In the security world, attacker physical access often means game over - so what happens if you can't trust your building's electronic door system? This presentation and paper explore attack surfaces and exploitation vectors in a major vendor of electronic door access controllers (EDAC).
The main focus is on time-constrained rapid analysis and bug-hunting methodologies, while covering research techniques that assist in locating and targeting EDAC systems. In addition, a review of practical countermeasures and potential research activities in the EDAC space are covered.
Attendees can expect an eye-opening experience regarding insecurities of critical systems controlling physical access to hospitals, schools, fire stations, businesses and other facilities.