Posted on Tuesday, 20th March 2012 by Michael

Mid Atlantic CCDC Barcode Scanner Hack:

How many of you would of even thought that the scanner on the med station was actually hackable itself before myself and Brad went around hacking them with a simple piece of paper that left them unusable until reprogramed with another sheet of paper I gave to the white cell. How many of you were able to figure out how to fix them by researching the product and not going right to the white cell or Larry and Darren?

Up to this event I never really thought about how insecure barcodes were and never really thought how readily available they are for duplicating and circumventing security measures as well as possibly injecting attacks into other systems.

Check these YouTube videos for more on their dangers:

http://www.youtube.com/watch?v=cEDqdYBtpvg <= Three part video of a talk done on barcode hacking at Defcon. This gave me the idea for the attack at the CCDC.

While sitting at my office the day before the CCDC I was watching the twitter trend and notice someone uploaded a picture of the med station and you could see the scanner. I saved the picture and removed everything else out of the picture using gimp except the scanner. I then used the Google Goggles application on my android phone to take a picture of it and to have it tell me what model it was and who made it. In the first several links Google returned I found that it was a Honeywell barcode scanner model MetroSelect. Knowing this and having a few ideas of an attack based on the You Tube video above, I searched Honeywell site for the configuration guide that will provide the codes to configure the scanner. The guide can be found here: http://www.honeywellaidc.com/CatalogDocuments/00-02544%20Rev%20K%202-11.pdf . Side note once I got to MD, I found that we had our own med station and was able to confirm the model was correct as well. But the above gave me the ability to start my research and was actually 100% accurate.

The guide has over 116 pages of information and codes on how to configure the scanners. We used the information found on page 1-2. We made a quick disable print out and a quick enable print out. These codes allowed us to stop your scanners from scanning your badges until they were re-enabled. Though as you all know that was probably the least of your med station problems. Such as the Christmas incident, lock removal, lock additions, wifi attacks and so on.

Hopefully you find the info above informative and it gives you an idea how we think and plan some attacks.

Share

Posted in Blog | Comments (0)

Leave a Reply