Posted on Tuesday, 20th March 2012 by Michael
Mid Atlantic CCDC Barcode Scanner Hack:
How many of you would of even thought that the scanner on the med station was actually hackable itself? Before Brad and I went around hacking them with a simple piece of paper that left them unusable until reprogrammed with another sheet of paper that I gave to the white cell. How many of you were able to figure out how to fix them by researching the product and not going right to the white cell or Larry and Darren?
Up to this event I never really thought about how insecure barcodes were and never really thought how readily available they are for duplicating and circumventing security measures as well as possibly injecting attacks into other systems.
Check these YouTube videos for more on their dangers:
http://www.youtube.com/watch?v=cEDqdYBtpvg <= Three part video of a talk done on barcode hacking at Defcon. This gave me the idea for the attack at the CCDC.
While sitting at my office the day before the CCDC I was watching the twitter trend and notice someone uploaded a picture of the med station and you could see the scanner. I saved the picture and removed everything else out of the picture using gimp except the scanner. I then used the Google Goggles application on my android phone to take a picture of it and to have it tell me what model it was and who made it. In the first several links Google returned I found that it was a Honeywell barcode scanner model MetroSelect. Knowing this and having a few ideas of an attack based on the You Tube video above, I searched Honeywell site for the configuration guide that will provide the codes to configure the scanner. The guide can be found here: http://www.honeywellaidc.com/CatalogDocuments/00-02544%20Rev%20K%202-11.pdf . Side note once I got to MD, I found that we had our own med station and was able to confirm the model was correct as well. But the above gave me the ability to start my research and was actually 100% accurate.
The guide has over 116 pages of information and codes on how to configure the scanners. We used the information found on page 1-2. We made a quick disable print out and a quick enable print out. These codes allowed us to stop your scanners from scanning your badges until they were re-enabled. Though as you all know that was probably the least of your med station problems. Such as the Christmas incident, lock removal, lock additions, wifi attacks and so on.
Hopefully you find the info above informative and it gives you an idea how we think and plan some attacks.
Posted in Blog | Comments (2)
March 20th, 2012 at 6:13 pm
Surprizingly, The scanners being programmable was one of the first things I realized about the boxes. I actually work with them on a regular basis at work. (I work for a big box that has a mcdonald’s like IT group).
We actually had the reset codes printed and brought them over to Larry once we reflashed our audrino and realized that you all reprogrammed the scanners because our badges didn’t work.
Wish I knew that Larry had the manual printed already, woulda saved our team a minute.
Our one member is extremely fascinated with the box and we have been playing around with it the last 2 days, he actually has made it do some really cool things functionality-wise.
Corey B
JMU Team Captain
December 13th, 2018 at 5:11 pm
This may well be an old article but these scanners are still around. For anyone trying to follow the link to the manual, the current URL is: https://aidc.honeywell.com/CatalogDocuments/00-02544%20Rev%20K%202-11.pdf