Re-posted with permission from Identiv and edited.
Have you heard yet about the story from Forbes magazine about the cybersecurity vulnerability in Software House access control systems?
Due to the vulnerability, a Google engineer was able to hack the system and send untraceable commands over the network, allowing him to open doors without credentials, as well as block credentialed employees from opening doors they had authorization to use.
The panels in question now have to be replaced, there is no firmware upgrade, and the only way forward is to pay for an installer to replace, rewire, re-configure, and re-test all hardware.
What Might This Mean to You?
This type of security breach is not a possibility with Identiv’s Hirsch Velocity Software. Hirsch access control systems have been designed from the beginning with a commitment to both physical and cyber security.
Hirsch SNIB2 and SNIB3 encryption use unique, random keys and initialization vectors for each controller IP port. These new keys change with each new connection, including service restart or network interruption. In fact, Hirsch has been encrypting data long before TLS and AES; our data packets are encrypted, serialized, and hashed — meaning that replay, masquerading, and interception attempts are detected and managed (sent back to the host system as an alarm) by the Velocity application.
Hirsch implemented these cybersecurity measures years ago, and have since added the latest industry encryption capabilities, as well. Velocity systems are penetration-tested and FISMA-certified to meet government security standards around the world.
What to Do If This Does Affect You?
Identiv strongly encourages customers to always separate security networks from business networks, if possible. Even when this is impossible or impractical, Identiv has safeguards already in place to protect against incidents like those that affected Google.
Don’t let your own employees hack your doors wide open. Take necessary precautions to prevent either the accidental or intentional compromise of your access control system. If you are concerned about the cybersecurity of your access control system and would like to speak with your local ISG member about the Hirsch Velocity system from Identiv and how it can address your requirements.
Original article written by Mark Allen for Identiv.
