SecTor 2025 | Behind Closed Doors - Bypassing RFID Readers & Physical Access Controls

The SecTor 2025 presentation demonstrates practical methods for breaching physical access controls, emphasizing that RFID readers are only one layer of a broader security ecosystem. Julius Dunuk, a red‑team specialist, showcases low‑tech tactics—such as using an under‑door tool to catch a handle on the opposite side—alongside more technical exploits targeting RFID systems. Key insights include the prevalence of default administrative PINs on readers, the existence of universal back‑door cards (e.g., all‑FF IDs) that persist after deletion, and the vulnerability of the Wiegand protocol, which transmits card IDs in clear text between the reader and controller. The speaker also demonstrates an EMP generator that can reset or fry lock hardware, though its reliability is limited. Notable examples feature a live demo of an all‑FF card opening a lock despite deletion attempts, and a Raspberry Pi‑based controller setup where the presenter removes the reader, disarms an alarm, and intercepts Wiegand traffic using a custom ESP‑based device. These demonstrations underline how physical manipulation and protocol sniffing can bypass even encrypted card technologies. The implications are clear: organizations must treat physical access control as a multi‑layered problem, hardening not only the credential medium but also the reader firmware, default configurations, wiring, and surrounding hardware. Regular audits, PIN changes, encrypted communication, and tamper‑evident installations are essential to mitigate the highlighted attack vectors.