19 Dec 2023

Modern PACS designed to enhance building security inadvertently serve as entry points into internal IP networks.

TEL AVIV, Israel, Dec. 19, 2023 /PRNewswire/ -- OTORIO, a leading cybersecurity company, recently revealed groundbreaking research on the security risks associated with modern Physical Access Control Systems (PACS), presented at Black Hat Europe 2023.

Key highlights

1. Bypassing the latest physical security access control systems, allowing unauthorized access to secure facilities.
2. Demonstrating how attackers can breach internal IP networks directly from outside the front door.

When the Front Door Becomes a Backdoor: The Security Paradox of OSDP

During the 40-minute virtual closed-door session, Eran Jacob, Head of Research, and Ariel Harush, Security Researcher, exposed the paradoxical nature of modern Physical Access Control Systems (PACS) situated at the front doors of various facilities. Contrary to their primary purpose of enhancing security, these systems, especially those utilizing the Open Supervised Device Protocol (OSDP), inadvertently created a potential entry point into the organization's internal IP network.

"We successfully bypassed the latest physical access control systems, exposing potential vectors for unauthorized facility access," says Eran, "Our findings illuminate a paradox in the technological advancement of these devices—as they incorporate additional security features, they also increase complexity and introduce new risks. During our research, we demonstrated how this could potentially enable attackers to compromise the physical barriers and penetrate the internal IP networks right from the gate of the secure site."

The research demonstrates how cyber attackers could exploit supposedly secure doors equipped with the latest building access control measures. The attackers could rapidly establish a Man-in-The-Middle on the serial connection behind the reader, overcome tamper protection, bypass OSDP for unauthorized physical access, and exploit access controllers for breaching the internal IP network over the serial channel. This discovery raises concerns about the security of devices utilizing OSDP, highlighting the need for a comprehensive revaluation of building access control measures.

Implications for Building Security

As PACS communication has evolved, it has brought about crucial security enhancements but, at the same time, simultaneously introduced a new attack surface. While unauthorized access is not a new threat, the alarming revelation made by OTORIO was the possibility of lateral movement from the front door into the internal network - an unprecedented scenario.

OTORIO remains committed to advancing cybersecurity awareness and providing innovative solutions to mitigate emerging threats.