Keypads For Access Control Tutorial
Keypad readers present huge risks to even the best access systems. If deployed improperly, keypads let people through locked doors almost as if they were unlocked.
However, despite the drawbacks, keypads are still one of the most common choices in access today.
With this note, we examine the weaknesses of keypads including:
- Revealing Buttons
- Snooping Eyes
- PIN Sharing is Easy
Inside we offer advice on how to deploy them securely and examine a type of keypad that overcomes glaring weaknesses.
Operation Described
The function of keypads in access control is simple. A door or gate remains locked until the user enters a valid combination string into a nearby number pad, usually a sequence of numbers.
Most access control applications assign each user their own number, called Personal Identification Number (PIN). Unless the user enters a valid combination, the opening remains locked.
Why Use Keypads?
If these input readers are so terrible, why do people use them? The single biggest 'pro' in using keypads is that no external credential is required. There are no cards or fobs to buy, fingerprints to enroll, and template records to manage. A user is given an access code that is presumably memorized or included in other documents, and nothing else is required.
The lack of external credentials results in a lower operating cost relative to 'credential-based' systems.
The Problems
Despite being one of the oldest and most used access readers, keypads have huge vulnerabilities. Worse still, it takes no special tools or skills to exploit these problems. While individual units may be better, or even worse, than others at these shortcomings, the biggest problems are:
- Revealing Buttons
- Snooping Eyes
- PIN Sharing is Easy
In the sections below, we examine these issues and address how they undermine even the best access control platform and most secure locks.
Revealing *******
****** ******* **** *** ******* **** over ****. **** ** * **** problem ******* **** *** ******* ****** to **** ****** *** *** **** typically ******* ***** ** ***.
***** *******
*** ****** ***** *** ******* **** pick ** **** *** ***** **** the ****'* *******. ** ***** ******, only **** ******* **** **** ****, but **** *** **** ************* ******** would ****** ********* *** ******** ******** of *** ****** **** * ****** characteristic ** *** ****, *** ** Post *******.
****** ******** *** **** **** * minutes ** ********** **** **** **** 'secured' ****. ****** *******, **** **** representing * '******' ******, ****** *** potential ************ **** **** ** ********* to * *** *******, *** ****** combinations (*******/*****/********* *******) *** **** ******* to ****** ****.
**** *******
********, **** ** ******* ** *** example *****.
******* ** *****, ****** *** ****** buttons *** *********** ** ******* **** is **** *** **** ****. ** this ****, ******** *** **** ****** combinations ** ************* ***** ** ****** the ******* **** ********** ****:
**** ** ******/********
* ***** ****** ******** ** ******, stickers, ** ******** **** **** * valid *** ***** ** ***** ****:
** *******, ***** ****** *** ****** as * ****** ** ***********, *** users ******* ******** *** ******** ***** of *** *** ** ***, *** the ***** ** ****** ******* ** the ******* *** ** ****** ** pointless *** **** ************.
Snooping ****
**** **** ******** ** ***** ************ is *** *******, ***** *** ** watched ******** ***** *****.
****** * **** ** ********** ** shielding ***** ******* *** *** ****** while ******** * ***, **** * casual ******** *** **** *** ******** the ****. * **** ********** ******** may **** *** ****-***** ****** ** even '******' ******* ******* ** ***** out ***** ************:
PIN ******* ** ****
**** ** '*******' ***** ** ******* a **** *** *********, * **** vulnerability ****** ********** ** ******** *** users ******* ***** ********. ** *** seem **** ** **** ******** *** an ************ ************, *** ******* * unique *** **** **** *** ***** person ***** **** '****** *******' ** lost.
**** ***** *** ******** ***** ***** and ******* ***** *** ******* ** labels ** ********, ******* ** *** unit ** ***** *****, *** ******* undermine ****** ********** ****** ***** ** all:
Configuring ******* *** ** ***********
********** *** ****** ** * ********** may **** ***** ***********. *** ************* protocol ****** ** **** ******* *** many *****, *******, *** ********* ********* without ***** ********* ** *** ** incorporate ****** *******.
** * ******, ************* ****** ****** can ** **********, **** **** *********** requiring *-***, *-***, ** **-*** ******. Generally, *********** ******* *** *********** *** these ********, *** *** ***** ****** needed **** **** ********* ** ***** Keypad ****** ** ****.
OSDP *******
*** ** *** '************'******* ** ****** **** ****** ******* *** *********** values ** ************ (*** *********) ***** formats.
*** ******* ** *** **.*.* **** standard ******** **** (*.**) ** ***** below:
Steps ** ******** ****** **********
**** ******* ********* *** ****** **********, the ******** **** **** ******* *** be *********. *** ***** *******:
***** *** ******** *****
**** **** ****, *****, *** **** 'temporary' ******* **** ****. ********** ******* inside ** ****** ********** *** ****, but ********** ********** *** *******, ******* them ***** **** * **** ******* (rubbing ******* ** *******), *** ********** the ******* *** ****** *** **** will ** * **** *** ** preserving ********.
*******, *** *** ********** ****** ******* in *********** **** *** ********* ****** by ***** ********** ***** **** *********** cards ** **********.
********* ****** ****
*** ** *** ******* ******** ** keypad ** **** *** *********** ***** change. **** ****, *** ****'* ***** of ************** ** **** *** ****** of ****** *****.
*** **** *** **** ************* ****** of ********* ***** ******* ** **** is ****** ** ****** **** ** a ******* *****. *** ********* ** changes ******* ** *** ********** ** users, *** ******* **** **** **** 100 ****, ******** *****-****** ***** ******* the ***** ** ****'* *****.
*********** **************
******* *** ****** ** ******* ** keypad ******** ** ** ******* **** with **** **** *** **********. *** example, ********* ***** ** ***** **** credential ***** *** *** ************ *** the ***** ****** ** ******** **** neither ****/****** ***** *** ****** ***** can ** ************ ****. ** ******* using ******** *********** ******** ** ********-****** ************** ******.
*******, *** ******* *** ****** ********** factors ********* ****** ** ********** **** to ********** ******* ******** *** *******/*********** secondary ***********.
Use ******** *******
**** ******* *** **** ****** **** others. * ******* ****** '******** ****' or '****** ****' ** *** ******* numerical ****** ** * *********** "*-*,*" orientation, *** *******, ********* *** ****** every **** **** *** ****. *** randomness ********* *** '****** ****' ************* and ****** *********** **** ***** *** buttons. *** ****** ***** *** ***** below:
*** ********** ** ***** ***** *** the ********** *********** ** ****** **** time * **** ******* ** * code, ****** ** ****** ****** ******** in ***** ** *** ****. *******, they *** **** ********* (~$*** - $1200, ******** ** types) *** *** ****** ********* ** the ****** ******.
[****: **** ***** *** ********** ******* in ****, *** ************* ******* ** 2020.]
*** *** ***** ******* ****** ****** is ******** *** ** ***'* **** new ******** **** **** **** ** with ** *****. * *** ******** searching **** *** *** *** * good ******* ****** **** ****'* * stand ***** ******.
** ***** * ****** *** ***’* rearrange *** ******* ***** **** ** even *** *** ****?
** **** ***** * **** *** could **-*****?
****** **** ************ **** **** *** System, ******** ** **** **** ******* something **** ****** ****** *** ****** the **** *** **** **** ******** way ** **** *** **** ** the ****** *****
*** *** *** ******* **** *** years.
****** - ****** ********* *** *** security
*'* *** * *** ** ****** locks ** **** *** ********** **** an ****** ******* ******. ***** ** well *** * *****. ** ***** is * ********** ****** ******* ** was ** ************ *** ** ********* costly ** ********** ** *** * wire **, * *** ********** *** need *** ***, *** ** ***** be * **** ******* ****** ************ at *** **** ******* ** ** a ********.
*'* **** ***** ** *** **** multifactor ************** *** ********* ** ****. In * ******** ****, * ******* physical ******** ** * **** ******** site. ** *** ***** ****, ** moved **** **** ******-****** ************** ******* to ***********. ** ****** *****, ** is **** *** **** *** ****** to ***** * *** ****, ********** if *** **** * ***** ****** of *********. **** **** *********** **************, we **** ** * **** ******* to ******** *** "**** ** ******" or *********** ****** ***** *********** ************** now ******** * **** ***** *** pin. ** ******* *** *******, **** as **** ** ****, ***. ****** it *** * **** ** ********* manage, **** *** ********* **** ******* on *****, ** **** ****** **** more ******. ********* ** **** ******** is ********* ****** ****** ***** ****** your *** **** * ** **** incorrect ***** *** ******* **** ** back. ******* **** ***** ** *** high ******** ***** **** ******** ******** managing *** ******** *** ***.
** ********** ********, ******* *** ******** more ************* *** ****-********. **** ** evidenced ** *** ********** *** ** touchscreen ******* *** ********* ************** *******, which ******* * **** ********** *** secure *** ** ****** ********* *** other ****** *****. ************, *** *********** of ******* **** ***** ******** *******, such ** ******** *** *********** *******, is * ***** **** ** ****** to ******** ** *** ****** *** smart ********* *****. ***********, *** ******** of ****** **** **** ********* **** the ****** ****** ***** ***** ***** to ******** **** *** ****** *****, view ****** ****, *** ******* ************* for ****** **** ** **** ******** and ********. **** ***** ******* ** additional ***** ** *********** *** ******** for *****, ** **** ***** ** able ** ****** ****** **** ***** smartphones.
** *** ******** *************** ***** **** the **** ***** *********** *** **** strike ** *** *******, ********* **** of *** **** ****** ****** **** tethered ****** ** *** ******* ****** wall? ** *** ******* ***** ******* inside *** **** *** ****** ** tethered *******.