This talk is an introduction to Physical Penetration Testing. I briefly cover the Penetration Testing Methodology from a Physical Security perspective, but the talk is mostly oriented around the analysis and exploitation phases. Various attacks will be covered, from lock picking and bypass to safe cracking. No prior experience with lock picking or physical security is required, I will start with the basics and work up to advanced topics.
The market share of home security systems has substantially increased as vendors incorporate more desirable features: intrusion detection, automation, wireless, and LCD touch panel controls. Wireless connectivity allows vendors to manufacture cheaper, more featureful products that require little to no home modification to install. Consumer win, since adding devices is easier. The result: an ostensibly more secure, convenient, and connected home for a larger number of citizens. Sadly, this hypothesis is flawed; the idea of covering a home with more security sensors does not translate into a more secure home. Additionally, the number of homes using these vulnerable systems is large, and the growth rate is increasing producing a even larger problem. In this paper, we will demonstrate a generalized approach for compromising three systems: ADT, the largest home security dealer in North America; Honeywell, one of the largest manufacturers of security devices; and Vivint, a top 5 security dealer. We will suppress alarms, create false alarms, and collect artifacts that facilitate tracking the movements of individuals in their homes
Many people are familiar with the ways in which mechanical locks can be attacked, compromised, and bypassed. Indeed, the hands-on workshops and the availability of pick tools at the Lockpick Village is an enduring part of the fun at DeepSec and other popular security conferences around the world. Often, attendees will ask questions like, "So, this is really great... but what if someone is using an electronic lock? How hard is it to open the door, then?" Unfortunately, due to time and space constraints, our answer is typically, "Well... that's a very complicated question. Sometimes they're good, and sometimes they're weak." We often promise greater detail another day, another time... but until now that time has not come. Finally now, however, TOOOL will describe some of the most popular electronic locks and show examples of how they can sometimes be attacked.
For the first time on the same stage together at ShmooCon, renderman and i give a funny and informative presentation about lockpicking using much of my traditional material as well as a whole load of new content that my favorite Canadian demonstrates. In addition to his all-around general badassery, renderman even opened up a locked safe on stage... one that he had never seen before and was simply given by an audience member. That took fucking balls.
We all know that Hollywood has a difficult time portraying hackers accurately. This quirk often extends to the realm of showing lockpicking in movies and on TV. But sometimes, a film gets it really right! This talk is both an introduction to lockpicking (in case you still need to learn) as well as a walk through some of the best - and some of the worst - scenes of lockpicking that have ever been seen by movie and TV audiences. Learn about how to be a better lockpicker and a better filmmaker... all at the same time!
Commonly safes are used in IT to secure backup tapes, certificate roots, and other sensitive material. This talk will demonstrate that many of the safes used to secure these sensitive materials are ineffective. Today there are many varieties of electronic safes that utilize a VERY weak mechanism to physically lock the safe. In many cases there are ways to open the safe in less than a minute that leaves no evidence behind. (Sometimes only a few seconds) This talk will cover my experience discovering the flaw and dealing with a safe vendor to issue a fix, then discovering the inadequacies of the fix itself and vendor's continuing ignorance of the problem with most electronic locks. Fixing these problems can be relatively easy. There will be general instruction on how to fix the problems and what needs to be done by the vendors to make safes well... safer."
The mission of the Open Organisation Of Lockpickers is to advance the general public knowledge about locks and lockpicking. By examining locks, safes, and other such hardware and by publicly discussing our findings we hope to strip away the mystery with which so many of these products are imbued. The more that people know about lock technology, the better they are capable of understanding how and where certain weaknesses are present. This makes them well-equipped to participate in sportpicking endeavors and also helps them simply be better consumers in the marketplace, making decisions based on sound fact and research.
You have spent lots of money on a high-grade, pick-resistant, ANSI-rated lock for your door. Your vendor has assured you how it will resist attack and how difficult it would be for someone to copy your key. Maybe they’re right. But… the bulk of attacks that both penetration testers and also criminals attempt against doors have little or nothing to do with the lock itself! This talk will be a hard-hitting exploration (full of photo and video examples) of the ways in which your door — the most fundamental part of your physical security — can possibly be thwarted by someone attempting illicit entry. The scary problems will be immediately followed by simple solutions that are instantly implementable and usually very within-budget. You, too, can have a near-perfect door… if you’re willing to learn and understand the problems that all doors tend to have.