Aiphone: Another Digital Security Fail
Aiphone is a common door lock controller used for physical access control at sensitive sites like the White House and the UK Parliament. These are places where security is a paramount concern. They installed something that appeared physically robust, but didn’t fully consider the digital security of the system. When outfitted with NFC, the solution has a couple of critical design flaws.
The first problem is that Aiphone GT system with NFC allows unlimited attempts at the 4-digit PIN code to gain access. A cooling off period after a number of unsuccessful attempts is a simple solution that could have prevented this. With only 10,000 possible combinations, these systems can be hacked quickly
A secondary problem on this same system is that the authentication protocol is unencrypted and easy to emulate. This protocol may have been a default on the NFC subsystem. If the design team on a product is not designing for security, they might think that seeing it work as expected is good enough. Thinking like this can leave embarrassing and expensive security problems to fix when they’re made public.
Designing for Digital Security
Teleporte is designed for security from the beginning. Here are some tactics that may be helpful to consider when evaluating the digital robustness of an access control system:
- Exponential backoff: Increasing the time before a subsequent authentication attempt can be completed. Consider an algorithm that, as a user enters more passwords, waits an incrementally longer time after each incorrect attempt. The Teleporte Failsafe Unlock algorithm uses a factor of 5 seconds before reattempt, and doubles the time before the next attempt each time. This translates to the ability to only try authentication 10 times in 1.5 hours.
- Rotating codes: Changing the access code periodically. Even with exponential backoff, a user could still try a few new codes every day. Having the same access code available for months (or years) at a time could mean that eventually all codes could be tried. Unlike locks that accept the same static code to open, the Teleporte solution rotates require a new code every four hours.
- Suspending user accounts: Indefinitely suspending a user account from authenticating until a secondary method (Administrator verification) can be used to enable the account again. Teleporte Cloud uses this method when a user tries to authenticate (incorrectly) more than 15 times in a row.
- Encrypted transmissions: Obscuring the authentication requests between endpoints hinders a bad actor trying to authenticate to a system. If you can’t see what’s being used (4, 5, or in Teleporte’s case 105-digit codes) — it’s not easy to replicate or brute force in the first place.
When choosing an access control solution for anything you care about, we emplore you to put digital security at the top of your requirements list. Advanced technology is becoming more widely available and making it easier than ever for someone to gain access without physical force – and worse: without detection! Talk to us about your access control projects and we’ll help you understand the digital security considerations that are relevant to your application.