conference logo

Playlist "Electromagnetic Field 2024"

Digital Skeleton Keys - We’ve got a bone to pick with offline Access Control Systems

Miana

Offline RFID systems rely on data stored within the key to control access and configuration. But what if a key lies? What if we can make the system trust those lies? Well then we can do some real spooky things…

This is the story of how a strange repeating data pattern turned into a skeleton key that can open an entire range of RFID access control products in seconds.

It’s a scrappy but scary hack that spawned from something we noticed whilst trying to duplicate an access card onto a subdermal RFID implant. This covers the discovery of the flaw, how we investigated it, and how significant the flaws ended up being.