Access Control Exploits: Risky PIRs?

Author: Brian Rhodes, Published on Dec 09, 2012

A panicked end user called us this week about a surprisingly simple way their access control system was compromised. After they shared the details, it became clear that almost any electronic access control system can be impacted. Even though the fix is simple, your systems may be at risk. In the note below, we share the details and the recommended solution.

The Target

*** *** ****, *** **** * ****** ** ****/****** ***** in ***** *********, ****** * ****** ***** ***** * ******* secured **** *** ************* **** ** **** ***** ***** ******* any ******** *****, **** ***********, ** *********. ********** ***** **** should **** **** *** **** ****** ***** ***** **** *** locked, *** *** **** *** **** ** ****** *** ****** it.

**** *** **** *********, ************ *** ************ ****** **** *** building *** ********. ** **** *****, ***** *** **** ******** by * ******** ********* ***** ****** ******* ** ** ******. Alarm ****** *******, ****** **** ******* ********** ** *** *****, and *** ***** *** ******* **********.

*** ******** *********** ************ *** ******** *******, ******* ** ********** how *** ***** *** ********. ***** ******** **** ******** ** how ****** *** ******* *** ** ***** ***, *** *** a **** ****** ** ***** ***** ** ** **** ********** of ***** ****** ******** **.

The *******

*** ***** ******** ** * ***** **** ***** ********** *** homeless ***** **** ****** ** **** ****** ** *****. ** this *****, * ******** ********** *** ******** ** * ***** of ********* **** ******* *** ********** *******. **** ****** *** able ** ***** **** ********* ***** *** **** *****, **** the ****** ****. ******* **** **** *** ***** ******* **** a *******, ***** **** ******** ** **** * '******* ** exit' *** ******* ***** *** ****** **** *****, ** *** maglock ******** ** ** ********* ****** *********.

**** ***, ***** **** *** ****** ******** ******* *** ****, was ******* ** *** ****-*********** ****** ***** ** ********* **** under *** ****. *** ** *** *********'* ******** ** **** and ****** ** *** **** *****, *** *** ****** *** tripped *** ******** *** *******. **** ** **** **** *** door *********, *** *** ******** ********** *** **** ** ***** the ***** ********. *** ***** ***** ** * ******** ************* of * *******/*** ***:

rte pir

*** **** ***** ** *** ******* ******* ************** *** *** - ** ****, *** ****** ********** exactly ** ** ****** ****. *** **** ***** *** *********** to ** *** ********* ***** ******** ** *** *********:

*. *** **** *** *** ************ ******* ** * **** after *****, ** ******* ********** ********. ** *** **** ***** had ****** ****** *** **** ** ********, ** ***** *** have **** ********* ****** ***-********* *****.

*. *** ****** **** *****/********* *** *** ******** ******** *** permitted *** ********* ** ** ******** **** * *** ***. While ** ***** **** * ***** ***** ** *******-*********, *** bottom **** ***** ****** *** *** *** **** ******* ***** like *****, *********, ** ***** ***** **** ******** *** ******* area.

The ********

*** ******** *** *******, *** ******* *********** * ****** ** changes **** ******* ****** ******. *****, *** ****** **** ****** were ******** *** ******** ** ******* *** ****, *** *** access ******* ****** *** ************ ** ****-*** *** *** *** during ********** *****.

******* *** **** ** ******** ** *** ** ******** ********, an ********* ****, *** ** *** **** ** ** ********** with ******** ****** '****** *****', ****** ******* *** *** *** during ********* ***** ** *** * ******* *** *** **** signed *** ** *** ***** **** *******. ** ********, *** customer *** ******** ** ******* ********** '**** ******' ********* **** releases ** ********** ********* ****.

The ****** *******

***** *** *** **** *********** ** **** ** * ****** of **** *****, ** *** ************* ********** *** ***** **** been **** ******. *** **** ** *** *** ***** ****** out ** ** **** **** $** ** **** *********** *** less **** * ******* ** ************* ******* ** *** ****** control ******.

******* *** ***** ****, *** ***** ****** ** * ******** that *** ******** *** ** ******* **** ****** *********** *** hardware **********. ******* **** ********** ******* ***** ** **** ** any ****** ******* ******, ** ** ********** ***** ********** ****** becoming ** *****.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Access Control

IPVM First Dean's List W2017 - Thomas Atkinson, Matt Hurly and Fredrik Lundqvist on Apr 24, 2017
IPVM is happy to congratulate and celebrate our first "Dean's List", the top students in our courses. For the Winter 2017 IP Networking course...
Lenel President Is Out on Apr 20, 2017
Lenel's challenges continue. Now, Lenel's President is out, suddenly. This follows increasing challenges for the company who has broadly upset...
Access Control Course Spring 2017 on Apr 14, 2017
IPVM offers the most comprehensive access control course in the industry. Unlike manufacturer training that focuses only on a small part of the...
Bosch B-Series Intrusion Tested on Apr 10, 2017
Bosch is one of the biggest names in intrusion but their B-Series panels, targeted at smaller site installs and available through distribution, are...
Milestone / Lenel Resell Partnership on Apr 03, 2017
Lenel has never found success in video management. Nearly a decade ago Lenel OEMed an OEM of Milestone. Now, in an equally uncommon move,...
ConvergenceTP (CTP) Claims VMS Integrations Simplified on Mar 30, 2017
Developing integrations with 3rd party systems can be expensive and time consuming, especially in the physical security market with hundreds of...
2Gig Intrusion Megatest (GC2 & GC3 Panels Tested) on Mar 28, 2017
2Gig is one of the most widely used intrusion systems, with two product lines that are the main offering of many alarm companies, huge national...
Lock Keyways For Access Control Guide on Mar 23, 2017
Lock keyways can be the difference between a lock working or not. Understanding keyways is important for access control. Indeed, a member recently...
Unikey Smart Phone Access Control Platform Profile on Mar 21, 2017
More and more people carry smart phones. Many think this could replace the conventional key or card for access control. However, using a phone...
Brivo Opens Up, Adds Mercury Support on Mar 16, 2017
Brivo's cloud-based access control was built around the companies proprietary hardware controllers, and was often seen as a limitation by...

Most Recent Industry Reports

IPVM First Dean's List W2017 - Thomas Atkinson, Matt Hurly and Fredrik Lundqvist on Apr 24, 2017
IPVM is happy to congratulate and celebrate our first "Dean's List", the top students in our courses. For the Winter 2017 IP Networking course...
Axis Posts Strong Q1 2017 Financial Results on Apr 24, 2017
Axis posted strong numbers for Q1 2017, after having some challenges in 2016 (Q1 2016, Q3 2016). Inventory levels and overall spending show...
Axis Lowest Cost Outdoor IR Camera M2025-LE Tested on Apr 24, 2017
Axis has lagged offering low cost IR cameras while their Asian competitors have made IR standard even in their most entry level cameras. Recently,...
Splicing Alarm Circuits Guide on Apr 23, 2017
Alarm installers commonly connect multiple sensors to a single zone. They do this by splicing the wires together. In this report, we will explain...
IP Networking Course May 2017 on Apr 21, 2017
NOTE: Registration ends this Thursday. This is the only networking course designed specifically for video surveillance professionals plus it...
PureTech Video Analytics Examined on Apr 21, 2017
PureTech's analytics were chosen for a US border protection system (see related post), which the company claims no other analytics vendor was able...
US Border RVSS / Video Analytics System Examined on Apr 21, 2017
US Customs and Border Protection has been rolling out a video analytics-based detection system along the US/Mexico border, with detection ranges...
Beware The "Hit List" Ranking on Apr 21, 2017
The hit list. Kirschenbaum's recent newsletter complained about a 'hit list', bemoaning how a company took aim at ADT. Alas, that's the Google...
Ring Floodlight Cam Tested on Apr 20, 2017
Ring has released their latest entry, the Floodlight Cam, calling it the "Evolution of Outdoor Security", touting motion activated floodlights,...
Lenel President Is Out on Apr 20, 2017
Lenel's challenges continue. Now, Lenel's President is out, suddenly. This follows increasing challenges for the company who has broadly upset...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact