DEF CON 23 - Dennis Maldonado - Are We Really Safe? - Bypassing Access Control Systems

Access control systems are everywhere. They are used to protect everything from residential communities to commercial offices. People depend on these to work properly, but what if I had complete control over your access control solution just by using my phone? Or perhaps I input a secret keypad combination that unlocks your front door? You may not be as secure as you think. The world relies on access control systems to ensure that secured areas are only accessible to authorized users. Usually, a keypad is the only thing stopping an unauthorized person from accessing the private space behind it. There are many types of access control systems from stand-alone keypads to telephony access control. In this talk, Dennis will be going over how and where access control systems are used. Dennis will walk through and demonstrate the tips and tricks used in bypassing common access control systems. This presentation will include attack methods of all nature including physical attacks, RFID, wireless, telephony, network, and more. Dennis Maldonado is a Security Consultant at KLC Consulting. His current work includes vulnerability management, penetration testing, infrastructure risk assessment and security research. Dennis’ focus is encompassing all forms information security into an assessment in order to better simulate a real world attack against systems and infrastructure. As a security researcher and evangelist, Dennis spends his time sharing what he knows about Information Security with anyone willing to learn. Dennis has presented at numerous workshops and meetups in the Houston area. Dennis co-founded Houston Locksport in Houston, Texas where he shares his love for lock-picking physical security.