Access Control Exploits: Risky PIRs?

Author: Brian Rhodes, Published on Dec 09, 2012

A panicked end user called us this week about a surprisingly simple way their access control system was compromised. After they shared the details, it became clear that almost any electronic access control system can be impacted. Even though the fix is simple, your systems may be at risk. In the note below, we share the details and the recommended solution.

The Target

*** *** ****, *** **** * ****** ** ****/****** ***** in ***** *********, ****** * ****** ***** ***** * ******* secured **** *** ************* **** ** **** ***** ***** ******* any ******** *****, **** ***********, ** *********. ********** ***** **** should **** **** *** **** ****** ***** ***** **** *** locked, *** *** **** *** **** ** ****** *** ****** it.

**** *** **** *********, ************ *** ************ ****** **** *** building *** ********. ** **** *****, ***** *** **** ******** by * ******** ********* ***** ****** ******* ** ** ******. Alarm ****** *******, ****** **** ******* ********** ** *** *****, and *** ***** *** ******* **********.

*** ******** *********** ************ *** ******** *******, ******* ** ********** how *** ***** *** ********. ***** ******** **** ******** ** how ****** *** ******* *** ** ***** ***, *** *** a **** ****** ** ***** ***** ** ** **** ********** of ***** ****** ******** **.

The *******

*** ***** ******** ** * ***** **** ***** ********** *** homeless ***** **** ****** ** **** ****** ** *****. ** this *****, * ******** ********** *** ******** ** * ***** of ********* **** ******* *** ********** *******. **** ****** *** able ** ***** **** ********* ***** *** **** *****, **** the ****** ****. ******* **** **** *** ***** ******* **** a *******, ***** **** ******** ** **** * '******* ** exit' *** ******* ***** *** ****** **** *****, ** *** maglock ******** ** ** ********* ****** *********.

**** ***, ***** **** *** ****** ******** ******* *** ****, was ******* ** *** ****-*********** ****** ***** ** ********* **** under *** ****. *** ** *** *********'* ******** ** **** and ****** ** *** **** *****, *** *** ****** *** tripped *** ******** *** *******. **** ** **** **** *** door *********, *** *** ******** ********** *** **** ** ***** the ***** ********. *** ***** ***** ** * ******** ************* of * *******/*** ***:

rte pir

*** **** ***** ** *** ******* ******* ************** *** *** - ** ****, *** ****** ********** exactly ** ** ****** ****. *** **** ***** *** *********** to ** *** ********* ***** ******** ** *** *********:

*. *** **** *** *** ************ ******* ** * **** after *****, ** ******* ********** ********. ** *** **** ***** had ****** ****** *** **** ** ********, ** ***** *** have **** ********* ****** ***-********* *****.

*. *** ****** **** *****/********* *** *** ******** ******** *** permitted *** ********* ** ** ******** **** * *** ***. While ** ***** **** * ***** ***** ** *******-*********, *** bottom **** ***** ****** *** *** *** **** ******* ***** like *****, *********, ** ***** ***** **** ******** *** ******* area.

The ********

*** ******** *** *******, *** ******* *********** * ****** ** changes **** ******* ****** ******. *****, *** ****** **** ****** were ******** *** ******** ** ******* *** ****, *** *** access ******* ****** *** ************ ** ****-*** *** *** *** during ********** *****.

******* *** **** ** ******** ** *** ** ******** ********, an ********* ****, *** ** *** **** ** ** ********** with ******** ****** '****** *****', ****** ******* *** *** *** during ********* ***** ** *** * ******* *** *** **** signed *** ** *** ***** **** *******. ** ********, *** customer *** ******** ** ******* ********** '**** ******' ********* **** releases ** ********** ********* ****.

The ****** *******

***** *** *** **** *********** ** **** ** * ****** of **** *****, ** *** ************* ********** *** ***** **** been **** ******. *** **** ** *** *** ***** ****** out ** ** **** **** $** ** **** *********** *** less **** * ******* ** ************* ******* ** *** ****** control ******.

******* *** ***** ****, *** ***** ****** ** * ******** that *** ******** *** ** ******* **** ****** *********** *** hardware **********. ******* **** ********** ******* ***** ** **** ** any ****** ******* ******, ** ** ********** ***** ********** ****** becoming ** *****.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Access Control

Hackable 125kHz Access Control Migration Guide on May 19, 2017
Despite being one of the most popular credentials, 125 kHz credentials are easily copied and insecure as we showed in our test results, video...
Smartphone Controlled Kevo Lock Tested on May 04, 2017
Smartlocks are a growing market, with millions sold. Kwikset's Kevo is one of the most common choices, using the Unikey smart phone access control...
Hack Your Access Control With This $30 HID 125kHz Card Copier on May 01, 2017
You might have heard the stories or seen the YouTube videos of random people hacking electronic access control systems. The tools that claim to do...
IPVM First Dean's List W2017 - Thomas Atkinson, Matt Hurly and Fredrik Lundqvist on Apr 24, 2017
IPVM is happy to congratulate and celebrate our first "Dean's List", the top students in our courses. For the Winter 2017 IP Networking course...
Lenel President Is Out on Apr 20, 2017
Lenel's challenges continue. Now, Lenel's President is out, suddenly. This follows increasing challenges for the company who has broadly upset...
Access Control Course Spring 2017 on Apr 14, 2017
IPVM offers the most comprehensive access control course in the industry. Unlike manufacturer training that focuses only on a small part of the...
Bosch B-Series Intrusion Tested on Apr 10, 2017
Bosch is one of the biggest names in intrusion but their B-Series panels, targeted at smaller site installs and available through distribution, are...
Milestone / Lenel Resell Partnership on Apr 03, 2017
Lenel has never found success in video management. Nearly a decade ago Lenel OEMed an OEM of Milestone. Now, in an equally uncommon move,...
ConvergenceTP (CTP) Claims VMS Integrations Simplified on Mar 30, 2017
Developing integrations with 3rd party systems can be expensive and time consuming, especially in the physical security market with hundreds of...
2Gig Intrusion Megatest (GC2 & GC3 Panels Tested) on Mar 28, 2017
2Gig is one of the most widely used intrusion systems, with two product lines that are the main offering of many alarm companies, huge national...

Most Recent Industry Reports

Milestone Entry Level Mobile Password Vulnerability Disclosed on May 24, 2017
While many manufacturers have only addressed cybersecurity vulnerabilities after public disclosures were made (or threatened), Milestone has...
How Integrators Use IPVM on May 24, 2017
150 integrators explained how they use IPVM and how it helps them stay informed and improve their business.  The 4 main uses integrators cited for...
Alarm Supervision Guide on May 24, 2017
Burglar alarms can constantly monitor the health of attached circuits, sensors, and devices to ensure that they remain operational. This is known...
Arlo Go Cellular Cloud Camera Tested on May 23, 2017
Totally wireless surveillance cameras are growing but almost all typically depend on a hub and local Internet access. However, many outdoor...
Avigilon New COO James Henderson Profile on May 23, 2017
It has been nearly 2 years since the infamous Bryan Schmode 'resigned' as Avigilon COO. Now, Avigilon once again has a COO, promoting James...
Hikvision Marketer Caught Spamming, Fails at Coverup, Fired on May 23, 2017
A Hikvision marketing employee was caught by IPCamTalk trying to surreptitiously disparage IPVM and IPCamTalk. This is an outgrowth of Hikvision's...
Aura's 'Invisible Ripple' Next Gen Intrusion Detection Tested on May 23, 2017
Aura Home is a startup intrusion detection system, but it claims new, high-tech sensing that monitors the 'invisible ripples' movement creates,...
Pelco Shutting Down Clovis Line, Laying Off 200 on May 22, 2017
Pelco's Clovis facility once turned out some of the industry's most popular products. Now, the facility is mostly building "obsolete" equipment,...
IP Camera - 15 Year Shootout on May 22, 2017
How far have IP cameras come? We bought and tested 4 cameras across the past 15 years to understand how much and where performance has...
Remote Video Monitoring Providers Directory on May 21, 2017
Remote video monitoring can help integrators generate RMR plus end users lower their security costs and/or improve response to critical...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact