Zac Franken, a DefCon goon (staffer), gave a brilliant presentation at the DefCon hacker conference today involving security access control systems and cards for building entrances that use electromagnetic coupling.
The hack involves exploiting a serious vulnerability inherent in the Wiegand protocol that allows an intruder to trick the system into granting entrance to a building to an unauthorized visitor, to lock out authorized visitors and to collect authorization data about everyone who has entered that door to gain access to other areas in a building secured with Wiegand-based readers.
The Wiegand protocol is a plain-text protocol and is employed in systems that secure not only some office buildings but also some airports. Franken has said that it's used at Heathrow airport. Retina scanners, proximity scanners and other access systems all use the Wiegand protocol so the vulnerability isn't device-specific. It's plain text and easily intercepted and replayed.
This is some straight-up Tilde Jones style physical security hackery. Very cool.
