Can Commercial Security Systems be Hacked?

By Will Zurcher, Installation Manager at Kenton Brothers

When most people hear the term “hacker” they picture a person sitting at home on their laptop controlling a system remotely. Because of this widely accepted generalization, individuals and companies spend countless dollars and resources to protect their “online” equipment from hackers. These precautions are vital… But have we forgotten to pay attention to the other vulnerabilities?

The first question that may come to mind is, “Why is a physical security company writing a blog about hacking?” So what role does Kenton Brothers play in protecting cyber-attacks? One of the main objective hackers have when attacking an enterprise, agency or institution is to gain physical access to the facility and stay there undetected. They understand that many cyber defenses can be bypassed by gaining physical access to hardware, software and networks. This focus has put access control systems in the cross hairs. Attackers have many tools that they will use to gain access to a building or network.

Some common hacking tools include:

• Social Engineering
• Custom Tactical Cloning Card Readers
• ESPKey Wiegand Interception Tool
• USB Hardware Keyloggers
• DNS Naming of Security Servers

Using a combination of the above tools in phases allows hackers to gain access sometimes undetected.

So, what can be done to reduce the possibilities of hackers gaining physical access to your buildings?

• Partner with a red team – a qualified company that challenges an organization’s security effectiveness.
• Create policies and procedures that are difficult to duplicate without company resources.
• Connect and report/log tampers for all devices that have the capability in the security system.
• Monitor these notifications and respond as if everyone is validated situation.
• Change all default passwords on security equipment.
• Educate personnel on social engineering attacks.

Attackers want to gain access in the easiest way possible. The harder we make it, the less likely they will continue to attempt to gain access. The most important thing to understand is that there will always be threats. Every device created for good can be used for evil. A constant focus on security will give you the best chance to catch breaches or take corrective action before they happen.