Bishop Fox on OSDP Weaknesses Putting Secure Facilities at Risk
Nexus: A Claroty Podcast
English - August 13, 2023 04:00 - 26 minutes - 18.2 MB - ★★★★★ - 4 ratingsTechnology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Jennifer Lyn Walker on Cybersecurity Risks in the Water Sector
Next Episode: Team82 on NAS Research, OPC UA Exploit Framework
In this episode of the Nexus podcast, Bishop Fox researchers Dan Petro and David Vargas explain their research into the Open Supervised Device Protocol (OSDP), meant to bring encryption to badge readers and controllers providing physical access controls at secure facilities.
Petro and Vargas explain a number of protocol weaknesses and vulnerabilities that defeat OSDP's promise of encryption and security. Through the attacks they describe, they're able carry out—among others—replay or downgrade attacks, which are enabled by severe key exchange vulnerabilities or weakened crypto keys as described in the protocol.
Petro and Vargas unveiled this research during a presentation at Black Hat USA in Las Vegas.