Defcon17 - Picking Electronic Locks Using TCP Sequence Prediction
https://www.defcon.org/images/defcon-...https://www.defcon.org/images/defcon-... As networked building access systems become more and more popular, the security of using RFID, magstripe, and biometrics as authentication mediums is constantly under scrutiny. But what about the security of the access system itself? Is it possible to unlock a door by sending a spoofed command to it over the network, bypassing the need for an authentication medium entirely? SPOILER ALERT: Yeah, it is.