In the security world, attacker physical access often means game over -- so what happens if you can't trust your building's electronic door system? This presentation and paper explore attack surfaces and exploitation vectors in a major vendor of electronic door access controllers (EDAC). The main focus is on time-constrained rapid analysis and bug-hunting methodologies, while covering research techniques that assist in locating and targeting EDAC systems. In addition, a review of practical countermeasures and potential research activities in the EDAC space are covered. Attendees can expect an eye-opening experience regarding insecurities of critical systems controlling physical access to hospitals, schools, fire stations, businesses and other facilities.
CarolinaCon is an annual conference in North Carolina that is dedicated to sharing knowledge about technology, security and information rights. CarolinaCon also serves to enhance the local and international awareness of current technology related issues and developments. CarolinaCon also strives to mix in enough entertainment and side contests/challenges to make for a truly fun event.