Cheap "Access Control" System - Defeated with a screwdriver!
ฝัง
- เผยแพร่เมื่อ 19 พ.ค. 2024
- In this video I take a look at a extremely cheap "access control" system from Amazon and demonstrate the hardware and show how the flawed architecture of the system means that it can be defeated with nothing more than a screwdriver and a paperclip!
Buy from Amazon (Affiliate):
UK - amzn.to/2A9bBZf
US - amzn.to/35LFWsz
/ camerongray1515
www.camerongray.me/
Sections:
00:00 - Introduction
01:34 - Unboxing
06:09 - Power Supply Demonstration
13:29 - Power Supply Cable Replacement
23:10 - Keypad Tour
25:19 - Maglock Tour
27:03 - System Demonstration
28:54 - Defeating the System
32:51 - Conclusion
AFFILIATE LINKS NOTICE:
Product links under this video marked “(Affiliate)” are affiliate links where I may receive a small commission on qualifying sales. Affiliate programs that I am a member of include, but are not limited to: Amazon Associates, eBay Partner Network and AliExpress Affiliates.
As an Amazon Associate I earn from qualifying purchases.
Purchasing through these affiliate links will not cost you any more money, however the commission earned significantly helps fund the production of videos on my channel. - วิทยาศาสตร์และเทคโนโลยี
![🔴 [TRỰC TIẾP] U20 VIỆT NAM VS U20 THÁI LAN | Cúp VTV9 - Bình Điền 2024 | JET STUDIO](http://i.ytimg.com/vi/tdmZlw-XJJI/mqdefault.jpg)
![[Full Episode] Hell's Kitchen Thailand EP.15 | 19 พ.ค. 67](http://i.ytimg.com/vi/Mx0ColswPls/mqdefault.jpg)
I legitimately thought this was a LockPickingLawer video when I clicked on the thumbnail. The change in voice surprised me a bit XD
Personally i'd have put a ring terminal onto the earth and affixed it to the case. If the solder joint fails on the earth wire, and a fault causes the case to become live, then your circuit protective device may not trip.
Yep
It’s so great to catch one of your videos early! You’re keeping quarantine interesting for so many people :) [Hello from Australia by the way 👋]
This is probably an adequate replacement for a cheap mechanical code lock in an indoor environment where there are always staff around when the building is open. It would stop members of the public wandering into areas they should not be in by accident but not much more.
Even though the RFID tags are easy to clone it is still less likely to happen than somebody working out the code on the mechanical lock, either by observing staff typing it or looking at which keys have the most wear (the cheap ones are combination, rather than permutation based so the order doesn't matter).
Great video Cameron! Really well presented and interesting to watch, especially during this lockdown!
The Lock Picking Lawyer *joins the chat*
His video would have been 40 seconds long though.
@@SianaGearz true
Looked for this comment, found it
Same, Rob G
I was searching for home access control and end watching the whole video and enjoying it, keep it up
So, me and my colleague worked in a school as IT techs and we introduced something like this, cheap system, to our server room. After a while, my colleague found a way to bypass it with a paperclip. He hid it ontop of the doorframe. And told me to only use it if my pass didn't work. Later on, he constructs a RJ45 faceplate that is hardwired into the bypass. and put it inside the server room. He said "If you ever get locked in, short a RJ45 head in these specific pins, and plug it into the faceplate. The door will open." I would use the RJ45 way all the time as my way of exiting to look badass, haha.
I've had an idea now for a few years that I would love to have your input on Cameron, and seeing you've now delved into the world of access control (and the current hightened hygiene requirements 😉) it would be a perfect time to bounce this idea off you 😁
Nice to see the system and how it works inside.
About the defeating it - well, yes. Obviously you have to build this case into something rigid around it at an installed site. Then there is no access to the screw or the case and cables.
Of course if you have a building in which the mains-power is accessible from outside (like for the fire-fighters) then you don't even need a screwdriver to defeat this system: just open the electrical-door, pull the fuse, open the door, put the fuse back in and no-one knows what made the short power-failure.
Should at least come with a battery that keeps the lock working for a couple of minutes or half an hour or something like that.
I’ve been watching your videos for a while now. People often comment about you speaking too quickly. I think this video is the only time where I’d agree
Interesting. I bought the same lock but bought a 12v/5v laptop "brick" PSU. I should have done the same as you and bought the whole kit, especially as I now know the lock PSU can take a GPIO input. I'm installing this lock with a Rasp Pi 4 running Domoticz in a Docker container. Pi operates a solid state relay which was about £17 for a module of 4 relays. The Pi connects to a Texecom panel (your video review on this panel was really helpful)
great video and super good explanation of everything. can I suggest that the gap between live and neutral (weld points you did at the back of the board) is not enough for mains voltage) electricity jumps you know!
I would maybe use this during the day to make it easier for employees to get in faster and simpler then keys and generally deter the public but then when the office is closed at night lock the door with something like a deadbolt or other heavy lock in addition to this.
That's exactly the use case for them... It's not meant to be a secure only lock (even by the fact it needs power to secure the door)
I suppose the easiest way to make this a bit more secure would be to replace the screw on the bottom with a security torx (or similar) screw instead of just a standard Phillips one, but that wouldn't deter someone determined to get in becasue they could just come back with a security torx driver to remove it, or as you said, use a hammer or a rock if they dont care about it being noticed.
The higher end systems are usually in 2 parts, where the "keypad" is its own device, and the mag lock/release button are a seperate device, usually connected to a network (and in the case of the keypad/reader, usually powered by POE), where the 2 seperate devices are then linked in some kind of central software controller where you can configure what controller is linked to what mag lock to form a "door"
Also, Hi from Paisley!
At least some of those higher end systems are also capable of associating RFID tags with employee names, so there would be a log showing which employee (name and/or ID) entered which door at which date and time, possibly even indicating in red when someone access it outside defined "business hours". I've seen such systems in use in large office and school buildings!
Security torx screws are useless!
All it takes is a small flathead to reliably remove security screws. I can’t remember the last time I have used a security driver...
If I designed it, I would have transmitted the door code after encoding a super-dooper hash over wire (or wireless) to an internal decoder to unlock the lock. Protect the smarts. Thanks for the video.
Hi Cameron, quick question.
I want to add another RF relay to this system so that its controlled by a remote as well.
How do I go about doing that.
When I connect the second relay the access control system just turns off🥲. No idea what im doing wrong.
I'm surprised that it's just the magnet keeping the door shut - I would have presumed that the magnet would be used to hold bolts in position (or hold them out the way), so the strength of the lock would be the strength of the bolts, not the strength of the magnetic field. Also doing it that way would allow for a key/lever based override, so that it could fail to locked when power had failed. The fix for the keypad would be to have just the keypad on the outside with the logic board on the inside - it may even be possible to mod this module, depending on how the keypad is connected to the logic board.
The 'door exit' button appears to use the same "screwless" design and hole pattern as the MK Essentials in John Ward's recent video.
Yes but the switch is a fake of the MK series from the UK.. Like the Metallica song goes: "SAD BUT TRUUE!!"
Great video! So what should we use as a somewhat more secure alternative?
True, but equally easy to protect the access to the screw. But excellent initiative to highlight the potential issue 👍
Unfortunately protecting the screw isn't really sufficient as the plastic keypad could be easily pulled/smashed off of the wall. The flaw with this system is an architectural issue - a secure door entry system carries out all authentication and control of the lock from a controller in secure location. The keypad should just be a dumb keypad/RFID reader that sends the data to the controller over an (ideally encrypted) digital link.
Someone's been watching lpl:)
Do RC I swear I knew I’ve seen this somewhere. I knew it was lpl, I just can’t find the video he did about this
oh, *Lock Picking Lawyer* ...? Worked that one out after reading another comment; why couldn't you have just said that...?
The mains would be perfectly fine if the psu was fitted inside an electrical enclosure which is probably what it's intended for I'm aware given the price of the kit it probably won't be an electrician installing it just saying. also if it were in an enclosure you could do your earth connection to the outside of the case through the screw on the case using a crimp on lug
Did you install the bleeder tree resistor? Curious honestly.
Is it possible to connect two rfid readers in parallel? ( for magnetic lock)
Hi do you know if you can add a back up 12v battery to this system incase of mains power loss
very useful vedio .. thank you boss
Hey rookie question here but how would you extend the wires that plug into the junction boxes
This why these systems need to do the actual processing on the secure side of the door. Something like sending an encrypted payload over the wire with the RFID/Pass information. Even if you took the box out, the encryption keys are burned into the IC.
thats called osdp
Did you add any insulation to the bottom/underneith of the board to stop the wires shorting onto the case?
There was already a platsic sheet in place so it's still in there
At 6:20 , Can you explain how you wired the 2 red wires from the 3 core flex thats connected to a mains plug?
Can I wire them to a 2 core flex connected to a mains plug?
Do I need an earth wire? And where did you connect the earth wire at 6:20
At 6:20 I temporarily connected it by using a couple of Wago terminals, at 13:29 I show myself replacing these red wires with a piece of proper mains flex wired directly into the power supply as it should really be earthed and having that pair of single insulated wires outside of the enclosure isn't compliant with regulations in the UK.
If the keypad has a tamper switch that cannot be easily bypassed and a LDR to sense keypad removal, where the tamper detect circuit disconnect all the cables, this would make it far more secure. The magnetic lock is very
weak and can be kicked open anyway.
I hope people aren’t using these in busy offices... they need to release on fire alarm otherwise after the first person hits the door and can’t get out the whole crowd will start pushing and it’s too late to unlock the door causing TONS of preventable deaths.
If i remember correctly, in the UK there is supposed to be a "break glass" emergency release next to the door (the older sort have actual glass in them that breaks when you press hard, and when the glass is broken, it operates a switch which releases the door, the newer ones have a plastic peice in them which drops down slightly when you activate it)
and the "break glass" emergency release is supposed to be wired so that even if the control system for the lock became unresponsive (to where the normal way of releasing the door doesnt work) the emergency release would still work (in the case of this lock the emergency release would go between the lock itself and the power supply)
How would i improve on this ?
1) Implement robust anti-tamper on the keypad and hub .
2) wireless communications(encrypted) between the keypad and hub .
3) Signal to open the door will only be issued by the hub .
Yeah, generally speaking with commercial systems, all of the authentication is handled by a controller located in a secure location, the physical lock and keypad both connect to this controller. The keypad then communicates with the controller over an encrypted digital wired connection. Therefore, if that controller was ever removed from the wall, nothing can really be done to open the door and the encryption would prevent the connection of some sort of data logger to the communication wires. There would also usually be some sort of battery backup connected to the controller so that the door remains secure in a power cut and an emergency glass break type release button on the inside of the door to allow people to exit in an emergency.
I've a feeling the mains input side of the power supply had been wired for electrical standards in China, rather than electrical standards in the UK and most other countries.
Good job
Why are you measuring 12v on com-nc? Isn't that supposed to be a dry contact?
honestly... i'm envious of that giant button. i kinda want to use it to turn on my computer.
solution = pour some encapsulation resin in the rear of the keypad case covering the pcb and connector after plugging it in... or buy a cheap siren and wire it to the NO of the keypad that way it sounds if the wires are disconnected
That would make it harder but then there's still nothing stopping someone simply cutting the wires and joining them together that way. IMO the only way to do this securely is to have the PIN validation and lock control handled by a controller on the secure side of the door and have the external device simply be a dumb keypad that sends the key presses and card data to the controller on the inside of the door.
Also you can make the magnet give way by yanking hard on the door handle.
Potentially depending on how strong the magnet and handle are but they usually aren't too bad if properly installed. However this kit is also available with other locks including drop bolts and various latches which would also be affected by the flawed architecture, it's not only available as a maglock.
You don't use a transfo 220v/12v ?
como se reseta este modelo tenho um deste que nao tem o jump de reset
Can i make a batery to controll + - to have energy all the time if the fuses are down?
Power passed into the control input is purely a signal to control the output, it does not pass through or power the device so this wouldn't work. You'd probably be better off with a higher end access control system that has a proper battery backup facility.
@@camerongray1515 ok but for what's is that batery you have connected on 13:13 seconds on control + and-
That was just to provide a 12v supply to those pins to demonstrate how they'll trigger the lock to open, if the power supply wasn't plugged in, that battery would do nothing.
@@camerongray1515 thanks for the info👍
Great video and very well presented but note the power supply and the keypad are not CE marked therefore should not be sold in the uk. It would be the sellers responsibility to get them CE marked. The fact you had to change the wiring and solder a new cable says it all. It makes the product dangerous and most people would not change it and just use connector block and plug in.
It's great you have shown this product for was it is. Personally would avoid as its rubbish.
Works great on my parents side gate , they love it. Open your mind!! Do you find things difficult?
@paulattree4171 I'm an engineer Paul, so no i don't find things difficult. Open my mind to what? The fact that it is not earthed which by the way is UK regs and the chasis can become live at any time? This is a dangerous product when not earthed. Not difficult to know that if you have the knowledge.
There is an easy way to better the security of the control box and the wire harness which seems to be your only issue with this system. The only difference this system has different from the high and low end commercial systems is the key pad is better housing and there you go oh and a battery back up during power lose and tge power in to shut it off is for fire exiting wire smoke detector power out in there and your safe and sound 24/7
With the commercial systems I've seen (Paxton being one that I've personally worked with) the difference is with the architecture. With the higher end systems, the actual controller that connects to the lock and that handles the logic is separate from the keypad. The controller can therefore be stored in a "secure" location (often even simply on the wall inside the door) then all the keypad does is send keystrokes or card information to the controller. The controller then handles all authentication. If someone is able to break the keypad off the wall, all they have access to is a digital connection which if designed correctly, cannot be used to open the door.
I agree they are able to do oh so much more but your getting what you pay for you pay little you get little. But even the high ends have draw backs its a give and take world i guess. And i did enjoy the video it just had me thinking how to over come some of short coming to make it a little better and keep it cheap. I used to install the bigger much much bigger system and miles of wire in nursing homes and businesses about, wow... 20years ago. But thank you for the video and ill be checking out more for sure.
I find it amusing that a 6W magnetic lock can easily defeat me in a pulling contest. en.wikipedia.org/wiki/Electromagnetic_lock#Electrical_requirements
Glad the comments exist. The lockpicking lawyer already covered this.
So when there's a power outage, the door's unlocked?
Yes, although this is standard for magnetic locks unless you added in a battery backup. There are other types of locks that require a power supply in order to unlock so these will remain locked in the event of a power outage but they would then also require a mechanical override such as a door handle to allow the door to open in the event of a failure/emergency.
Failsafe vs fail secure.
safety vs security
How many burglars have the manual to know which terminal is which? I would be interested in watching what happens when the paper clip touches the incoming 240v.
Sure, the average burglar won't have a manual but that doesn't really excuse this flaw, if someone wanted to target a specific lock they could fairly easily figure it out and if enough of these locks ended up in the wild, the process of bypassing them could become common knowledge. As for the 240v comment, the keypad is a 12v device so there's no risk of coming into contact with the mains.
You could replace the screw with a less common one, torx or the type that is 2 dots. Sure if someone had the screwdriver bit for that type it would be the same but your average joe burglar isn't toting a snake eye screwdriver.
edit: I suppose it wouldn't help against the smashing...
Another issue with it is that a magnet could be used to activate the relay in the keypad, which causes the door to unlock
The problem with the system is the accessible screw on the reader. If you replace the reader with one that prevents easy physical access, then the system becomes quite secure.
The issue is that the processing is done on the insecure side of the door, even with a better screw, the outside unit could still be forced off the wall with a crowbar.etc. For a system like this to be secure, the external unit should purely read PIN numbers and card data and send it over an encrypted digital connection to a controller on the secure side of the door, this controller is what validates the data and ultimately controls the door lock. That way, if you force the external reader off the wall, all you'll have access to is a digital connection that you can't compromise by simply shorting wires out.
How to reset this device...
Basically that's how easy it is to defeat cheap access control systems IF CARELESSLY INSTALLED.
Unfortunately the issue goes beyond how it is installed, in my opinion there would be no safe way to install this system as the wiring to open the door will always have to be connected to the reader on the outside fo the door. In my mind, the only way to correctly do this is to have a dumb card reader/keypad on the outside of the door connected over a digital connection to a controller in a secure location with the controller switching the power to the lock. That way, if the card reader is removed, the attacker will only have access to this digital connection which can't simply be shorted out to unlock the door.
@@camerongray1515 I totally agree. I have those cheap ACS installed on my clients, as much as possible, no wirings must be easily accessible outside, if possible, chip a portion of the wall to submerge all the wirings or even the reader/keypad itself. We have better ACS systems thou most of my clients prefer this type of ACS. The price of good ACS comes in to factor as well.
@@JericDacara I think my fear with mounting it that way would still be that at least with this one, it's only made of plastic so simply smashing it with a hammer from the front could give access to the wiring inside. I definitely agree that the "proper" systems can be significantly more expensive though.
Radical idea here.. How about they design a keypad where the electronics actually doing the checking and unlocking are in a box on the back of the doorframe, with the box at the front containing only the electronics required to run the keypad and RFID reader? I realised that is likely how more professional systems are designed.
That's exactly how the professional systems work - there is a control unit located on the "secure" side of the door (or even locked away separately) that handles all authentication and connects to the lock (often also has a battery backup). The card reader/pin pad.etc then connects to this unit using a digital connection that simply sends key presses/card data, if someone were to break off the keypad/card reader, the most they can do is access these digital lines which are of much less use for opening the door. Suspect you may be able to brute force codes by simulating a keypad on these digital lines although this could be mostly solved by rate limiting.
@@camerongray1515 there is an attack that someone has done with the better systems, where they installed a device of some sort (which essentially grabs the credentials when someone scans a card, and can then use that credential to unlock the door for the attacker)
That's definitely true, they can often be defeated with fairly standard card cloning type stuff, but that would take a lot more effort, skill and hardware than something like this that could likely be done purely with physical brute force. Card cloning can usually be overcome by additionally requiring a PIN after scanning a card essentially implementing 2FA. This is standard in most higher security applications.
Just bough one of this cheap access control set, and you know what?) They filled the whole scheme's back with epoxide so you don't have a chance to make that fancy move anymore)
Interesting, I imagine it's more of an attempt to seal it against moisture rather than any sort of security improvement. If the device is architected the same as the one I showed here (i.e. where all the processing is done by the external keypad) then you're still vulnerable if an attacker can get to the cable.
Just got one too and my back is fully open
Seperate question though and maybe this is my being stupid.
I can't get it to power with a 12v batter back connected to the PSC
Jeeze... this is too easy to hack lmfaooo. Thanks for this video... have 2nd thoughts in getting this. This is why I hate company's design system, it's best to use all pure software, fully custom centralized system where the software reads all inputs. These are know as ur Arduino lock systems which is much safer than standalone systems.
You have to install this particular keypad module with the screw hidden from a person like yourself digging around there, obviously. Any professional knows this and would install the keypad flushed to the wall. But I have to agree, the screw right beneath the keypad is really stupid, using an ordinary Philips screw some, effort should've been given by the company to make it difficult to open easily. It's going to be really tricky to hide that bottom side screw and making it legitimately hack proof.
The issue is greater than just the screw, even if the keypad was mounted flush, it could still be destroyed by hitting it hard enough which would expose the wiring. The way this should be done (as is the case with professional systems) is that the device on the outside should purely read card details and key presses and send these over a digital connection to a device on the "secure" side of the door which checks the code/card and operates the lock. With this, even if the card reader is totally ripped off the wall, all an attacker will have access to is this digital connection which can't simply be shorted out to open the door. The worst that could be done would be to attach a device to this digital connection to brute force a code but even this could be resolved by using encryption across this link.
When you talk about the power supply and the 2 red wires you don’t like I can’t understand a word you say.when you talk fast and your accent makes it impossible to understand.but it is a great video and I know how to hook mine up now.thanks
Apologies, my issue with the wires is that it's a pair of single insulated wires which isn't compliant with UK regulations which require that any high voltage wires that can be touched by the end user in normal operation are double insulated. Usually this would be a piece of flex with the live and neutral individually insulated and then those would be insulated together inside a single outer jacket.
Its from Amazon, what do you expect for that price ! lol
power outtage will no matter what make the entire system non powered and wouldnt be magnitized anyway.
I buy prison electric locks, actual American access control keypads made for vandal resistance, and they are much much harder to defeat. Anything can be defeated given enough time and resources which, outside of a prison or asylum, can be done. But I digress
With this it's very much down to the system architecture rather than the actual physical hardness. Even a cheap plastic keypad can be perfectly secure if the actual processing is done on the inside of the door and all the keypad does is send a digital signal of keypresses/card information to a controller in a secure location. A super robust metal keypad is still flawed if it's possible to simply short some wires inside to open the door. The issue with the system I demonstrated here is that the wiring behind the keypad has a wire that can simply trigger the door to open. If all there is behind a keypad is a digital connection to an external controller, it's not going to be possible to attack this without simply brute forcing codes down it and even that could be prevented if the digital signals are encrypted. At that point, it would be easier to physically break the door down rather than to bother attacking the access control.
@@camerongray1515 Hmm.. Since I got your attention on this, and indeed you seem to be one of a few that actually plays with this stuff like me, could you do a very very simple test? Place the keypad behind a piece of 3/4" thick board like what you used to mount it but try to trigger the keypad by putting the fob to the board instead of direct to the face of the keypad. Will it pick up the signal THROUGH a WALL? That is the experiment. See, IF that is possible, you can HIDE the keypad INSIDE the wall but behind a skin thin enough to allow the RF signal to pick up the fob but thick enough to still be THE WALL. Inside a house or office the wall hiding the keypad face would be drywall or plasterboard as is called in some places. But on a BRICK exterior though? Hmm, a thin fake brick tile in front of the keypad hidden inside a recess in the wall? You can test this by placing a ceramic tile or piece of plasterboard in front of the keypad and try to trigger it with the fob. See, that is the idea I have to resolve the OBVIOUS device next to a door conundrum I am having in a bad neighborhood where break ins ARE prevalent. The door and prison lock then become real secure if the thief can not SEE a keypad or keylock switch to try and tamper with. And yes.. a controller placed in a secure location is key here lol! I have read some keypads with RFID sensors, allow you to remove the RFID sensor part and place it remotely some where to trigger the keypad too, but without the keypad electronics being present at the remote location, without having to buy some expensive networked access control system to achieve this. The manual PDF states you can place the plastic RFID sensor that just has the 2 wires attached to it, to say the outside of your front door with the keypad on the inside in a secure location. The keypad is made of plastic too so that makes sense no? BUT, can you HIDE the sensor behind say plasterboard or a thin brick and have it still work? THAT is the experiment I am wanting you to try since you DO have a keypad like that. Shoud be simple and real quick to know if the RFID signal is strong enough to pick up through tile, brick or plaster or wood panel.
Unfortunately I can't really test much with this since I'm currently using the power supply for another project and the rest of the parts are stored away although I imagine it's very dependant on the reader and fob used as to how strong the signal is. That said, a properly designed system with a reader that has a purely digital interface to a securely stored controller should be totally secure and can't be tampered with from the reader. Systems like these are commonly deployed in many high security applications such as datacenters without issue. I can't imagine hiding the reader to have any real benefit from a security perspective. You'd also realistically need some sort of manual override in the event of a system failure (either to cut power in the event of a fail safe lock or some sort of manual key lock if a fail secure lock is used). This is likely to be a much more likely plan of attack, the average burglar isn't going to be attempting to exploit a controller through an externally accessible digital connection.
Additionally, in high security environments it's important to have multiple factor authentication, you'd usually have both a key fob/card and then have to enter a PIN into the reader. This prevents people being able to use stolen/cloned cards as they won't know the PIN. Therefore you'd need to have an accessible keypad to enter the PIN.
Then again you do realise that they could have a normal door lock and they're only using this is a second-hand solution
They could and assuming you'd need to use both locks or if this is only used as a sort of basic form of access control when the main lock is unlocked then it's not necessarily dreadful assuming the risks have been considered. The issue is people fitting these in situations where they're the only form of lock on something that should be kept secure. I've seen these things used on "secure" car parks and doors to apartment buildings as the primary lock.
@@camerongray1515 I get what you're saying because there are some access control systems that are lot more secure for example Paxton net2 access control uses proximity readers and proximity fobs and it's configure the on a PC which I think is pretty cool what I'm going to be getting for my shed is a Paxton switch 2 controller to use on my shed but I also have a padlock installed on the shed door which makes it extra secure
Yeah, those systems do it correctly by keeping the actual brains that control the lock in a secure location so if someone were to remove the reader, there's not much they can do as it's a digital connection. I've used Paxton net2 briefly in a commercial office (although admittedly just to enrol a card, I didn't actually install it). My fear with the cheaper systems like the one shown in this video is that people see the Paxton systems in use in commercial settings then see the cheap devices on Amazon and think of them as being the same thing.
Watch 30:22
He’s jumping the relay. This could be done on a lot of systems. Even expensive ones.
A high end system will have the digital processing logic running on a controller in a secure location, on the outside of the door you would have a dumb keypad that would send a digital signal to the controller containing card information/pressed buttons. If an attacker were to remove the keypad, all they would have access to is this digital connection which can't simply be shorted out. With the system shown here, the system simply sends an open signal directly to the relay which can be shorted out easily.
IM GOING TO USE IT FOR A HIDDEN DOOR
gg my home feed
You just showed all the criminals how to bypass these type of locks with keypad
It isn't exactly difficult to figure out and there's already content out there showing how to do similar attacks on other locks, I felt it was more important to warn people about not using locks like this since chances are, criminals already know how to bypass these whereas the average person who isn't particularly security conscious will buy these on Amazon thinking "hey, it looks like the one I have at work" and not understand the risk. I view it the same as with cybersecurity, it's more important to talk about issues so that people are aware of them and can fix them rather than keep them secret since chances are, if the good guys can figure it out on their own, the bad guys can as well.
@@camerongray1515 you should do a video about similarly priced wiegand hardware, I bought a keypad and a basic controller off aliexpress for like 50 usd, although i guess the one you have in the video also includes the lock, i'm using mine to act as a wired garage door keypad
no sense video, the access controller must be in the indoor , the magentic lock too. An slave reader is settle al the outdoor.
This system doesn't have any sort of ability to use a "slave reader" and it clearly is designed to have the keypad on the insecure side of the door and the push to exit button on the secure side which is the issue. The way to do this correctly is to have an access controller where the actual processing is carried out by a device in a secure location which is connected to a dumb keypad on the outside of the door over a digital link. IMO there is no way to install the system shown in this video without it being vulnerable.
I'm NOT going to watch this video. I know you are going to talk about the lock relay being in a Keypad or reader available to anyone that is on the Unsecured side of an access control point. YOU get what you pay for!!!!!!! If you want to post a 32 minute video about defeating a CHEAP access control system go ahead. I am a professional security technician. I can assemble a door that I promise you that You CANNOT defeat.
It's not like I forced you to watch the video... The point is to demonstrate the issue to people who don't understand the security risk of such locks and end up using them where they're not suitable. It's not like I'm trying to act like some sort of security defeating god... No need to flex that you can assemble an undefeatable door, I'm not saying that I can defeat anything that's designed properly!
@@camerongray1515 Gotcha.
ARE YOU SPEAKING IN ENGLISH?