Exploiting Elevator Security Weaknesses - Deviant Ollam, The CORE Group

the videos dont play :( this sucks

I love how in our office building they have upgraded the keycard system for the elevator to something really secure that can't be cloned. Now to reach floors you are not supposed to, you really need to take the stairs.

I don't care about elevators, but I watched the entire vid because this speaker was that interesting.

"why does someone needs a key for this master lock?" Seconded. Master locks don't require keys.

Go watch the defcon 22 talk instead. same content but slides are timed correctly and videos play.

"How often do you notice this stuff when you get into elevators?" Now? Yes.

If you can't get on an elevator because every cab is always full, ride up to the top floor instead, come down from there.

Pushing all the floor buttons in a 34 story freight elevator will keep it busy for at least 45 minutes. Don't ask how I know. :)

Elevator software is like most traffic light software. It's stuck in 1960. A $20 Raspberry Pi and a high school student writing the code could do far better at making elevators vastly more efficient than what's installed in 95% of buildings. Sadly there's little competition, everything is proprietary, and elevator manufactures want huge sums to update existing systems so most never get updated and are beyond stupid in their operation. Even brand new installations are handicapped by the manufacturer charging huge sums for additional software features that should be standard and cost the manufacture nothing. We need a new competitor to shake up the status quo.

The railroad still uses old locks I have a old Santa Fe keys that were my grandfathers it still opened the switch house

What's up with the "non-union" bullet point? Is that supposed to be a feature?

Sounds like any piece of Tech. All the bells and whistles in the world wont matter if nobody cares to enable them. Im just happy that the physical safety is so highly engineered/regulated that bodily safety isn't hinged on the owner of a building having cared...... EDIT: Scratch that. Sounds like you can still walk in an elevator that is about to light on fire.

Missing the demo videos...

If it is on independent at 2 in the morning? Probably the janitors. I was working security someplace with a contractor who needed access to the lift. I told the janitorial crew "do NOT put it on independent." "Ok. Ok." They put it on independent anyway, and I got screamed at by the contractor for not being able to access the lift...which I couldn't do because the janitors put it on independent AFTER I told them not to, and explained that the contractor needed access to it...and the janitors just blew me off.

It's kind of ironic that they say in case of a fire do not use the elevator while there is a fire service key to let the firefighters use the elevator. I wonder if they just say that so only the firefighters could use the elevator in an emergency?

Thank you...Awesome talk

This somehow reminds me of when I figured out vending machines have special button press codes, and I never payed for drinks in highschool because of it

I saw an elevator which had a couple of sunken pads on the frame of the door and a couple of pins on the door, the pins shorted the pads so the elevator could know when the door was closed. This meant you could leave the door open while the elevator went its way and exposing the void by using a simple paperclip. Also, the pads were live, so if you happened to get a finger in there and touch the grounded elevator you would get the shock of your life.

When will we have an elevator that has buttons you can unpush

hell, ive worked in a building built in 2000 and the elevator controller ran on os2 wrap.