ** *** *** ***** ****** out ** ** **** **** $** ** **** *********** *** less **** * ******* ** ************* ******* ** *** ****** control ******.

******* *** ***** ****, *** ***** ****** ** * ******** that *** ******** *** ** ******* **** ****** *********** *** hardware **********. ******* **** ********** ******* ***** ** **** ** any ****** ******* ******, ** ** ********** ***** ********** ****** becoming ** *****.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Access Control

Higher Power PoE 802.3bt Ratified, Impact on Security Products Examined on Oct 12, 2018
Power over Ethernet has become one of the most popular features of many video, access, and other security products. See our PoE for IP Video...
Door Hinges Guide on Oct 10, 2018
Some of the trickiest access control problems are caused by bad door hinges. From doors not closing right, to locks not locking, worn or warped...
Security System Health Monitoring Usage Statistics 2018 on Oct 09, 2018
How well and quickly do integrators know if devices are offline or broken? New IPVM statistics show that typically no health monitoring is...
UTC Merges Lenel and S2, Creates LenelS2 on Oct 03, 2018
UTC has completed the acquisition of S2, launching literally Lenel's2 LenelS2 with UTC declaring that "LenelS2 unites two world-class teams with...
Anti-Tailgating Startup: Spyfloor on Oct 03, 2018
A Canadian startup, Spyfloor, is using a different approach to warn against tailgating, a common access control problem. By counting feet,...
VMS Mobile App Shootout - Avigilon, Dahua, Exacq, Genetec, Hikvision, Milestone on Oct 01, 2018
Mobile VMS apps are a critical interface for the modern surveillance user. But who does it best and worst? We tested 6 manufacturers - Avigilon,...
Favorite Power Supply Manufacturer 2018 on Sep 28, 2018
While power supplies are becoming less important as PoE matures, they remain vital to access control systems, where increased power for locks,...
AHJ / Authority Having Jurisdiction Tutorial on Sep 27, 2018
One of the most powerful yet often underappreciated characters in all of physical security is the Authority Having Jurisdiction (AHJ). Often,...
Access Control Lock Guide on Sep 26, 2018
In this guide, we examine locks; critical elements of any security system and fundamental parts of every access control system. Two fundamental...
Favorite Access Control Reader Manufacturer 2018 on Sep 25, 2018
Favorite reader votes are in, and it is not close. A global access giant ran away with the votes in a one-sided contest. But for many, the...

Most Recent Industry Reports

Knightscope Winning Investors, Struggling With Growth on Oct 16, 2018
While Knightscope's new financials show the company only winning 11 new customers in the past 12 months, the company continues to win new...
Integrator Laptop Guide on Oct 16, 2018
This 18-page guide provides guidance and statistics about integrator laptop use. 150 integrators explained to IPVM in detail about their laptops,...
Huawei Admits AI "Bubble" on Oct 16, 2018
A fascinating article from the Chinese government's Global Times: Huawei’s AI ambition to reshape industries. While the Global Times talks about...
ADI's Financials Revealed + W-Box Growth Priority on Oct 15, 2018
  ADI is one of the most powerful distributors in the security industry but how big are they? How much profit do they make? How much do they sell...
Amazon Touts Home Security Market Disruption on Oct 15, 2018
Amazon is coming for ADT and all of home security. Indeed, Amazon is advertising this as, in their own words, calling home security a: Inside...
Higher Power PoE 802.3bt Ratified, Impact on Security Products Examined on Oct 12, 2018
Power over Ethernet has become one of the most popular features of many video, access, and other security products. See our PoE for IP Video...
"New Zealand Govt Uses Chinese Cameras Banned In US", Considers Security Audit on Oct 12, 2018
Newsroom NZ has issued a report: "NZ Govt uses Chinese cameras banned in US": This comes after the US federal government banned purchases of...
Mysterious Patent Troll 'Secure Cam' Targets Industry, Sues Hanwha, Hikvison, JCI, Panasonic, More on Oct 11, 2018
A company named "Secure Cam," who is actively hiding their ownership, has acquired a slew of video patents and is systematically suing video...
Unfixed Critical Vulnerability In Millions of XiongMai Devices Disclosed on Oct 10, 2018
XiongMai, one of the biggest OEMs alongside Dahua and Hikvision, has suffered a critical vulnerability impacting millions of their devices. This...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact