Found a major security issue…

Dated: by

Public safety got a bit upset with me today for copying of my university ID card. Seeing as I was locked out of my dorm and all labs, food and whatnot for four days while the folks at the registrar’s office broke everything after I had lost a card, I figured it’d be best to keep an extra key around, to avoid dealing with that mess again. As it turns out, that’s not allowed, though no one told me.

Still, I found a huge problem with RIT’s Lenel security system; none of this data is encrypted. At all.

Literally, I could take a picture of anyone’s ID card, find their UID and issue number, make another card and go into any of their labs. Once a new card is issued, I could just increment the 11th digit and do it again. By exploiting a few more holes I’ve been asked to withheld, I could get all of their personal information; SSN and Financial info included.

That’s bad. That’s *very* bad.

Let’s see if I can get Lenel to fix this.
Update (after break):

Lenel doesn’t seem to care. In fact, they seem to take me for an idiot.

… Unfortunately, magnetic technology does not support these security features.  Please raise your concerns with RIT Public Safety in Building 25 (by Gracie’s)…

Yes, because it’s completely impossible to copy a hashed char string to a magstripe card. I plan to look at other Lenel installations now, to see if this same flaw exists elsewhere. For both their sake and their customer’s safety, it better not.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>