Keypads For Access Control Tutorial

By: Brian Rhodes, Published on Jul 28, 2020

Keypad readers present huge risks to even the best access systems. If deployed improperly, keypads let people through locked doors almost as if they were unlocked.

IPVM Image

However, despite the drawbacks, keypads are still one of the most common choices in access today.

With this note, we examine the weaknesses of keypads including:

  • Revealing Buttons
  • Snooping Eyes
  • PIN Sharing is Easy

Inside we offer advice on how to deploy them securely and examine a type of keypad that overcomes glaring weaknesses.

Operation Described

The function of keypads in access control is simple. A door or gate remains locked until the user enters a valid combination string into a nearby number pad, usually a sequence of numbers.

Most access control applications assign each user their own number, called Personal Identification Number (PIN). Unless the user enters a valid combination, the opening remains locked.

Why Use Keypads?

If these input readers are so terrible, why do people use them? The single biggest 'pro' in using keypads is that no external credential is required. There are no cards or fobs to buy, fingerprints to enroll, and template records to manage. A user is given an access code that is presumably memorized or included in other documents, and nothing else is required.

The lack of external credentials results in a lower operating cost relative to 'credential-based' systems.

The Problems

Despite being one of the oldest and most used access readers, keypads have huge vulnerabilities. Worse still, it takes no special tools or skills to exploit these problems. While individual units may be better, or even worse, than others at these shortcomings, the biggest problems are:

  • Revealing Buttons
  • Snooping Eyes
  • PIN Sharing is Easy

In the sections below, we examine these issues and address how they undermine even the best access control platform and most secure locks.

****** ******* ******* **** risks ** **** *** best ****** *******.** ******** **********, ******* let ****** ******* ****** doors ****** ** ** they **** ********.

IPVM Image

*******, ******* *** *********, keypads *** ***** *** of *** **** ****** choices ** ****** *****.

**** **** ****, ** examine *** ********** ** keypads *********:

  • ********* *******
  • ******** ****
  • *** ******* ** ****

****** ** ***** ****** on *** ** ****** them ******** *** ******* a **** ** ****** that ********* ******* **********.

Operation *********

*** ******** ** ******* in ****** ***************. * **** ** gate ******* ****** ***** the **** ****** * valid *********** ****** **** a ****** ****** ***, usually * ******** ** numbers.

**** ****** ******* ************ assign **** **** ***** own ******, ****** ******** Identification ****** (***). ****** the **** ****** * valid ***********, *** ******* remains ******.

Why *** *******?

** ***** ***** ******* are ** ********, *** do ****** *** ****? The ****** ******* '***' in ***** ************* ** ******** ********** is ********. ***** *** no ***** ** **** to ***, ************ ** enroll, *** ******** ******* to ******. * **** is ***** ** ****** code **** ** ********** memorized ** ******** ** other *********, *** ******* else ** ********.

*** **** ** ******** credentials ******* ** * lower ********* **** ******** to '**********-*****' *******.

The ********

******* ***** *** ** the ****** *** **** used ****** *******, ******* have **** ***************. ***** still, ** ***** ** special ***** ** ****** to ******* ***** ********. While ********** ***** *** be ******, ** **** worse, **** ****** ** these ************, *** ******* problems ***:

  • ********* *******
  • ******** ****
  • *** ******* ** ****

** *** ******** *****, we ******* ***** ****** and ******* *** **** undermine **** *** **** access ******* ******** *** most ****** *****.

[***************]

Revealing *******

****** ******* **** *** collect **** **** ****. This ** * **** problem ******* **** *** buttons ****** ** **** access *** *** **** typically ******* ***** ** use.

***** *******

*** ****** ***** *** buttons **** **** ** dirt *** ***** **** the ****'* *******. ** first ******, **** **** buttons **** **** ****, but **** *** **** inexperienced ******** ***** ****** associate *** ******** ******** of *** ****** **** a ****** ************** ** the ****, *** ** Post *******.

****** ******** *** **** than * ******* ** challenges **** **** **** 'secured' ****. ****** *******, even **** ************ * 'random' ******, ****** *** potential ************ **** **** of ********* ** * few *******, *** ****** combinations (*******/*****/********* *******) *** take ******* ** ****** down.

IPVM Image

**** *******

********, **** ** ******* in *** ******* *****.

******* ** *****, ****** the ****** ******* *** constructed ** ******* **** is **** *** **** time. ** **** ****, guessing *** **** ****** combinations ** ************* ***** by ****** *** ******* most ********** ****:

IPVM Image

**** ** ******/********

* ***** ****** ******** is ******, ********, ** etchings **** **** * valid *** ***** ** plain ****:

IPVM Image

** *******, ***** ****** are ****** ** * matter ** ***********, *** users ******* ******** *** security ***** ** *** PIN ** ***, *** the ***** ** ****** control ** *** ******* can ** ****** ** pointless *** **** ************.

Snooping ****

**** **** ******** ** prior ************ ** *** obvious, ***** *** ** watched ******** ***** *****.

****** * **** ** deliberate ** ********* ***** fingers *** *** ****** while ******** * ***, even * ****** ******** can **** *** ******** the ****. * **** determined ******** *** **** use ****-***** ****** ** even '******' ******* ******* to ***** *** ***** combinations:

IPVM Image

PIN ******* ** ****

**** ** '*******' ***** of ******* * **** are *********, * **** vulnerability ****** ********** ** mitigate *** ***** ******* codes ********. ** *** seem **** ** **** solution *** ** ************ circumstance, *** ******* * unique *** **** **** one ***** ****** ***** that '****** *******' ** lost.

**** ***** *** ******** where ***** *** ******* codes *** ******* ** labels ** ********, ******* to *** **** ** plain *****, *** ******* undermine ****** ********** ****** codes ** ***:

Configuring ******* *** ** ***********

********** *** ****** ** a ********** *** **** prove ***********. *** ************* protocol ****** ** **** readers *** **** *****, Wiegand, *** ********* ********* without ***** ********* ** how ** *********** ****** signals.

** * ******, ************* keypad ****** *** ** fragmented, **** **** *********** requiring *-***, *-***, ** 26-bit ******. *********, *********** include *** *********** *** these ********, *** *** exact ****** ****** **** vary ********* ** ***** Keypad ****** ** ****.

OSDP *******

*** ** *** '************'******* ** ****** **** ****** ******* now *********** ****** ** standardized (*** *********) ***** formats.

*** ******* ** *** v2.1.7 **** ******** ******** this (*.**) ** ***** below:

IPVM Image

Steps ** ******** ****** **********

**** ******* ********* *** active **********, *** ******** risk **** ******* *** be *********. *** ***** include:

***** *** ******** *****

**** **** ****, *****, and **** '*********' ******* like ****. ********** ******* inside ** ****** ********** may ****, *** ********** inspecting *** *******, ******* them ***** **** * mild ******* (******* ******* or *******), *** ********** the ******* *** ****** and **** **** ** a **** *** ** preserving ********.

*******, *** *** ********** effort ******* ** *********** cost *** ********* ****** by ***** ********** ***** like *********** ***** ** biometrics.

********* ****** ****

*** ** *** ******* failures ** ****** ** that *** *********** ***** change. **** ****, *** user's ***** ** ************** to **** *** ****** of ****** *****.

*** **** *** **** authoritative ****** ** ********* loose ******* ** **** is ****** ** ****** them ** * ******* basis. *** ********* ** changes ******* ** *** population ** *****, *** systems **** **** **** 100 ****, ******** *****-****** helps ******* *** ***** in ****'* *****.

*********** **************

******* *** ****** ** beefing ** ****** ******** is ** ******* **** with **** **** *** credential. *** *******, ********* users ** ***** **** credential ***** *** *** combinations *** *** ***** effect ** ******** **** neither ****/****** ***** *** shared ***** *** ** individually ****. ** ******* using ******** *********** ******** in ********-****** ************** ******.

IPVM Image

*******, *** ******* *** adding ********** ******* ********* itself ** ********** **** to ********** ******* ******** and *******/*********** ********* ***********.

Use ******** *******

**** ******* *** **** secure **** ******. * version ****** '******** ****' or '****** ****' ** not ******* ********* ****** in * *********** "*-*,*" orientation, *** *******, ********* the ****** ***** **** they *** ****. *** randomness ********* *** '****** wear' ************* *** ****** distributes **** ***** *** buttons. *** ****** ***** are ***** *****:

IPVM Image

*** ********** ** ***** units *** *** ********** orientation ** ****** **** time * **** ******* in * ****, ****** be ****** ****** ******** in ***** ** *** unit. *******, **** *** very ********* (~$*** - $1200, ******** ** for '***-********' *****) *** not ****** ********* ** the ****** ******.

[****: **** ***** *** originally ******* ** ****, but ************* ******* ** 2020.]

Comments (5)

** *** ******** *************** units **** *** **** relay *********** *** **** strike ** *** *******, unsecured **** ** *** wall ****** ****** **** tethered ****** ** *** secured ****** ****? ** the ******* ***** ******* inside *** **** *** keypad ** ******** *******.

*** *** ***** ******* reader ****** ** ******** one ** ***'* **** new ******** **** **** come ** **** ** years. * *** ******** searching **** *** *** for * **** ******* reader **** ****'* * stand ***** ******.

IPVM Image

** ***** * ****** you ***’* ********* *** buttons ***** **** ** even *** *** ****?

IPVM Image

** **** ***** * film *** ***** **-*****?

** **** ***** ** clunky ***** ? ***** it ** *** *****

****** **** ************ **** from *** ******, ******** is **** **** ******* something **** ****** ****** can ****** *** **** and **** **** ******** way ** **** *** keys ** *** ****** maybe

Read this IPVM report for free.

This article is part of IPVM's 6,431 reports, 865 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Recent Reports

Indian Government Restricts PRC Manufacturers From Public Projects on Aug 04, 2020
In a move that mirrors the U.S. government’s ban on Dahua and Hikvision...
Directory of 199 "Fever" Camera Suppliers on Aug 04, 2020
This directory provides a list of "Fever" scanning thermal camera providers...
Face Masks Increase Face Recognition Errors Says NIST on Aug 04, 2020
COVID-19 has led to widespread facemask use, which as IPVM testing has shown...
Dahua Loses Australian Medical Device Approval on Aug 04, 2020
Dahua has cancelled its medical device registration after "discussions" with...
Google Invests in ADT, ADT Stock Soars on Aug 03, 2020
Google has announced a $450 million investment in the Florida-based security...
US Startup Fever Inspect Examined on Aug 03, 2020
Undoubtedly late to fever cameras, this US company, Fever Inspect, led by a...
Motorola Solutions Acquires Pelco on Aug 03, 2020
Motorola Solutions has acquired Pelco, pledging to bring blue back and make...
False: Verkada: "If You Want To Remote View Your Cameras You Need To Punch Holes In Your Firewall" on Jul 31, 2020
Verkada falsely declared to “3,000+ customers”, “300 school districts”, and...
US GSA Explains NDAA 889 Part B Blacklisting on Jul 31, 2020
With the 'Blacklist Clause' going into effect August 13 that bans the US...
Access Control Online Show July 2020 - On-Demand Recording of 45+ Manufacturers Presentations on Jul 30, 2020
The show featured 48 Access Control presentations, all now recorded and...
Face Detection Shootout - Dahua, Hanwha, Hikvision, Uniview, Vivotek on Jul 30, 2020
Face detection analytics are available from a number of manufactures...
Sunell is The First China Manufacturer to Market NDAA Compliance on Jul 30, 2020
Most China manufacturers are going to be impacted by the NDAA 'Blacklist...
Ink Labs Relabels China YCX Fever Camera And Steals Dahua's Marketing on Jul 30, 2020
A US company marketed a 'thermal temperature scanner' as its own, selling...
Genetec and Dahua-Backed Intelbras Split Examined on Jul 29, 2020
China is the cause of the breakup between Canada's and Brazil's largest video...
This YouTuber is Now Selling ThermoHealth Temperature Screening on Jul 29, 2020
An enterprising 20-year old is mass marketing medical devices on Facebook and...