Rocks vs Wiegand: Access Control Risks

By Brian Rhodes, Published Jul 14, 2021, 11:53am EDT (Info+)

Wiegand is an access control security risk but so are rocks. How should security professionals handle such risks?

IPVM Image

Access control manufacturer PDK's founder talked about their new OSDP enabled product while emphasizing that other fundamental risks still exist, such a simply throwing a rock through glass to break in.

Inside this report, we share:

PDK Founder contrasts Wiegand vulnerability to rock smashing risks
Comment on how OSDP used to segment access market
Why exploiting Wiegand does not take great complexity
OSDP importance as 'Industry Standard'
Examining how OSDP fixes Wiegand risk

For background, see OSDP (vs Wiegand) Access Control Guide.

PDK ******* '*** **** ****' ********* ****

****** ******* **** ****** ****, ** ****** ************ **** **** while **** ******** ******* ******** *******, physically ******** * ****** ** * major **** ******:

** *******, *** *** ********** *** new, ****** ******** ****-******* ******** ********* ***. *** *******'******-****** ******** **************** ******* **** *** ** *** support ****.

IPVM Image **** *****, ********* *** **-******* ** PDK (**********)****:

************'***********'.*******,************************,*'******************,***,******************? (*******?)*****,****,***'****************************************.*******,******'***************************************.********,*******,*************************************************************,******************.

**** **** '** ******* ******'

***** **** **** **** **** ** used ** ************* *** ******** ********** to ************ '******* *** ******' ** exclude ****** ********* **** ** *** have **:

****, ***** **** ** ***** ** the **** ****, *** ****, ***** in **** *****, *'* * ****** bit ** * ******** **** ****** like ****. ***, *** **'** *** a ***** ** *********** ****** *** organization **** *** *** **** ***** this ********** *** *** ** ********* what's **** *********.
*****'* ** ******** **** *****'* ********** in *** ********, ****'* ********* ** large ************* ** ******* *** ******, right?

*** ** ******* ******

*** ********* ********** *** '*******-********' ** using********(************* ****) ******* **** ***** *** doors ** *** *****:

**** ***'** ********* ** **** (******* door **********) ******, *** *'** *** my ********** *** ** *** ****, and *'* ******* ** ****, ***** three, ****, ** **** ****, **** the ******* ** **** ****, ** really ** *** ******* **** ******** is ***** ** *** * ******* and *** *** **** ***, *****, and ***** ***, *** ****, *** wires *** ******* ** **.

*******, ******** ********** *******'* ******** ** not ******* ******* ** ******. ** fact, ***** ******* ******* ****** **** than * *********** *** * *** minutes ** ***.*** ***** ***** ***** *** ******* are ********* *********:

******* ******** *** **** *** *********** to ***, **** **** **************** ~$** - $** ******.

OSDP ********* ** '******** ********'

***** ****** **** '********* *********' *** to ** ******** '** ******** ********' for ******, *** ******* ***** ** saying ** *** ******* ** ***** security:

**, *** ****, *'* *** ***** say **** * ***'* ******* ** OSDP, * ***** **** **'* ********* important. *** *** ***, ** *** the **** ** ***** ********* ******* it *** *** ***** ***** ** do *** ******* ********* *** ***** it. *** ****'* **** ** *** is ********* *** ****** ** ****. And *** ******* ** ****** **** out *** ***. *** **** ** truly ********** *** *** **** **** that **** **** *** **********. *** there *** ********* ***** ***** ** features **** *** **** ** **** adjustments ** ******* ** ******* ** becomes ** ******** ******** ** ******** specific.

OSDP **. ******* ****

**** ** ********* ******* ** **** security ** *** **** *********** ** access ******* ** ***********.

******** ******** ******* *.*.*, ***-*** *** ********** ** **** on **** ******* ****** *** **********. Previous ******** ** **** *** *** support **********, ** ** *** *** defined ** '*********' ***** ****.

**** **** ****** *******, *** ******** between ****** *** ******** ********** ** encrypted ******* **** ************ *** ********* copying **** '*** ** *** ****** devices.

******* **** *** ******* ******* ****. For *******,*** $** ******** ***$** *** **** ************ *** ********** **** (********** ** how ****** *** ****** **) *** makes ** **** ** ****, ******, or ********* ****** **** **** ** break **** ** ****** ******:

IPVM Image

****** ***** ****** ****** ** ********** to *** **** ** ******* ******* when ******** *** ********* ** *** reader. *** **** *********** **** ********* can **** ** **** ** ****** identical ****** ** ***** ***** ** to ****** ***** ******* ******* ** systems ********* ******* ********.

****/****

Comments (14)

Randy Lines

07/14/21 04:31pm

***** !! ** ****** ** *** still * ****** ** ******* ****** on ****** *******. ***** **** * one-down-man-ship ******** ** ******** ******** *** we ***'* **** ********* **** * tamper ** *******.

***

Agree: 2

Disagree

Informative

Unhelpful

Funny

Brian Rhodes

IPVMU Certified | In reply to Randy Lines | 07/14/21 04:41pm

******** *** ** ***'* **** ********* have * ****** ** *******.

** **** * ****** ******, ** is *** ********** ** *********!

Agree: 2

Disagree

Informative

Unhelpful

Funny

Undisclosed Manufacturer #1

07/14/21 04:45pm

*** * **** *****, ****. ** can ********** ****** * ****** ****.

IPVM Image

Agree

Disagree

Informative

Unhelpful

Funny: 4

Michael Silva

Silva Consultants
07/14/21 05:52pm

********, *** ******* ************* ** **** access ******* ******* ** **********. ** need ** ***** * **** ******* the ******, **** **** *** ******* to ***** ** ***** *** ******** and **** **** ***** **. **** people **** **** ******** **** *** door **** *** *** **** *****. During ** ******** ***********, * **** that * *** *** **** * building ***** **** ********* **** **% of *** ****.

**** ********** ** **** ******* ******* of *** * ***-*******, ****-***** ******** to ******** **** ** *****. *** level ** **** ****** ******* **** facility ** ******** *** **** ** mandatory ** *** ******** ** *********** at *******.

******* ***** ** ********** *** *********** to ******** ***** ** ******* **** as ******* **** ************** ***** *** networks ** ************** ***********. *******, ** most **********, ***** *** *** ********** cases ** ** ******** ******* ****** using ***** *******. ***** *** *** easier **** ** ***** * ********: tailgating, ******** * *****, ** ****** looking *** * **** **** *** failed ** ***** ********.

**** **** ***** ****, * ***** that ** ** ************* *** * manufacturer ** ******** ** ***** ******** that **** ***** ******** *************** **** more ****** ******** *** ** ******** at ****** *** **** ****. **** consumers *** ***** *** ********** (******* false) **** *** ******** ******* **** by * * ********* ************ **** indeed ******* ********. ******* * ******* with ***** ******* ******* ** ********** in ** *******.

Agree: 20

Disagree

Informative: 1

Unhelpful

Funny

Shannon Davis

IPVMU Certified | 07/14/21 09:03pm

* *****'* **** **** ** ***** types ** ******* ** *** ***** anymore. *** **** ***** ** *** easiest ** ******* *** ****** *** you ***** ** **** ******* ** find ***.

* ******* *** **** ** ******** to ** ********* *** **** **** don't ****** ****. ***** ******* ** to ******* * *** ****** **** a *** ********** *** **** ***** are *** ******** **** ***** ********* cards ****. **** ******* * ******** to *** * ********** **** ** even * **** *** ** *** extra ****.

**** ** ****** *********** ** ****** bid ***** ******* *** *** **** readers.

Agree

Disagree

Informative

Unhelpful

Funny

Kyle Folger

IPVMU Certified | In reply to Shannon Davis | 07/14/21 11:37pm

* *** ******* ******* *** *** comments *** *** ********* **** * was ********. * ***** *** **** question ****** **, "*** **** ** your ********* **** ***** ******** *****?"

*** ** *** ****** * ******* the ******** ***** ** *** ********* at *** **** ** *** *** don't ****** ******** ** **** ** more ******. *** *** ******* *** a ***** ******* *** * *** floored **** **** ********* ****. * have **** *** *** **** **** installed ** *** **** *** *****. I ********** *** ******** ************** *** the **** *****, *** ***** ** no ****** *** ** ******* **** didn't **** ****** ******* ******.

** ******* *********, *** ******* ** often **********. ****** ***** ******* * mullion ** ********* **** ** ****.

* **** ****** ****** **** **** I **** ******* ***** ** ******* just ** *** *** ******** **. I **** ***** **** ** *** area ** ******* *** ****** *** as ****** *'* ******** ** ** there *** ********* ** *** **** anything. **** ** ****** **** ***** when *** ********* ***'* ********* **. If *** *** ******* *** *** part *** ******* **** ********* ********, people ********* ***'* ******** ***. **** when *** **** ********** **** ** raise ******. ****** **** ***'* ****** true. * *** ********* ******* ***** ago ***** * ****** *** *** back ******* * ******* **** ****** a ***** ** * **** ****. He *** ******** *** *** ***** time ** **** *** *** ******* and ** * ***** *** ****. The ***** **, ** ***** ***** for ****** ** **** *** ** employee **** * *****.

**** **** **** ******** *******, **** asked ***** *** **** ***. * said *** **** ******* ** ***** they ********* ****..."**, *** **** ********." This ********* **** **** ******* *** used ***** *** *** **** ****** at *** **** *** ***** **** the ***** *******.

Agree

Disagree

Informative: 1

Unhelpful

Funny

Undisclosed Integrator #2

07/15/21 04:18pm

* ******* *** ******* "****" ******** risk *** ******* ****** ******* ***-***** remains *** ********* *********** *** *** ability *** **** ** ** ********** in ** ******* ** *** ***** grocery *****.

**** ** **** *** ******* ***** recognize **** ***** *********** *** ******** WORSE **** **** (******* **** *** spoofing * **** ****-****** *** ****** it **** **** **** ******* *** a **** ****** **** **** *** not) **** ********** ** ** **** to **** *** ****** *** ******* readers *** ***********.

********** *** ****** ****--*** *******--*** ******* way ** ******** * **** ****** entry *****.

******** ******* **** * **** *** gain ******* *****, *** ****'* **** a ********** ***** ****** ** *** (layered ********), ** * ***'* ***** it ** * ******* ***** ** PDK.

**** ** ********* *** ******-******** **********, "checks *** ***" *** * ******** manager *** ***** ** **** **/*** is ********* ****-*********, *** ************ **** the ******** ******** ** ******** *** tech.

Agree: 1

Disagree

Informative

Unhelpful

Funny

Undisclosed Manufacturer #3

07/15/21 06:00pm

* ***** *** ***** ***** ***** a **** *********** ** **** *** may *** ** ***** ** *** intrusion *** * **** ****, ** ever. ** ** ** ******** ****** sensitive *********** *** *** *** ** aware. **** * **** ** **** be ****** ******* *** *** *** can ***** ** *** **** **** accessed ***** ******.

Agree

Disagree

Informative: 1

Unhelpful

Funny

Shannon Davis

IPVMU Certified | In reply to Undisclosed Manufacturer #3 | 07/15/21 06:26pm

********** *** ****** ****** *** **** actually **** ** ***** ** * duplicated **** ** ****. ********** ********* on *** *** **** *** ****** there ** ** ***** *** ** the *** ****** ******** ** *** non ****** ****. * **** *** seen **** ** ** ****** ************* though.

Agree

Disagree

Informative

Unhelpful

Funny

Brian Rhodes

IPVMU Certified | In reply to Shannon Davis | 07/15/21 06:32pm

* *** *** ***** ****. ***********. I **** *** *** *** ******** and **** ** ****.

Agree

Disagree

Informative

Unhelpful

Funny

Shannon Davis

IPVMU Certified | In reply to Brian Rhodes | 07/15/21 07:29pm

**** *** **** * ***** *** so ***'* **** *** **** ** the ****!

Agree: 1

Disagree

Informative

Unhelpful

Funny

Billy Guthrie

ZMANA | In reply to Brian Rhodes | 07/27/21 02:20pm

* ******* **** ** **** **** the *** ******* ******.

Agree

Disagree

Informative

Unhelpful

Funny

Undisclosed #4

In reply to Shannon Davis | 07/15/21 06:42pm

*****, *** ** ****** **** ** saying **** * ******* ****** ** alerting ********* *** ** ******** ****** is ****** **** *** ****** ** alerting ****** *** ** ******** ******.

*******, ** **** *****'* ********* *********** the ********* ** *** ******** ** much ** *** ********, * ***'* know **** *****.

************: "***, ***** ** * *********** flaw ** **** ******, *** **'** provided ** ***** ** *** ***** know ** **'* **** *********!"

********: "***...*** ***'* *** **** *** the ****? **** ** **** * lot ** *****?"

************: "**...**..."

********: "**, **** ** **** ** really, ****** ********* ** *********, *****?"

************: "*** ** ****..."

** ***********...*****, ***** ** *** *** actually ****** * ********, *** *** fact **** *** ******** ** * whole *** *** ********* **** ** such ** ********** ** ** ***...

Agree: 1

Disagree

Informative

Unhelpful

Funny

Wanchai Siriwalothakul

Smart Entry Systems
IPVMU Certified | 07/22/21 12:18am

********* ** *** ********, ****** ******* is **** ** * ********** ** actual ********. ** **** * ******** that ********* *** ****** *** ****'* want ** **** *** **** ** register *** ** *** ********* ** the **** ** *** ****** ****-***. So **** ********** *** ****** ********** to **** *** **** **** ** an ************ **** *** *********. **** was **** **** * ****** *** and *** ******* ***** ****'* ******* even ***** **'** ********* **** ***** it ** ******** ********* ******** **** to *** *** *****.

Agree

Disagree

Informative

Unhelpful

Funny

Login to read this IPVM report.

Why do I need to log in?

IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.

Rocks vs Wiegand: Access Control Risks

Comments (14)

Randy Lines

Brian Rhodes

Undisclosed Manufacturer #1

Michael Silva

Shannon Davis

Kyle Folger

Undisclosed Integrator #2

Undisclosed Manufacturer #3

Shannon Davis

Brian Rhodes

Shannon Davis

Billy Guthrie

Undisclosed #4

Wanchai Siriwalothakul

Login to read this IPVM report.

Subscriber Login

Loading Related Reports

Login to view the video.