Access Control Exploits: Risky PIRs?

By Brian Rhodes, Published Dec 09, 2012, 07:00pm EST (Info+)

A panicked end user called us this week about a surprisingly simple way their access control system was compromised. After they shared the details, it became clear that almost any electronic access control system can be impacted. Even though the fix is simple, your systems may be at risk. In the note below, we share the details and the recommended solution.

The Target

*** *** ****, *** **** * series ** ****/****** ***** ** ***** locations, ****** * ****** ***** ***** a ******* ******* **** *** ************* made ** **** ***** ***** ******* any ******** *****, **** ***********, ** tampering. ********** ***** **** ****** **** kept *** **** ****** ***** ***** were *** ******, *** *** **** was **** ** ****** *** ****** it.

**** *** **** *********, ************ *** unsupervised ****** **** *** ******** *** possible. ** **** *****, ***** *** only ******** ** * ******** ********* alarm ****** ******* ** ** ******. Alarm ****** *******, ****** **** ******* dispatched ** *** *****, *** *** event *** ******* **********.

*** ******** *********** ************ *** ******** failure, ******* ** ********** *** *** event *** ********. ***** ******** **** shocking ** *** ****** *** ******* was ** ***** ***, *** *** a **** ****** ** ***** ***** be ** **** ********** ** ***** system ******** **.

The *******

*** ***** ******** ** * ***** city ***** ********** *** ******** ***** take ****** ** **** ****** ** night. ** **** *****, * ******** individual *** ******** ** * ***** of ********* **** ******* *** ********** opening. **** ****** *** **** ** slide **** ********* ***** *** **** sweep, **** *** ****** ****. ******* this **** *** ***** ******* **** a *******, ***** **** ******** ** have * '******* ** ****' *** mounted ***** *** ****** **** *****, so *** ******* ******** ** ** emergency ****** *********.

**** ***, ***** **** *** ****** anything ******* *** ****, *** ******* by *** ****-*********** ****** ***** ** cardboard **** ***** *** ****. *** to *** *********'* ******** ** **** and ****** ** *** **** *****, the *** ****** *** ******* *** released *** *******. **** ** **** left *** **** *********, *** *** homeless ********** *** **** ** ***** the ***** ********. *** ***** ***** is * ******** ************* ** * maglock/RTE ***:

rte pir

*** **** ***** ** *** ******* was**** ************** *** *** - ** fact, *** ****** ********** ******* ** it ****** ****. *** **** ***** was *********** ** ** *** ********* minor ******** ** *** *********:

*. *** **** *** *** ************ secured ** * **** ***** *****, as ******* ********** ********. ** *** shop ***** *** ****** ****** *** door ** ********, ** ***** *** have **** ********* ****** ***-********* *****.

*. *** ****** **** *****/********* *** not ******** ******** *** ********* *** cardboard ** ** ******** **** * the ***. ***** ** ***** **** a ***** ***** ** *******-*********, *** bottom **** ***** ****** *** *** and **** ******* ***** **** *****, cardboard, ** ***** ***** **** ******** the ******* ****.

The ********

*** ******** *** *******, *** ******* implemented * ****** ** ******* **** prevent ****** ******. *****, *** ****** door ****** **** ******** *** ******** to ******* *** ****, *** *** access ******* ****** *** ************ ** turn-off *** *** *** ****** ********** hours.

******* *** **** ** ******** ** not ** ******** ********, ** ********* exit, *** ** *** **** ** is ********** **** ******** ****** '****** hours', ****** ******* *** *** *** during ********* ***** ** *** * problem *** *** **** ****** *** by *** ***** **** *******. ** required, *** ******** *** ******** ** install ********** '**** ******' ********* **** releases ** ********** ********* ****.

The ****** *******

***** *** *** **** *********** ** loss ** * ****** ** **** event, ** *** ************* ********** *** could **** **** **** ******. *** cost ** *** *** ***** ****** out ** ** **** **** $** in **** *********** *** **** **** 5 ******* ** ************* ******* ** the ****** ******* ******.

******* *** ***** ****, *** ***** serves ** * ******** **** *** problems *** ** ******* **** ****** programming *** ******** **********. ******* **** particular ******* ***** ** **** ** any ****** ******* ******, ** ** especially ***** ********** ****** ******** ** issue.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.
Loading Related Reports