FROM THE MINISTRY OF SILLY PROTOCOLS — Next-gen OSDP was supposed to make it harder to break in to secure facilities. It failed. OSDP Secure Channel has yet to gain widespread usage, and it’s already broken.
Dan Goodin – Aug 9, 2023 2:30 pm UTC EnlargeGetty Images reader comments 100 with
Researchers have discovered a suite of vulnerabilities that largely break a next-generation protocol that was designed to prevent the hacking of access control systems used at secure facilities on US military bases and buildings belonging to federal, state, and local governments and private organizations.
The next-generation mechanism, known as Secure Channel, was added about 10 years ago to an open standard known as OSDP, short for the Open Supervised Device Protocol. Like an earlier protocol, known as Wiegand, OSDP provides a framework for connecting card readers, fingerprint scanners, and other types of peripheral devices to control panels that check the collected credentials against a database of valid personnel. When credentials match, the control panel sends a message that opens a door, gate, or other entry system. Broken before getting out of the gate
OSDP came about in the aftermath of an attack demonstrated in 2008 at the Black Hat security conference. In a talk there, researcher Zac Franken demonstrated a device dubbed Gecko, which was no bigger than a US quarter. When surreptitiously inserted by a would-be intruder into the wiring behind a peripheral device, Gecko performed an adversary-in-the-middle attack that monitors all communications sent to and from the control panel.
Because Wiegand sent all data in plaintext, Gecko would record the credentials sent from the reader to the control panel. An attacker could then use them to create a spoof card that an intruder could present at the security checkpoint and gain entry. More recently, researchers devised the ESPKey, a $79 device that weaponizes Frankens attack and can be used by both security professionals and threat actors. Advertisement
The industry response was to introduce something called Secure Channel and add it to OSDP, a pre-existing alternative to Wiegand that had yet to be widely adopted. Secure Channel allowed OSDP-based communications between peripheral devices and control panels to be encrypted with 128-bit AES, a tried and tested algorithm that is virtually impossible to break when used correctly.
Research being presented on Wednesday at the Black Hat Security Conference in Las Vegas shows that OSDP Secure Channel does little to rectify the failures of Wiegand. The talk, titled “Badge of Shame: Breaking into Secure Facilities with OSDP,” is the first technical analysis of the open standard. It presents five exploitable vulnerabilities and a host of other weaknesses that strongly call into question the security of OSDP. While all but four of the vulnerabilities can be effectively eliminated, mitigations require configuration settings that arent described in the official OSDP specification (available here for $200) and differ depending on the manufacturer of each device.
The takeaway: OSDP is effectively broken even before it has gained anything near widespread adoption.
The attacks here sort of put us back into parity with basically being unencrypted, Dan Petro and David Vargas, the two researchers who performed the research and will speak at Black Hat, said in an interview. The attacks are giving us as attackers and as red teamers back the capability that we lost.
OSDP works over RS-485, a serial communication protocol designed to provide relatively high bandwidth (up to 10 megabits per second), the ability to span reasonably long distances (up to 4,000 feet), tolerance for lots of radio frequency noise, and capacity for 32 devices on a single line. Use of RS-485 causes peripherals to connect in daisy-chain fashion to a single input port on the control panel. This design, known as multi-drop, means that messages sent to or from one reader run through a single line and are seen by all other readers on the same network bus. This design is sometimes known as a broadcasting network. Diagram showing the difference between OSDP and Wiegand. Page: 1 2 3 4 Next → reader comments 100 with Dan Goodin Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Advertisement Promoted Comments GenericAnimeBoy I like this. After all, non-men can be bad people too :DRelevant xkcd: https://xkcd.com/177/
That presents a vexing chicken-and-egg problem: Without possession of the SCBK, the control panel has no means to securely encrypt the key before sending said key to the new reader.That presents what should have been a solved chicken-and-egg problem. Diffie-Hellman key exchange pre-dates the OSDP spec, and does so by a lot. Sounds like the OSDP developers were just too trusting of the physical security of the infrastructure. August 9, 2023 at 3:01 pm romkyns Diffie-Hellman can’t fully solve this problem because it cannot protect against MITM. It only works if the parties have a way of authenticating each other, eg public key infrastructure / certificates.
That said, it sure as hell does protect against passive listeners and its absence is rather puzzling. August 9, 2023 at 4:00 pm Channel Ars Technica ← Previous story Next story → Related Stories Today on Ars