OTORIO, a leading cybersecurity company, recently revealed groundbreaking research on the security risks associated with modern Physical Access Control Systems (PACS), presented at Black Hat Europe 2023.
Key highlights
- Bypassing the latest physical security access control systems, allowing unauthorized access to secure facilities.
- Demonstrating how attackers can breach internal IP networks directly from outside the front door.
When the Front Door Becomes a Backdoor: The Security Paradox of OSDP
During the 40-minute virtual closed-door session, Eran Jacob, Head of Research, and Ariel Harush, Security Researcher, exposed the paradoxical nature of modern Physical Access Control Systems (PACS) situated at the front doors of various facilities. Contrary to their primary purpose of enhancing security, these systems, especially those utilizing the Open Supervised Device Protocol (OSDP), inadvertently created a potential entry point into the organization’s internal IP network.
Also Read: Challenges of 5G for Cybersecurity
“We successfully bypassed the latest physical access control systems, exposing potential vectors for unauthorized facility access,” says Eran, “Our findings illuminate a paradox in the technological advancement of these devices—as they incorporate additional security features, they also increase complexity and introduce new risks. During our research, we demonstrated how this could potentially enable attackers to compromise the physical barriers and penetrate the internal IP networks right from the gate of the secure site.”
The research demonstrates how cyber attackers could exploit supposedly secure doors equipped with the latest building access control measures. The attackers could rapidly establish a Man-in-The-Middle on the serial connection behind the reader, overcome tamper protection, bypass OSDP for unauthorized physical access, and exploit access controllers for breaching the internal IP network over the serial channel. This discovery raises concerns about the security of devices utilizing OSDP, highlighting the need for a comprehensive revaluation of building access control measures.
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
