The fifth and final #security vulnerability our researchers identified in #OSDP was related to keyset capture.

Specifically, OSDP has no secure in-band mechanism for key exchange, and there are currently no out-of-band mechanisms for key exchange. What this means is that the only way for a reader to obtain the base key (which is used to derive session keys) is for the controller to just transmit it over data lines where attackers potentially are.

Go further into these #vulnerabilities in our technical write-up.

https://bfx.social/3QDaRRD

The fourth #security issue our researchers discovered with #OSDP was disturbingly weak keys.

Defenders: Make sure that your hardware is OSDP Verified.

Read more about their findings in this blog post they wrote up covering this weakness among others.

https://bfx.social/3QDaRRD

The third #vulnerability in #OSDP our researchers found was an install-mode attack.

See how that works - and the other #vulnerabilities they uncovered - in their #infosec research write-up.

https://bfx.social/3QDaRRD

The second vulnerability impacting #OSDP our researchers discovered: downgrade attack potential.

As Dan Petro writes, "Just because an OSDP controller and reader support encryption doesn’t mean that they both enforce that it actually be used. One of the first things that happens when a reader comes online is that it transmits a list of capabilities to the controller. This tells the controller all sorts of things, such as whether it has a fingerprint reader, tactile buttons, and (importantly) whether it supports encryption. For chicken-and-egg reasons, this message cannot itself be encrypted. Thus, an intercepting device in the wire can modify this capability message to lie about the reader’s capabilities and claim that it does not support #encryption."

Check out the breakdown of the other #vulns in the write-up. https://bfx.social/3OFWOsT

Have you tried out our #OSDP attack tool mellon yet? It's available on our #GitHub for your #pentesting use.

https://bfx.social/45HzMrh

The first #vulnerability our researchers identified in #OSDP was a dangerous lack of #encryption. See the full list in our write-up.

https://bfx.social/3QDaRRD

#hacking #infosec #offensivesecurity

Go even further into the eye-opening #OSDP vulnerabilities at the center of the #DEFCON and #BHUSA talks by Dan Petro and David Vargas in the newest episode of the Nexus Podcast by Claroty.

They discuss their research, possible attack scenarios, and more. Stream the episode today. https://bfx.social/3OZIdsm

DEF CON 31 may have come to an end, but we had a spectacular time this year! Bishop Fox researchers Dan Petro and David Vargas rocked the #DEFCON stage with insights into OSDP security #vulnerabilities. Foxes also roamed the Red Team Village throughout Friday and Saturday. Can't wait for next year's hacker summer camp! 🤩

Check out this write-up by Dan and David where they break down their first-of-its-kind research into the #OSDP security issues they discovered featuring their new attack device, mellon.

https://bfx.social/3QDaRRD

Dan Petro and David Vargas share 5 exploitable #vulnerabilities they’ve identified in #OSDP (the topic of their presentations at this year’s #BlackHat and #DEFCON). They also share how defenders can ensure they take steps to mitigate their susceptibility to these #security issues. And for the Red Teamers out there – you can find further info on medium-to-low severity weaknesses as well, and instructions on building your own attack tool at our #GitHub.

As they say: Security is hard, and #encryption is not magic fairy dust. https://bfx.social/3QDaRRD