Physical Access Systems Open Cyber Door to IT Networks

Besides unlocking supposedly secure doors, a man-in-the-middle cyberattack on physical access controllers can enable ransomware, data theft, and more.

Card reader at an office door to allow access
Source: Stephen Barnes Technology via Alamy Stock Photo

Cyberattackers can exploit access control measures installed on supposedly secure facility doors to gain unauthorized building access to sensitive locations — as well as breach internal IP networks directly from these systems, researchers are warning.

In a closed-door session at Black Hat Europe 2023 this month, analysts at Otorio demonstrated how attackers can easily subvert modern physical access control systems (PACSs), which are typically installed by secure doors in the form of a badge-scanner, card-swiper, or keypad.

PACSs using the Open Supervised Device Protocol (OSDP) are especially at risk, according to Eran Jacob, head of research at Otorio. OSDP enables secure communication between a card- or badge-reader and the access controller itself, and it's been found to have multiple vulnerabilities in the past.

In the demonstration, the researchers were able to establish a man-in-the-middle presence on the serial connection behind the readers, overcome tamper protections, bypass OSDP to unlock doors for unauthorized physical access, and then exploit access controllers to pivot to the internal IP network via the serial channel.

"We successfully bypassed the latest physical access control systems, exposing potential vectors for unauthorized facility access," Jacob said in a statement detailing the building-access cyber research. "Our findings illuminate a paradox in the technological advancement of these devices — as they incorporate additional security features, they also increase complexity and introduce new risks. During our research, we demonstrated how this could potentially enable attackers to compromise the physical barriers and penetrate the internal IP networks right from the gate of the secure site."

Gaining unauthorized physical access is not a new threat, but according to Otorio, "the possibility of lateral movement from the front door into the internal network [is] an unprecedented scenario." The firm urges security teams to conduct a comprehensive pen-testing review of any PACS in use to prevent data exfiltration, ransomware, and other nightmare scenarios.

Read more about:

Black Hat News

About the Author

Tara Seals, Managing Editor, News, Dark Reading

Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights