Physical Access Control on Sesame Street

Gallagher (previously Cardax) make physical access control systems. Chances are you’ve seen them around; they’re an NZ company and they’re installed all over NZ - for example, those RFID card readers with the lit-up squiggle on them. They haven’t been covered by previous security research, so how do they stack up?

This talk will go through research on the Gallagher access control system, including the hardware and software components, RFID technologies, communication protocols and credential formats. Several weaknesses will be described and their prevalence in the real world will be examined with actual fieldwork. Come along and learn how to clone access cards, modify card data to get elevated access, and brute-force controllers. For those on the other side of the locked door, learn how to avoid these weaknesses and make the most of your existing system.

I’ll even explain the reference to Sesame Street!