I'm always a bit suspicious (or something) when the spelling is bad.
Ambitious Mobile Access Startup: Openpath
Published May 24, 2018 13:13 PM
This team sold their last startup for hundreds of millions of dollars, now they have started Openpath to become a rare access control small business focused entrant.
Like many startups, the company is making big claims like 'mobile access control at no cost to users', and offers cloud-based management - eliminating on-site servers.
But how does it work? In this note, we examine Openpath, its strengths, weaknesses, and how it compares to other cloud access systems.
Startup ********** *** *******
***** ** **********, ********'* ******** **** *** a ******** ** ******** ******** *** new ** *** ******** ******** ******.
**********, *** **-******** **** ********** ******* ******** ********** ******* *** ********** **** $*** million, *****-******* ***** ************* ********* ** * ******** **** that **** ********:
"* *** ** **** **** *** same **** *’** **** ******* **** *** ** years. **’** ***** **** ********* ******** and **’* * *** ** *** working **** ************* ******** *** ****** people *** * ***** *** *******."
********, ******** ****** $* ********* ******* **** *** **-********, *** a ****** ** ************* ******** *****, most ******* ******* ********.
Product ********
*************, ******** **** *** **** ****** architecture *** ******* ****** ** **** access ******* *******, ***** ** **-** 4-doors ********** (****** ***** ***) ********* to **** ******* *****, ******** ********, RTE *******, *** *******.
*******, *** *******'* *** ****** ******** premium ******** **** * '*****' ****** that ******* ***** **** * ********** user's ********** ****** ****, * ********** app '******' ******, ** **** ** being * ******* ********* **** ******.
*** ****** ** *****-*****, *** *** main *** ******** ** * *****-***** management ******. ****** '***** ****' ******** products **** ********* ** ****, ******** ******** ** **** **** at ***, ******* ****** ** *********** with ******** ********, *******, ** ******** lock ********.
*** (** *****) ******** ***** ******** their ******** ********:
Mobile ********** *******
****** **** ****** *******, ******** ****** users * **** ***, *** ** equipped, *********** ** **** *********** ** system ***** ****** ***** ****** *******.
**** ***** *********'* *********** $*** *******, ** ** * ********* ********** methods *** *********, ********* ***-******* **********/****** ***, smart ***** ***********, ** ***-********* ******* unlock **** ****** *** * ***-*** format **.** *** **** ******:
*** ****** ****** ****** ** ****** enrolled **** *********** '**** ** **'* in * ***** ** ******', ********** 'Touch' ** ****** ***** *** ******* up ***** *** **** ** ***** other *****.
*** *****-**** '*****' *** ****** ********** support ****** **** ***** ***** ***** small ****** ***** ****** ********* ******** ********, **** **** ******* ** ***, but **** ******** **** *** ****** support ** ********* *******.
Smart *** **** **********
**** **** ****** *******, *** **** locks, *******, *** ***** *********** *** controlled ** * **** *****. ********'* $700 ***** *** [**** ** ****** available] ******** ** ** * *****, and * ******* - ****** ********'* RS-485 ********* ******* ** ******** ******* based *******:
******* ******* ***** **** ***-***** ******* are *********, ** *** ****** *** potentially **** **** ******** *********** ** use'**** ********' **.** *** *******.
*** *****-********* ***** *** ******** * 4A ***** ****** ** ****-******* ***** power ** **** ***** *** *******, ample ****** *** **** **** **** strength ******** *** ********** **** *******.
System *******
********'* ******** **** ** ** ** *****, one **** ****, *** *** ***** based ****** **** *** ** ***** ******* ******* ****, ***** ** $** *** *****/ per **** (********** ** $** *** month ** ********* ** ****** *****). The ******* **** ********* **** ******* larger **** ** ***** ****** '**** sales' *** ********** *******.
*** *** ******* ****** *** *** example *******:
- * ****: * ****** ****** **** **** Openpath ****** ***** ** $***, **** $40 *** *****.
- * ****: * ******* ***** ********, four **** ****** **** **** ******** readers ***** ** $*,***, **** $*** per *****.
Integrator/Installer *******
************** ****** ** *** ******, ******** *********** **** **** ***** **** need ** *** *** ************ ************ of *** ****.
***** * ****** ******** *******, *** ******** **** *** ******* ** to *** **********, **** ******** ********** for *** ********* ********* ********* *** monthly *******.
Bypassing ******* *****
*** ****** **** ******** ****** **** other ****** ******** **** ****, *** even *********, ** **** ***** ********* acknowledge, *** ** *** **** ** the ******** ******** ******** ****** ******* for ********* *** ********* *** *******.
******, **** **** * ******* **********, Openpath ******* ** **** ** *** rather **** ******* ******* ******** ** an ********* ****** ******.
******* ** ***** ******** *****, ******** markets ******** ** *** *****, *** is ****** *********** ******** ******* ** ******-****** ********. *** *******'* ********* ** ******** to ***** ***** ********* **** *** greatly ****** **** ****** ********* ********, and **** '****' *********** ** *********, it ******* ****** **-******* ********* **** G-Suite.
** *****, ******* ********* ** *** tailored ** ********-***** ****** ** ***, but ***** *** **** * **** generalist ********** ********.
**********
******** ***** **** *** ********** **** other ******** ***** ****** ******** *** the ********* ********** ****** ******:
***** *****: ******* ********* ****** ** ** 'access ******* ******', ****** *****-******** ****** market ****** ******, ** ****, ******** ******** additional *********** *****, ***** *** *** hundreds ** * ****** **** ****** Openpath **********.
** ************: ** ******, *** ****** **** *** integrate **** ** ******* *****, ****** systems ***** ******* **** ****** **** video. **** ******, *** **** ****** integrations **** ******** ******* *** *** available, *** ***** *** **** *** closed *********** ********* ***********.
Less ********* ***** ****** ***********
*** ** *** ******* ******** ******** is ****** ** **** ** **** price.
** *** **** **** * ****** system ** *** **** ** ************** installed, *** ~$*** ******** **** *** $40 ******* ************ ** ************* ****** than ******* ********** ***** ***** ********** access ******** **** *****, ****, ** ******** [**** ** ****** *********] ********* installing *** ~$*** *** $** *** month ** ************ ****.
Early ****** ** ******
***** ******* ** **** *** ******* differentiation ** ****, **** ** ********'* first ***** **** ****** *******, *** the *******'* ******** **** ********* ******. Indeed, ** *** ******* ******* **** initial ******, **** ****** ********* **** ************* with ********* ******** *** *********** *** be ********.
***** *** ****** ** ****-****** ** terms ** ******* *** ** *********** ****, **** could ********* ****** ** ** **** competitive *** ********* ****** ********.
Comments (10)
UI
Undisclosed Integrator #1
May 25, 2018
Bryan Buenaventura
May 26, 2018You guys should add to the 'Weakness' list, the fact that this new access control manufacturer here in 2018, is still continuing to support Wiegand (which is nearing 50 years old & highly vulnerable to exploitation).
Heck, you guys at IPVM wrote about this issue over 4 years ago: https://ipvm.com/reports/wiegand-vs-odsp
Not saying this team's new venture will be unsuccessful, only that they seem to be solely focused on delivering 'convenience-driven' security. As opposed to building a leading edge technology that offers all of those features, conveniences, AND improves their clients' security postures & risk mitigation strategies.
U
Undisclosed #2
May 28, 2018This is the first of many comets that will be the demise of access control integrators, manufacturers and the entire design-o-saurs.
Brian Rhodes
May 28, 2018Brian Rhodes
May 28, 2018I don't for a second mistake Wiegand as secure, but it is hardly a weakness unique to Openpath.
Bryan Buenaventura
May 29, 2018Agreed Brian, that Wiegand is not an OpenPath specific issue.
My only point was that this manufacturer missed a golden opportunity to really differentiate themselves from the already crowded market of Access Control, which is overwhelmingly saturated with Wiegand inter-operability.
(This is the equivalent of introducing a new security technology in 2018, that's still using Windows 95)
Social Engineering and Card Cloning is like 1% as bad as any of the many "Man-in-the-Middle" attacking modules that have been designed to exploit Wiegand... but yet the former garner all of the attention.
Some things to consider:
* You can't trick a lobby receptionist thousands of times, 24/7/365, to gain entry into secured areas.
** Cloning one card here or another card there, is not nearly as detrimental as having 100's or 1000's of employees delivering their card credential information to you. (As they swipe into a Wiegand-based reader.)
References:
MitM #1 (Released in 2015): www.blekeyrfid.com
MitM #2 (Released in 2017): https://redteamtools.com/espkey
MitM #3 (Released in 2018): https://github.com/rfidtool/ESP-RFID-Tool/blob/master/README.md#esp-rfid-tool
Wiegand (A Decade of Decryption- By Brandon Chung): http://www.cs.tufts.edu/comp/116/archive/fall2017/bchung.pdf
This is a loaded topic Brian, I am available to help if you and John want to turn this into an official write-up...
U
Undisclosed #2
May 30, 2018A little late to the dance, instead of an official write-up how about you do a full read up first.
Google, Alexa..um.. what is:::
La Carte a Puce,
Instant ciphertext-only cryptanalysis of GSM encrypted communication,
Building and Transport Cards: Attacks and Defenses,
Alrebraic Attacks on MiFare RFID Chips,
The Dark Side of Security by Obscurity and Cloning MiFare Classic Rail and Building Passes Anywhere, Anytime,
Algebraic Attacks on Stream Ciphers with Linear Feedback,
MFCUK,
If your password is 123456,
Hear of darkness - exploring the uncharted backwaters of hid iclass,
Engineering and Access Control Systems,
Cryptanalysis of the Random Number Generator of the Windows,
Reverse-Engineering a Cryptographic RFID Tag,
Silence on the Wire,
IPVM.COM,
Bryan Buenaventura
May 30, 2018MitM #3 released 2 months ago... not sure how that makes me late? Plus I'm speaking of a specific type of threat, and have not disclosed other areas of research.
I'd love to collaborate (and learn) with you Undisclosed #2, but your angle seems a bit hostile. I hope I've misread this.
My info is available, please reach out if you can. I believe there's strength in numbers...
U
Undisclosed #2
May 30, 2018I am hostile, you did not misread. I wish I had time to reach out but I am very busy. Relax, us trolls sit in amazing places. I am sure you are on top of your game, I just like to give people a nudge here and there.
I dislike access control systems that still incorporate wiring systems that resemble a VW bug. Although open path uses a defeated credential it can be turned off, it is only there as a compatibility and migration plateau and was not a design miss. If the system contains WWII cabling and terminations then what else can be lacking in their upgrade?
Manufacturers clone each other's board technology and enough engineers have musical chaired their way around the industry seeking that next raise. There are no secrets, at the process's design level and pic technology, it is common knowledge amongst some nerds. Look at the iStar Ultra, they finally got rid of the ribbon cable and now connect ACM via USB(bout time, and...why stop there?). What about the IP-ACM? cool toy however why did they stop at copper ethernet? It just takes a lantronix XPICO and you are BLE, and A/B/G/N! You can DIY with a XPICO kit and connect ether to ether...however manufacturers can do it for a lot less. Why stop there? The card reader itself should be GSM! and not like the reader from openpath going back to another Volkswagen fuse block 4 reader panel.
This thread...from ambitious access control systems to inevitable integrator comets of demise to H10301 foreplay and back to a post about another system that will be sold on amazon and installed by union electricians on their day off. For all the technology that pushes us forward there will be some that rears us back. For now I'll pass on all these beta systems that simplify complexity by simplifying vulnerability and eventually the integrator and his workforce must be let go. Who drags a wire to every device? Got a glass break?-here's a wire for that!, got a card reader?-got a wire for that too!, got a door contact, double door you say? we can series those together and yes we got a wire for that. Still running around with a digital multimeter looking for ground faults? WHY?
The expectation to simplify is overlooked by security engineers who have been led to believe they must have an elaborate, complicated value priced solution that sounds like he is smart in fact damn near genius and in the end what do we get?
More Volksweigands!
Bryan Buenaventura
May 30, 2018Your background sounds diverse & astonishing, would love to learn more about ways on how you may be putting it to good (actionable) use. Let's stop talking about it, and let's do something about it.
You've got my info... leaving the door wide open for collaboration.
["Volksweigands"... Never heard that before - That's pretty damn funny!]