OTORIO discloses critical vulnerabilities in physical access control systems used across building security

Cybersecurity firm OTORIO has conducted research shedding light on the security risks posed by modern Physical Access Control Systems (PACS). While these systems are intended to bolster building security, they inadvertently create vulnerabilities that can be exploited as entry points into internal IP networks. This research highlights the importance of addressing and mitigating these risks to ensure comprehensive cybersecurity measures.

OTORIO researchers have brought attention to significant cybersecurity vulnerabilities associated with bypassing the latest physical security access control systems. These vulnerabilities enable unauthorized access to secure facilities, posing a serious threat. Furthermore, the researchers have demonstrated how attackers can exploit these weaknesses to breach internal IP networks, even from outside the front door. This research underscores the critical need for robust security measures to safeguard both physical and digital assets.

During the 40-minute virtual closed-door session at Black Hat Europe 2023, Eran Jacob, head of research, and Ariel Harush, security researcher, exposed the paradoxical nature of modern PACS situated at the front doors of various facilities. Contrary to their primary purpose of enhancing security, these systems, especially those utilizing the Open Supervised Device Protocol (OSDP), inadvertently created a potential entry point into the organization’s internal IP network.

“We successfully bypassed the latest physical access control systems, exposing potential vectors for unauthorized facility access,” Eran identified in a recent company post. “Our findings illuminate a paradox in the technological advancement of these devices—as they incorporate additional security features, they also increase complexity and introduce new risks. During our research, we demonstrated how this could potentially enable attackers to compromise the physical barriers and penetrate the internal IP networks right from the gate of the secure site.”

The research demonstrates how cyber attackers could exploit supposedly secure doors equipped with the latest building access control measures. The attackers could rapidly establish a ‘Man-in-The-Middle’ on the serial connection behind the reader, overcome tamper protection, bypass OSDP for unauthorized physical access, and exploit access controllers for breaching the internal IP network over the serial channel. This discovery raises concerns about the security of devices utilizing OSDP, highlighting the need for a comprehensive revaluation of building access control measures.

As PACS communication has evolved, it has brought about crucial security enhancements but, at the same time, simultaneously introduced a new attack surface. While unauthorized access is not a new threat, the alarming revelation made by OTORIO was the possibility of lateral movement from the front door into the internal network – an unprecedented scenario.

OTORIO remains committed to advancing cybersecurity awareness and providing solutions to mitigate emerging threats.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.