Tuesday, 4 September 2018

Google Employee Hacks RFID Access System Own Office



A Google employee hacked the RFID access system of Google's own office in Sunnyvale, allowing him to open doors without an access pass and prevent other employees from gaining access. Google uses the iStar Ultra and IP-ACM systems from supplier Software House. The access system works via an RFID access pass.

Google employee David Tomaschik monitored the encrypted network traffic of the iStar Ultra and IP-ACM systems. The encrypted traffic turned out not to be random, whereas it should have been the case. Further research by Tomaschik revealed that all Software House devices used a hard-coded encryption key. This made it possible to forge commands, such as the command to open a door. He was also able to replay captured network traffic and thus open or block a door.

Furthermore, it was possible to perform these actions without creating a log. Software House has developed a solution, but organizations where the vulnerable systems are in use are still at risk, according to business magazine Forbes. Google also mentions that it has segmented its own network to provide protection against vulnerable systems.

No comments:

Post a Comment