CHCon 2023

Honey the kids tried crypto
2023-11-25 , Ngaio Marsh Theatre

"This talk will reveal weak cryptographic implementations in the commonly used ICT TSEC line of card readers for physical access control systems. Attendees will gain insights into three vulnerabilities that can be exploited by malicious actors, including AES-CBC plaintext manipulation, weak key exchanges, and default encryption keys.

Recommendations will be shared for developers to prevent these vulnerabilities on their own systems, covering topics such as authenticated messages, secure key management, and off-the-shelf encryption technologies like TLS. Real-world examples and proof-of-concept exploits will be presented to demonstrate the severity of these vulnerabilities.

By the end of the talk, attendees will understand the importance of strong cryptography practices in physical access control systems and will be empowered to secure their systems effectively."

I'm a first-year software engineering student at the University of Canterbury with an interest in cyber security.