Wiegand Technology Compromised @ Defcon Convention 2007

At the Defcon Security Convention on August 2007, a hacker and Defcon staffer who goes by the name Zac Franken, showed how a small homemade device he calls “Gecko” can perform a hack on the type of access card readers used on office doors throughout the country.

“Gecko” is simply a small, programmable PIC chip with a wire connector on either side. Once it's connected to the wires behind the card reader, it's not only trivial to use a 'Replay' card to get through the door, but you can also disable the system so that nobody else can come in behind you.

Franken’s demonstration showed how to hack into a card access reader by: 

• Popping the card access reader's plastic cover (most card readers used in access control applications do not have tamper protection);
• Undoing two retention screws and exposing the electrical cable which connects the card reader to the control panel;
• Introducing a miniature circuit board onto the Wiegand data transmission lines and replacing the card reader head.  

Consequently, the majority of access control systems are vulnerable at their weakest point, the "Wiegand Interface” no matter how sophisticated the levels of security employed in protecting the identity card and the data held within it.

Borer's White Paper on Wiegand Security can be downloaded here

Extracts from the demonstration are available on Youtube:http://www.youtube.com/watch?v=MHNJoHc_XDY