Finally, HID says that "to its knowledge," none of its encoder keys have leaked or been distributed publicly, and "none of these issues have been exploited at customer locations and the security of our customers has not been compromised."
Javadi counters that there's no real way to know who might have secretly extracted HID's keys, now that their method is known to be possible. "There are a lot of smart people in the world," Javadi says. "It's unrealistic to think we're the only people out there who could do this."
To develop their technique for extracting the HID encoders' keys, the researchers began by deconstructing its hardware: They used an ultrasonic knife to cut away a layer of epoxy on the back of an HID reader, then heated the reader to desolder and pull off its protected SAM chip. Then they put that chip into their own socket to watch its communications with a reader. The SAM in HID's readers and encoders are similar enough that this let them reverse engineer the SAM's commands.
Ultimately, that hardware hacking allowed them to develop a much cleaner, wireless attack: They wrote their own program to tell an encoder to send its SAM's secrets to a configuration card without encrypting that sensitive data-while an RFID "sniffer" device sat between the encoder and the card, reading HID's keys in transit.
Collection
[
|
...
]