Assembly:HSBE/Self-Organized Sessions

From 36C3 Wiki

Self-Organized Sessions

Osm by Pietervdvn

Pietervdvn will give a few talks on OpenStreetMap. First talk is 'What is OpenStreetMap, why is it awesome, what can be done with it and how to contribute?', followed up by 'Editing the routing (and rendering) profiles of the OsmAnd-app'. More details here

Bypassing biometric access controls with C

Hacking a Suprema fingerprint reader in the wild
Suprema Biostar biometric access control terminal

C will give a talk on a hack he did last year on a Suprema fingerprint access control during an engagement for a client. He will demonstrate the flaws in the device and how one can use these to gain unauthorized access.

Abstract

Suprema is a major brand in the world of 'biometric access controls' aka fingerprint-reader-locks. These things allow for people to open doors to their home, office, etc. using their fingerprint (duh...). The device matches the scanned print with a collection of prints in a database. If it finds a match then it triggers the relay which unlocks the door. This sounds simple enough but there are a ton of things that might go wrong with this, certainly when the necessary checks are not enabled in the devices configuration, which is almost never the case. These checks involve for example 'tamper-control', a sensor which triggers an alarm when the device is physically tampered with. In the end the fingerprint-reader needs some sort of connection to a control-server which allows the admin to manage registered prints, so the device needs a network-connection. If the device is not protected with tamper-control (which is not enabled by default) then this leaves the network-connection at the back of the device vulnerable for all sorts of attacks. In the end, if these devices are not properly installed, it's like laying a laptop outside the front-door of your office, connected with a LAN-cable to your network by the way.

The Hackerspace Blueprint by Merlijn

Merlijn will present the Hackerspace Blueprint, a living document explaining how Hackerspace.Gent runs. This document is the result of more than five years of testing and improving our do-ocracy to get the best out of people. It’s a system with minimal overhead and minimal control, designed to give power to the people who do stuff. This talk explains the history of the hackerspace blueprint and illustrates the key ideas behind it.

More information about the Hackerspace Blueprint: https://hackerspace.design/

Archived page - Impressum/Datenschutz