RFID access controls are broken. In this talk, we will demonstrate how to break into buildings using open-source hardware we’re releasing. Over the years we have seen research pointing to deficiencies in every aspect of access control systems: the cards, the readers, and the backend. Yet despite these revelations there has been no meaningful change in their design or reduction in use around the world. Do these companies not care about physical security, or do they not understand the implications of these weaknesses?
Mark Baseggio is a Principal Consultant on Accuvant’s Attack and Pen team and is based out of Toronto, Canada. The team specializes in network penetration testing, vulnerability assessments, physical assessments, and social engineering. Mark’s been with Accuvant LABS Attack and Pen team for nearly three years, and during this time has had the opportunity to perform assessments for clients in Asia, Europe and North America. Prior to Accuvant, Mark worked for several local security firms in Toronto. In his spare time Mark likes to tinker with electronics, and has been known to thoroughly enjoy an IPA (preferably while listening to jam bands). Mark has previously presented at the SecTor and B-Sides Toronto security conferences on physical assessments, social engineering, RFID and hardware hacking. Mark also holds the GWAPT certification from SANS.
Eric Evenchick is a freelance embedded systems developer. While studying electrical engineering at the University of Waterloo, he worked with the University of Waterloo Alternative Fuels Team to design and build a hydrogen electric vehicle for the EcoCAR Advanced Vehicle Technology Competition. Eric has also worked on automotive firmware at Tesla Motors, and is a contributor at Hackaday.com.