Rocks vs Wiegand: Access Control Risks

By Brian Rhodes, Published Jul 14, 2021, 11:53am EDT

Wiegand is an access control security risk but so are rocks. How should security professionals handle such risks?

IPVM Image

Access control manufacturer PDK's founder talked about their new OSDP enabled product while emphasizing that other fundamental risks still exist, such a simply throwing a rock through glass to break in.

Inside this report, we share:

  • PDK Founder contrasts Wiegand vulnerability to rock smashing risks
  • Comment on how OSDP used to segment access market
  • Why exploiting Wiegand does not take great complexity
  • OSDP importance as 'Industry Standard'
  • Examining how OSDP fixes Wiegand risk

For background, see OSDP (vs Wiegand) Access Control Guide.

PDK ******* '*** **** ****' ********* ****

****** ******* **** ****** ****, ** ****** ************ said **** ***** **** protects ******* ******** *******, physically ******** * ****** is * ***** **** itself:

** *******, *** *** discussing *** ***, ****** security ****-******* ******** ********* ***. *** *******'******-****** ******** **************** ******* **** *** do *** ******* ****.

IPVM Image**** *****, ********* *** Co-Founder ** *** (**********)****:

************'***********'.*******,************************,*'******************,***,******************? (*******?)*****,****,***'****************************************.*******,******'***************************************.********,*******,*************************************************************,******************.

**** **** '** ******* Market'

***** **** **** **** OSDP ** **** ** manufacturers *** ******** ********** to ************ '******* *** market' ** ******* ****** solutions **** ** *** have **:

****, ***** **** ** speak ** *** **** side, *** ****, ***** in **** *****, *'* a ****** *** ** a ******** **** ****** like ****. ***, *** we've *** * ***** of *********** ****** *** organization **** *** *** talk ***** **** ********** and *** ** ********* what's **** *********.

*****'* ** ******** **** there's ********** ** *** industry, ****'* ********* ** large ************* ** ******* the ******, *****?

*** ** ******* ******

*** ********* ********** *** 'Wiegand-weakness' ** *************(************* ****) ******* **** walls *** ***** ** tap *****:

**** ***'** ********* ** edge (******* **** **********) device, *** *'** *** my ********** *** ** the ****, *** *'* running ** ****, ***** three, ****, ** **** feet, **** *** ******* of **** ****, ** really ** *** ******* that ******** ** ***** to *** * ******* and *** *** **** off, *****, *** ***** the, *** ****, *** wires *** ******* ** it.

*******, ******** ********** *******'* weakness ** *** ******* cutting ** ******. ** fact, ***** ******* ******* little **** **** * screwdriver *** * *** minutes ** ***.*** ***** ***** ***** how ******* *** ********* installed:

******* ******** *** **** and *********** ** ***, with **** **************** ~$** - $** online.

OSDP ********* ** '******** ********'

***** ****** **** '********* important' *** ** ** becoming '** ******** ********' for ******, *** ******* short ** ****** ** was ******* ** ***** security:

**, *** ****, *'* not ***** *** **** I ***'* ******* ** OSDP, * ***** **** it's ********* *********. *** for ***, ** *** the **** ** ***** something ******* ** *** the ***** ***** ** do *** ******* ********* was ***** **. *** that's **** ** *** is ********* *** ****** to ****. *** *** purpose ** ****** **** out *** ***. *** once ** ***** ********** the *** **** **** that **** **** *** adjustment. *** ***** *** certainly ***** ***** ** features **** *** **** to **** *********** ** because ** ******* ** becomes ** ******** ******** or ******** ********.

OSDP **. ******* ****

**** ** ********* ******* it **** ******** ** the **** *********** ** access ******* ** ***********.

******** ******** ******* *.*.*, ***-*** *** ********** is **** ** **** between ****** *** **********. Previous ******** ** **** may *** ******* **********, as ** *** *** defined ** '*********' ***** then.

**** **** ****** *******, the ******** ******* ****** and ******** ********** ** encrypted ******* **** ************ and ********* ******* **** 'man ** *** ****** devices.

******* **** *** ******* against ****. *** *******,*** $** ******** ***$** *** **** ************ *** ********** **** (regardless ** *** ****** the ****** **) *** makes ** **** ** copy, ******, ** ********* misuse **** **** ** break **** ** ****** system:

IPVM Image

****** ***** ****** ****** is ********** ** *** risk ** ******* ******* when ******** *** ********* in *** ******. *** card *********** **** ********* can **** ** **** to ****** ********* ****** of ***** ***** ** to ****** ***** ******* signals ** ******* ********* readers ********.

****/****

Comments (14)

***** !! ** ****** we *** ***** * couple ** ******* ****** on ****** *******. ***** with * ***-****-***-**** ******** to ******** ******** *** we ***'* **** ********* have * ****** ** readers.

***

Agree: 2
Disagree
Informative
Unhelpful
Funny

******** *** ** ***'* even ********* **** * tamper ** *******.

** **** * ****** exists, ** ** *** configured ** *********!

Agree: 2
Disagree
Informative
Unhelpful
Funny

*** * **** *****, then. ** *** ********** detect * ****** ****.

IPVM Image

Agree
Disagree
Informative
Unhelpful
Funny: 4

********, *** ******* ************* in **** ****** ******* systems ** **********. ** need ** ***** * rock ******* *** ******, just **** *** ******* to ***** ** ***** the ******** *** **** walk ***** **. **** people **** **** ******** hold *** **** **** for *** **** *****. During ** ******** ***********, I **** **** * can *** **** * building ***** **** ********* over **% ** *** time.

**** ********** ** **** another ******* ** *** a ***-*******, ****-***** ******** to ******** **** ** taken. *** ***** ** risk ****** ******* **** facility ** ******** *** what ** ********* ** one ******** ** *********** at *******.

******* ***** ** ********** are *********** ** ******** types ** ******* **** as ******* **** ************** lines *** ******** ** counterfeiting ***********. *******, ** most **********, ***** *** few ********** ***** ** an ******** ******* ****** using ***** *******. ***** are *** ****** **** to ***** * ********: tailgating, ******** * *****, or ****** ******* *** a **** **** *** failed ** ***** ********.

**** **** ***** ****, I ***** **** ** is ************* *** * manufacturer ** ******** ** offer ******** **** **** known ******** *************** **** more ****** ******** *** be ******** ** ****** the **** ****. **** consumers *** ***** *** impression (******* *****) **** any ******** ******* **** by * * ********* manufacturer **** ****** ******* security. ******* * ******* with ***** ******* ******* on ********** ** ** opinion.

Agree: 19
Disagree
Informative: 1
Unhelpful
Funny

* *****'* **** **** of ***** ***** ** readers ** *** ***** anymore. *** **** ***** be *** ******* ** install *** ****** *** you ***** ** **** pressed ** **** ***.

* ******* *** **** of ******** ** ** customers *** **** **** don't ****** ****. ***** thought ** ** ******* a *** ****** **** a *** ********** *** when ***** *** *** replaced **** ***** ********* cards ****. **** ******* a ******** ** *** a ********** **** ** even * **** *** to *** ***** ****.

**** ** ****** *********** is ****** *** ***** calling *** *** **** readers.

Agree
Disagree
Informative
Unhelpful
Funny

* *** ******* ******* all *** ******** *** you ********* **** * was ********. * ***** the **** ******** ****** be, "*** **** ** your ********* **** ***** security *****?"

*** ** *** ****** I ******* *** ******** flaws ** *** ********* at *** **** ** was *** ***'* ****** anything ** **** ** more ******. *** *** install *** * ***** install *** * *** floored **** **** ********* 125k. * **** **** way *** **** **** installed ** *** **** few *****. * ********** the ******** ************** *** the **** *****, *** there ** ** ****** for ** ******* **** didn't **** ****** ******* before.

** ******* *********, *** easiest ** ***** **********. Double ***** ******* * mullion ** ********* **** as ****.

* **** ****** ****** this **** * **** service ***** ** ******* just ** *** *** security **. * **** often **** ** *** area ** ******* *** simply *** ** ****** I'm ******** ** ** there *** ********* ** one **** ********. **** of ****** **** ***** when *** ********* ***'* recognize **. ** *** are ******* *** *** part *** ******* **** technical ********, ****** ********* don't ******** ***. **** when *** **** ********** does ** ***** ******. Though **** ***'* ****** true. * *** ********* footage ***** *** ***** a ****** *** *** back ******* * ******* case ****** * ***** in * **** ****. He *** ******** *** the ***** **** ** take *** *** ******* and ** * ***** and ****. *** ***** is, ** ***** ***** for ****** ** **** and ** ******** **** a *****.

**** **** **** ******** arrived, **** ***** ***** way **** ***. * said *** **** ******* to ***** **** ********* with..."Oh, *** **** ********." This ********* **** **** hallway *** **** ***** and *** **** ****** at *** **** *** worse **** *** ***** cameras.

Agree
Disagree
Informative
Unhelpful
Funny

* ******* *** ******* "real" ******** **** *** typical ****** ******* ***-***** remains *** ********* *********** and *** ******* *** them ** ** ********** in ** ******* ** the ***** ******* *****.

**** ** **** *** clients ***** ********* **** these *********** *** ******** WORSE **** **** (******* they *** ******** * real ****-****** *** ****** it **** **** **** entered *** * **** reader **** **** *** not) **** ********** ** is **** ** **** the ****** *** ******* readers *** ***********.

********** *** ****** ****--*** remains--the ******* *** ** overcome * **** ****** entry *****.

******** ******* **** * rock *** **** ******* entry, *** ****'* **** a ********** ***** ****** is *** (******* ********), so * ***'* ***** it ** * ******* point ** ***.

**** ** ********* *** higher-security **********, "****** *** box" *** * ******** manager *** ***** ** show **/*** ** ********* best-practices, *** ************ **** the ******** ******** ** evolving *** ****.

Agree: 1
Disagree
Informative
Unhelpful
Funny

* ***** *** ***** thing ***** * **** duplication ** **** *** may *** ** ***** of *** ********* *** a **** ****, ** ever. ** ** ** intruder ****** ********* *********** you *** *** ** aware. **** * **** it **** ** ****** obvious *** *** *** can ***** ** *** what **** ******** ***** inside.

Agree
Disagree
Informative: 1
Unhelpful
Funny

********** *** ****** ****** ICT **** ******** **** an ***** ** * duplicated **** ** ****. Supposedly ********* ** *** the **** *** ****** there ** ** ***** bit ** *** *** string ******** ** *** non ****** ****. * have *** **** **** in ** ****** ************* though.

Agree
Disagree
Informative
Unhelpful
Funny

* *** *** ***** this. ***********. * **** ask *** *** ******** and **** ** ****.

Agree
Disagree
Informative
Unhelpful
Funny

**** *** **** * sales *** ** ***'* hold *** **** ** the ****!

Agree: 1
Disagree
Informative
Unhelpful
Funny

* ******* **** ** only **** *** *** Secured ******.

Agree
Disagree
Informative
Unhelpful
Funny

*****, *** ** ****** this ** ****** **** I ******* ****** ** alerting ********* *** ** insecure ****** ** ****** than *** ****** ** alerting ****** *** ** insecure ******.

*******, ** **** *****'* perfectly *********** *** ********* of *** ******** ** much ** *** ********, I ***'* **** **** would.

************: "***, ***** ** a *********** **** ** your ******, *** **'** provided ** ***** ** you ***** **** ** it's **** *********!"

********: "***...*** ***'* *** just *** *** ****? Does ** **** * lot ** *****?"

************: "**...**..."

********: "**, **** ** must ** ******, ****** difficult ** *********, *****?"

************: "*** ** ****..."

** ***********...*****, ***** ** ICT *** ******** ****** a ********, *** *** fact **** *** ******** as * ***** *** not ********* **** ** such ** ********** ** us ***...

Agree: 1
Disagree
Informative
Unhelpful
Funny

********* ** *** ********, access ******* ** **** of * ********** ** actual ********. ** **** a ******** **** ********* our ****** *** ****'* want ** **** *** time ** ******** *** of *** ********* ** the **** ** *** system ****-***. ** **** configured *** ****** ********** to **** *** **** even ** ** ************ card *** *********. **** was **** **** * months *** *** *** setting ***** ****'* ******* even ***** **'** ********* them ***** ** ** numerous ********* ******** **** to *** *** *****.

Agree
Disagree
Informative
Unhelpful
Funny
Read this IPVM report for free.

This article is part of IPVM's 7,270 reports and 968 tests and is only available to subscribers. To get a one-time preview of our work, enter your work email to access the full article.

Already a subscriber? Login here | Join now
Loading Related Reports