Digital Skeleton Keys - We’ve got a bone to pick with offline Access Control Systems (emf2024)

Offline RFID systems rely on data stored within the key to control access and configuration. But what if a key lies? What if we can make the system trust those lies? Well then we can do some real spooky things… This is the story of how a strange repeating data pattern turned into a skeleton key that can open an entire range of RFID access control products in seconds. It’s a scrappy but scary hack that spawned from something we noticed whilst trying to duplicate an access card onto a subdermal RFID implant. This covers the discovery of the flaw, how we investigated it, and how significant the flaws ended up being. about this event: https://www.emfcamp.org/schedule/2024/80-digital-skeleton-keys-we-ve-got-a-bone-to-pick