In 2017, I discovered that a popular IP-based door access control system (badge reader and door lock controller) used poorly-implemented cryptography. Through binary analysis and live testing against a functional device, I was able to construct an exploit that would unlock the door without talking to the central authority database or logging the door open event. I’ll walk the audience through the steps that made me realize there was a problem, through the binary analysis, and then finally into building a working exploit.
Дата: 21.11.2018. Категории: