physicalPhysical Security

Our consultants are always investigating the capabilities of new technologies; and collaborate and help develop open-source projects. Our team specialises in digital locks, such as Bluetooth LE devices or the more popular Radio Frequency Identification (RFID). A popular hacker hobby is lock-picking, and out team are proficient at assessing the level of security of padlocks, door locks, internal locks, desk drawers and cabinet locks.

Our consultants use the Crime Prevention Through Environment Design (CPTED) methodology when assessing on-site physical security measures.
Design and assessment methodology:

Access Control & RFID

Our testing tool of choice is the Proxmark3, the Proxmark3 is the swiss-army-knife of tools when it comes to RFID hacking. We can analyse and assess several commercial systems; Low frequency access controlled systems are by far the easiest to clone and attack. High frequency tags and badges vary in degree in difficultly depending on the manufacturer and implementation of the system. We have cracked the cryptography of a number of default cards and manufacturers and can consult on a number of solutions.

Lockpicking & Safe Cracking

This is mainly of concern for small business and startups that used shared office space, but can include medium to large enterprises concerned about espionage. We can assess the strength of your door/desk locks and some commercial safes. We can make you aware of the different types of attack and provide guidance on how to alter your environments and change types of locks to lower the risk of physical attacks.

In addition to our technical and practical approach, to perform real-world attacks to properly assess and demonstrate the strength of your physical security implementation. Below are some images of our tools used in these engagements:
proxmark image
Figure 1: Proxmark3 assessing security of a council RFID library card
proxmark image
Figure 2: Basic lockpick set