Tuesday September 04, 2018

Hardware Vulnerable to Google RFID Keycard Door Hack Still in Use by Other Companies

Google security researcher David Tomaschik discovered an exploit that allowed him access to any RFID keycard enabled door on the Google campus. By analyzing the seemingly random lock and unlock codes that his door sent through the Google network, he was able to discover the encryption key hiding the commands that were being sent. This allowed him to take full control of any RFID door on the campus in complete stealth as no record of his actions were recorded. Other corporations use the same Software House devices and the only known fix is a firmware upgrade that requires a hardware upgrade also.

News Image

But problems likely remain for others using the vulnerable Software House tech. Tomaschik said Software House had come up with solutions to fix the problem, though to switch to TLS, it'd require a change of hardware at the customer site. That's because the Software House systems didn't have enough memory to cope with the installation of new firmware, Tomaschik said. A spokesperson for Software House owner Johnson Controls said: "This issue was addressed with our customers." They didn't respond to a question on the need to replace physical devices.