BREAKING ACCESS CONTROLS WITH BLEKEY presented at BlackHatEU 2015

by Eric Evenchick, Mark Baseggio,

Summary : RFID access controls are broken. In this talk, we will demonstrate how to break into buildings using open-source hardware we're releasing.
Over the years, we've seen research pointing to deficiencies in every aspect of access control systems: the cards, the readers, and the backend. Yet, despite these revelations, there has been no meaningful change in their design or reduction in use around the world. Do these companies not care about physical security, or do they not understand the implications of these weaknesses?
We have improved upon previous research with an open-source hardware device that exploits the communication protocol used by the majority of access control systems today. Using a tiny device that can be easily embedded in an RFID reader, attendees will learn how to use Bluetooth LE and a cell phone (or PC) to circumvent access controls, log access information, and clone RFID cards.
Our goal is to use this device to help those relying on insecure devices understand the risks. We will also explain what can be done to lower the risk of access control attacks.