Noooooooooo touch! - Michael Rodger | 0xCON 2023
Вставка
- Опубліковано 16 вер 2024
- A few years ago, a new addition to the standard lineup of access control equipment quietly appeared - the humble “No touch” sensor. These mostly replaced physical buttons, the typical use case being letting yourself out from the “inside”, where the “outside” would have some form of control such as a keypad, RFID scanner, biometrics, etc. Naturally if you were already inside, you wouldn’t have to authenticate yourself to leave.
Fast forward to 2020 and “things you didn’t have to touch” were all the rage, so these started popping up all over the place (according to my observations). I was curious as to how they worked, and whether the range could somehow be manipulated. I had a hunch that they functioned by reflecting infrared light of some sort and I confirmed this by buying one and taking it apart. I came up with an idea to brute-force these to open with an external light source, and then high-powered infrared LED behind a lens to extend the range significantly. This was attractive because they are frequently placed on “inside” of glass doors where the “outside” requires authentication, so having a high-powered “no touch blaster” would let you into places you shouldn’t be :)
My initial research revealed that they seem to be more secure than I’d hoped, so I’m now less confident that beating them is even possible, but I have a few more ideas around what could be tried.
At a minimum, this will be a talk about taking a piece of hardware and dissecting it to figure out how it works, and essentially security testing it. General hardware security methodology and my journey from wondering, to opening, to what I learned about the devices. Best case scenario, I find a method that works and talk about the weaknesses and end up with a gadget in my red-team bag of tricks.
Also, the title is “noooooooo touch” with 10x o because the extended range, so I’m really not touching it.
This was a fantastic presentation. I enjoyed this very much.