Sign up to save your podcasts
Or
Share Knock knock who's there 2.0, the subtle art of (physical) port knocking (WHY2025)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Knock knock who's there 2.0, the subtle art of (physical) port knocking (WHY2025)
Building entrance systems for prisons, hospitals an tv studio's should be secure. But is this really the case?
After "Knock knock who's there 1.0" at MCH2022, we will again look at some high-tech lockpicking, this time at more sensitive locations. The responsible disclosure is a tale of it's own! And why exactly is a 3-letter agency in the US interested in the disclosure?
Feeling safe at home and at work is one of the most basic requirements for living. Part of being, and feeling, safe is the physical access system of the building.
Since the last talk at MCH2022 more building entrance systems have been researched. The findings will be presented in this talk. And these findings have led to multiple CVE's and the discovery of single DES encryption and Mifare classic access card systems.
One manufacturer who makes building entrance systems used at very sensitive objects such as tv studio's and airports managed to leak the private key of a CA they use to manage the building access.
In another case we were able to generate license key files under the name of a very well known person.
In all cases we will look at the vulnerability disclosure and how to make sure you do not end up in prison (although with these locks....)
Licensed to the public under https://creativecommons.org/licenses/by/4.0/
about this event: https://program.why2025.org/why2025/talk/VZDSF3/
View all episodes
Building entrance systems for prisons, hospitals an tv studio's should be secure. But is this really the case?
After "Knock knock who's there 1.0" at MCH2022, we will again look at some high-tech lockpicking, this time at more sensitive locations. The responsible disclosure is a tale of it's own! And why exactly is a 3-letter agency in the US interested in the disclosure?
Feeling safe at home and at work is one of the most basic requirements for living. Part of being, and feeling, safe is the physical access system of the building.
Since the last talk at MCH2022 more building entrance systems have been researched. The findings will be presented in this talk. And these findings have led to multiple CVE's and the discovery of single DES encryption and Mifare classic access card systems.
One manufacturer who makes building entrance systems used at very sensitive objects such as tv studio's and airports managed to leak the private key of a CA they use to manage the building access.
In another case we were able to generate license key files under the name of a very well known person.
In all cases we will look at the vulnerability disclosure and how to make sure you do not end up in prison (although with these locks....)
Licensed to the public under https://creativecommons.org/licenses/by/4.0/
about this event: https://program.why2025.org/why2025/talk/VZDSF3/