• lemmyvore
    link
    fedilink
    English
    111 year ago

    In this case the auto TLDR bot failed to summarize well.

    Short version: the ODSP is a complete mess.

    Here’s in how many ways it failed:

    By default, Secure Channel isn’t turned on. Many admins aren’t aware that they must configure their equipment to use Secure Channel. And even when Secure Channel is on, some critical communications still occur in plaintext. Secure Channel also allows encryption to occur through the use of weak keys that are trivial to crack.

    Since OSDP provides no means to transfer the SCBK out of band—meaning through a channel other than the daisy chain connecting the peripheral devices to the control panel—the standard has no choice but to send it through the RS-485 line. That presents a vexing chicken-and-egg problem: Without possession of the SCBK, the control panel has no means to securely encrypt the key before sending said key to the new reader.

    Devices often advertise themselves as being OSDP-compliant or as supporting OSDP and yet provide no means of delivering the Secure Channel encryption described in the OSDP specification.

    Just after bootup, a reader transmits a message to the controller that provides a list of capabilities, including fingerprint scanning and the ability to provide tactile feedback. Once again, for chicken-and-egg reasons, this message can’t be encrypted. The researchers’ listening device can exploit this lack of encryption by intercepting the message and changing it to say the reader doesn’t support encryption.

    many controllers are configured to remain in ‘install mode’ persistently, perhaps forever,” the researchers wrote in their post. “Some controllers make the administrator manually click out of ‘install mode’ when they’re done. And if you forget to do that, your encryption is toast since an attacker can just request the encryption key!”

    OSDP also provides no means for generating the master encryption key that underpins the security of all other keys it uses. In this absence, it’s up to users to generate them on their own. The researchers said some admins simply choose easy-to-guess keys such as those hardcoded into sample code

    A cryptographic nonce used to ensure that session keys are random uses just 6 bytes of entropy. Similarly, message authentication codes, or MACs, used to verify that a message hasn’t been altered, are truncated to 32-bit to, as the OSDP spec puts it, “reduce overhead.”

    Secure Channel encryption has two modes that don’t actually encrypt data passing through the RS-485 cabling. Instead, these modes, known as Modes 15 and 16, apply only a MAC. As a consequence, anyone can read the data encrypted in these modes. “It’s such a bizarre choice to have that mode which is basically doing a null cipher for most of the actual packets that are going back and forth,” the researchers said.

    Even when Secure Channel is set to encrypt data, a single byte of that data reserved for message commands is never encrypted. This allows a passive listener to learn all kinds of things, including when someone swiped a badge, whether that badge was valid, when the LEDs light up, and when the buzzer beeps.