Hardware Vulnerable to Google RFID Keycard Door Hack Still in Use by Other Companies

Discussion in 'HardForum Tech News' started by cageymaru, Sep 4, 2018.

  1. cageymaru

    cageymaru [H]ard as it Gets

    Apr 10, 2003
    Google security researcher David Tomaschik discovered an exploit that allowed him access to any RFID keycard enabled door on the Google campus. By analyzing the seemingly random lock and unlock codes that his door sent through the Google network, he was able to discover the encryption key hiding the commands that were being sent. This allowed him to take full control of any RFID door on the campus in complete stealth as no record of his actions were recorded. Other corporations use the same Software House devices and the only known fix is a firmware upgrade that requires a hardware upgrade also.

    But problems likely remain for others using the vulnerable Software House tech. Tomaschik said Software House had come up with solutions to fix the problem, though to switch to TLS, it'd require a change of hardware at the customer site. That's because the Software House systems didn't have enough memory to cope with the installation of new firmware, Tomaschik said. A spokesperson for Software House owner Johnson Controls said: "This issue was addressed with our customers." They didn't respond to a question on the need to replace physical devices.
  2. katanaD

    katanaD [H]ard|Gawd

    Nov 15, 2016
    so.. a networked device that is not capable of firmware upgrades??

  3. Jaybone909

    Jaybone909 Limp Gawd

    Dec 13, 2016
  4. VoloxitySF

    VoloxitySF Gawd

    Apr 26, 2005
    Might be a read only firmware on a chip that needs to be swapped, you know, for security reasons.
  5. PaulP

    PaulP Gawd

    Oct 31, 2016
    That industry is more slipshod that you believe, considering that most companies depend on physical security of their assets as their first, an primary, line of defense. I know, I've worked in it. In my opinion, sending this type of data over the normal IP network is foolish. I told a previous employer this, but I was assured that it was perfectly "safe". After I showed how easy it was to snoop the (unencrypted) transactions via wireshark, they just basically told me to shut up and sit down. But that was the least of their problems, they had plenty of other security holes which I couldn't patch fast enough. Too bad they let me get away before I got them all.