We have all seen the Hollywood films, The attacker is in the building they swipe a card and its set of the alarms and the guards are coming. The attacker calls down to the hacker in the van. “Unlock all the doors” a couple of seconds later all the doors unlock and the thief narrowly escapes the building.
But how true is that, can we just take a couple of seconds to remotely unlock all the access control systems, or even force the building in to lockdown?
Turns out the answer is yes, at least for some vendors. In this presentation we bring this tradecraft to light using a number of CVEs discovered in Paxton a popular access control system used everywhere from schools, to prisons to government buildings and regional airports.
