Question B.01 : Why was the Spider Blocker created?

Hacking & reverse-engineering is affecting copious amounts of hardware & software products. Electronic Access Control Systems are not exempt from this, and have even become a focal point.

Consumers pay an average cost of $4,000+ per each electronically-unlocked door, up to 2,000% more than traditional locks.
(“Hard-keyed” locks cost around $200).

Recently, major vulnerabilities in these systems have been exposed. When these risks are not proactively and retroactively addressed, the actual protection value of the systems will be exaggerated.

  • What if each $4,000 premium security investment, was no better than a standard $200 lock?
  • What if the premium security system actually weakened the buyer’s security posture?

From a criminal vantage-point, (and armed with select hacking tools in hand), your card reader itself, can be used as their key  to gain access into your facility. We created the Spider Blocker to prevent this.

Question B.02 : Is the Wiegand signal one of these vulnerabilities?

Yes, it is.

The vast majority of manufacturers utilize Wiegand signals, for the transmission of sensitive credential data from readers to controllers.

However, Wiegand signals are not safeguarded by any type of software encryption or hardware protection. Data signals from the reader to the controller are transmitted in simple binary form.

A perpetrator is able to gain access to this signal, without impedance, in almost all cases.

Question B.03 : Can you provide more specific information on the hacking technologies that exploit Wiegand?

Many hacking devices are being developed to exploit the Wiegand signal. We have created a PDF report you can view here.

Question B.04 : How prevalent is the problem of building access control systems being hacked?

It’s of utmost importance to note, that during the entire MitM insertion process (before, during, and after), that there are no aesthetic, functional, operational, or performance traces of these hacking modules ever being deployed. 

Everything will work as normal.

Security systems are not designed to sense, detect, or to account for MitM devices in any way.

  • In virtually every case: No alarms will be triggered when an access device has been removed from its normal, mounted position.
  • Accessing and implanting a MitM device onto a live Wiegand signal, can occur while avoiding detection.
  • After insertion, the MitM device will be hidden behind that access reader, and cannot be seen from outside of it.
  • Once the MitM is installed and operational: No peculiar system performance anomalies would be sensed that would trigger any alarms, or warrant any suspicions.

A customer may be exploited for months or years before any MitM  breaches are found, if the devices are even discovered at all.

Because of this, coupled with a likely reluctance by any entity to disclose responsibly, and topped by the fact that there are very few countermeasure options to preventing these attacks: Exact & precise data on documented occurrences are very difficult to gather.

Question B.05 : Can [2FA] Two-factor authentication (like Card+PIN) prevent MitM attacks?

No, 2FA does NOT prevent MitM attacks.

2FA only dissuades other types of attacks, such as card cloning or theft. 2FA can deter a perpetrator who might have physically stolen, or has copied the data from a working access card. But without knowledge of that card identity’s matching PIN Code, they would be prevented from entering the secured space.

Requiring [Card+PIN] will not neutralize MitM devices. The reason for this is that access card credential data and numerical PIN keystrokes are both transmitted via vulnerable Wiegand signals.

With MitM devices able to capture both factoring data pieces, 2FA requirements can be quickly circumvented.

Question B.06 : What alternatives are there to either protecting or replacing Wiegand signals?

These are the options available:

1- Upgrade to OSDP (Open Supervised Device Protocol). OSDP is growing momentum as the ideal alternative to Wiegand, and is able to utilize all existing cables. However, it requires replacing all current equipment with OSDP-enabled access readers and controllers.

2- Upgrade to other manufacturer-specific (proprietary) products  that offer secured signal transmissions. You may need to replace cablings existing cables, but will undoubtedly need to replace all reader and controller hardware.

But a tale of caution when using a proprietary system:

  • Without (open-source) competition, prices can be expectedly much higher than industry standards.
  •  A consumer may become “locked into one” service provider, without a network of competitive service providers. There are many cases of customer dissatisfaction in these circumstances.

3- Upgrade to a new IP-based access system. This will require all new (ethernet) home-run cables (with much shorter maximum cable lengths), and new IP-based access readers and controllers. This option is likely to be the most expensive method.

4- Enhance your existing system with the addition of Spider Blockers. 

System replacement is optional, and not mandatory!

With this simple hardware enhancement, you system would be protected against all of the very same threats as the other methods listed above, but with a huge difference: Your system will also be protected from MitM devices that will be released in the future.

Spider Blockers are the #1 solution against MitM hacking, and also the only one that is signal-agnostic (future-proofed).

Question B.07 : How secure is OSDP? And how do I use it?

OSDP utilizes bi-directional communications between the reader and controller, offering a more secure alternative to Wiegand (which uses 1-way communications).

Deploying OSDP is typically composed of installing an OSDP-compliant access device (e.g. Card Reader), communicating to an OSDP-compliant controller or OSDP-to-Wiegand signal converter.

A system upgrade would typically require replacing every single card reader and access controller, to OSDP-compliant hardware. New premise cabling are sometimes required, and access cards may also need to be re-furnished.

It is of high importance to note. that OSDP makes no guarantees that it cannot ever be hacked or reverse-engineered, as the Wiegand signal has been.

Question B.08 : Do we have to choose between OSDP and in deploying Spider Blockers?

No, you don’t have to choose between one or the other.

In fact, we recommend that you use both. In doing so:

  • OSDP can establish 2-way communications between your access readers and controllers, and migrates away from the useage of unencrypted signals.
  • Spider Blockers will safeguard physical access to active data wires, and hence preventing malicious acts from occurring thereafter.
  • Spider Blockers will provide additional security layers to protect your system against other threats, such as preventing against Power Manipulation Tactics.
Question B.09 : What does the Spider Blocker do, and how does it work?

The Spider Blocker provides hardware-based protection for access control systems, and against against a multitude of threats.

As an anti-tampering module, the Spider Blocker is initiated by a tamper alarm signal that will trip when someone removes an access reader from its mounted position. When the alarm is sensed, key protection layers will be activated, as outlined here in this chart.

Adding even more value, the Spider Blocker can also serve as an ideal Door Lock-Down Module.

A hardware-driven component that can help mitigate threats in dangerous situations (i.e. Active Shooter scenarios); that is not prone to network latency, infrastructure downages, or server crashes.

Connected to a panic button, lobbies & public areas can be quickly locked down by the Spider Blocker, should a hostile situation arise.

Question B.10 : How can I know if we are an ideal candidate to use Spider Blockers?

The Spider Blocker is compatible with over 99% of all access control systems. Feel free to contact us if you have specific questions.

 
Question B.12 : How does the Spider Blocker get triggered into alarm?

There are 4 ways that the Spider Blocker may be activated:

  1. The removal of an access reader from its mounted position should trigger the Spider Blocker via tamper alarm switch.
  2. The Spider Blocker can be remotely activated with a computer controlled relay. (e.g. A CCTV operator sees a perpetrator tampering with a reader on camera – they can shut down the reader remotely using their access system software and activating a relay output.
  3. When appropriate tamper switches are installed, cutting/tampering of the reader’s “home run” data cable may activate the Spider Blocker.
  4. (When used as a Lock-Down Module): A panic alarm switch can be wired into the Spider Blocker to secure an area.
Question B.13 : Why didn't my previous security company connect Tamper Switches on our readers?

For several decades, Reader Tamper Switches were widely considered to be a non-critical, optional connection… as there were not yet any MitM technologies created that could hack Wiegand signals.

For a long period of time, security companies did not have have to be concerned about their readers getting hacked.

In 2007, a hacking presentation exemplifying vulnerabilities in Wiegand changed this notion. At that year’s DefCon hacker conference, Wiegand was hacked using the “Gecko”, as demonstrated by security researcher Zac Franken.

But given the available technology at that time (as available to the masses), the Gecko was relegated to an overly large form factor –  meaning it was too bulky to deploy without being easily detected.

In more recent years, electronic components have shrunk greatly in size. The advent of technologies such as “Bluetooth Low Energy” or the ESP8266MOD miniature WiFi Module, have allowed more powerful versions of the Gecko to be developed.

Actual examples  would be the BLE-KEY in 2015, the ESP-KEY in 2017, and the ESP-RFID in 2018.

Question B.14 : Can I just simply connect my readers' tamper switches directly to my control panels?

No, it is highly unlikely that an access reader can be immediately connected to a security panel. This is due to 2 main issues:

Problem #1- With reader hacking being a fairly new problem, most manufacturers have not actually built tamper switches into their access readers.

Problem #2- For those that do have them, their Tamper Switches usually output a 1-wire “open collector” signal. The problem with these outputs, are that they cannot be connected directly to security panels, which require 2-wire “dry contact” signal connections.

To be fair, by using 3rd party electronic components, you can bridge this (1 vs 2 wire) signal incompatibility. But simply monitoring this tamper alarm does not actually neutralize any of the harmful threats that MitM hacking modules can execute…which the Spider Blocker has been especially created to do.

Question B.15 : Can the Spider Blocker help resolve this 1-wire (reader) vs 2-wire (panel) disparity?

Yes. The Spider Blocker bridges the gap by converting the reader’s “1-wire signal” to a universally compliant “2-wire signal” that all control panels can monitor.

Question B.16 : Will I need to run new cables to my Access Readers, to monitor their tampering status?

If you currently have a 6 conductor “home run” cable running out to each Reader, you probably won’t need additional cables to account for the new tamper connection. Here’s why:

The typical wiring scheme of a 6 conductor cable connected to say, an HID Multiclass or iClass Reader, is as follows:

“HOME RUN” CABLE to HID (Reader Function)

RED to RED (+12VDC)

BLK  to BLK (Ground)

WHT to WHT (D1)

GRN to GRN (D0)

BRN to BRN (Red LED)

BLU to ORG (Grn LED)

**** to VIO (Tamper) *this wire is typically left unused

As you can see above, the BRN wire of the “home run”  is typically wired up to power on the Red LED.

However, since most access reader LED’s are already normally Red in color by default, this connection is unnecessary. As such, the BRN (Brown) Conductor can be freed up for other purposes, such as for connecting the access reader’s Tamper Switch to the control panel.

Our recommended rewiring work is as follows:

“HOME RUN” CABLE to HID (Reader Function)

RED to RED (+12VDC)

BLK to BLK (Ground)

WHT to WHT (D1)

GRN to GRN (D0)

**** to BRN (Red LED) *leave disconnected

BLU to ORG (Grn LED)

BRN to VIO (Tamper) *or connect to an external tamper switch

Note: This may not apply in every instance. If not, you may need to install a new conductor in between your reader and control panel to accommodate the tamper signal.

Question B.17 : What if my access reader device outputs a 2-wire 'dry contact' tamper switch?

In this case, connection to the Spider Blocker will be made easier.

2-wire ‘dry contact’ outputs come in two formats, “Form A” and “Form B”. Here are the configurations to accommodate both types:

*Reader Configuration for a 2-wire “Form A” (Common & Normally Open) Reader Tamper Switch:

  • Place a small jumper wire in between Reader Ground and Tamper Common
    Connect the Tamper Switch’s Normally Open connection, towards the Spider Blocker’s Trigger Input
    Set the Spider Blocker’s S2 Switch to “Mode A”

**Reader Configuration for a 2-wire “Form B” (Common & Normally Closed) Reader Tamper Switch:

  • Place a small jumper wire in between Reader Ground and Tamper Common
    Connect the Tamper Switch’s Normally Closed connection, towards the Spider Blocker’s Trigger Input
    Set the Spider Blocker’s S2 Switch to “Mode B”

 

Question B.18 : How do I configure the Spider Blocker to accept a N.C. or N.O. 1-Wire Open Collector Tamper Switch?

To accommodate for a N.C. 1-Wire Open Collector Tamper Switch (MODE A):

  • Set Switch S2-1 to ON
  • Set Switch S2-2 to OFF
  • Set Switch S2-3 to ON
  • Set Switch S2-4 to ON

To accommodate for a N.O. 1-Wire Open Collector Tamper Switch (MODE B):

  • Set Switch S2-1 to OFF
  • Set Switch S2-2 to ON
  • Set Switch S2-3 to OFF
  • Set Switch S2-4 to OFF
Question B.19 : What happens when the Spider Blocker is tripped into alarm?

The Spider Blocker itself offers Ten Layers of Protection. When  triggered into alarm, the following countermeasure actions occur:

1- Power is disconnected to the Reader preventing “Card Skimming”. Most MitM hacking modules rely upon the 12VDC signal existing at the Reader. Disconnecting the power signal will disallow the MitM from utilizing this voltage and in becoming operational. Secondly, the removal of power also protects against Power Manipulation Techniques.

2- The Reader’s Data lines are severed preventing “Card Replaying”, which is the act of manually transmitting data upstream, with the intention of having the access control panel unlock a door, for the perpetrator (or an accomplice) to enter.

This is especially critical in neutralizing self-powered MitM hacking modules (i.e. as with the BLE-KEY), as severing the data lines will disallow its capability to attack.

3- The Spider Blocker will permanently latch, and the Red “Alarm” LED will be illuminated (Providing a physical, visual indicator of a breaching attempt.)

4- Alarm Output Relay #1 is activated. We recommend this output to be utilized for security status monitoring.

5- Alarm Output Relay #2 is activated. We recommend this output to be utilized for auxiliary purposes, such as in: A) Activating audible sounder alarms, B) Signaling a secondary monitoring system (such as a burglar alarm panel), C) Securing Door Locks (e.g. Door Lock-Down), or D) For many other practical uses.

Question B.20 : What should I do if my Spider Blocker becomes activated into alarm?

If your Spider Blocker is tripped into activation: Take caution in not acting too quickly into resetting it.

You should immediately contact your security vendor, to have them take a closer look at the reader. They are the best candidate to know what they did, and did not  install.

During their physical inspection, ensure they seek out any potential MitM modules that may might been implanted.

If a module is indeed discovered: Take pictures of it and ensure then completely remove it from your system.

Reset the Spider Blocker only after any foreign modules are either: A) A MitM has been confirmed to not have been installed, or B) A MitM has been confirmed  installed, but subsequently removed.

Our full instructions on “what to do” can be downloaded here.

Question B.21 : How do I reset the Spider Blocker?

First, the tamper alarm must be cleared (re-mount the reader into its normal, permanent position). Afterwards, there are 2 ways to reset the Spider Blocker:

  1. There is an onboard pushbutton that can be pressed for local reset.
  2. Send a 1/2-second pulse of a “short” into the Remote Reset input.

You’ll have visual confirmation of a successful reset, as the Red LED will turn off, and the Green LED will illuminate and stay lit.

Question B.22 : What are the ideal uses for the Spider Blocker's Remote Trigger input?

The Spider Blocker’s Trigger input has 2 main uses:

  1. Wire it onto an output of your access control system. Once connected, it can be manually activated by an operator, or it can be grouped along with other Spider Blocker-equipped doors to allow for site lock-down purposes.
  2. Wire it into a panic button. Once connected, it can be manually activated by an person (i.e. Receptionist), and can be set into alarm for door lock-down purposes, should a hostile event occur.

Question B.23 : Where is the best place to mount a Spider Blocker module?

The best place to mount Spider Blockers are in a locked security enclosure, inside a secure room within of your facility.

Never mount it outside, or in unsecured locations.

We include a pair of high-tack, double sided 3M Foam Mounting Pads with every module.

For higher density, more secured, or DIN-rail mounting, we offer the SSP-SBL-301-MNT Universal Mounting Kit.

Question B.24 : Why doesn't the Spider Blocker need to be programmed?

We created the Spider Blocker using electro-mechanical components: Intentionally voiding it of any type of programmable logic, firmware, or software.

In addition, security-related technologies, whenever possible, should be attempted to be secluded from networks, software-driven logic controllers, and the IoT. 

As each of these examples run the possibility of being hacked, firmwares corrupted, and require additional levels of maintenance in some form to ascertain intended operations. An overwhelming majority of vulnerabilities, are software-based.

Hardware-based solutions in general, are typically more reliable & dependable.

Question B.25 : What is the difference in between the Spider Blocker Module, and the Spider BlockerBox?

The BlockerBox is simply a packaged solution that contains (Qty 8) Spider Blocker Modules, pre-fabricated inside of a wall-mountable & lockable wiring enclosure.

As space inside existing security panel enclosures can be very limited: The BlockerBox helps alleviates this issue promoting neater cable management and overall serviceability.

Question B.27 : Where is the ideal mounting location of the Spider BlockerBox?

We recommend that you mount the BlockerBox in a secured room, preferably nearby the access controller enclosure.

Keep in mind the following:

  • The enclosure door’s hinges are removeable, so you can switch the pivoting side either left or right. However- If you move the hinge to the right side, you may need to relocate the enclosure’s tamper switch to the left side.
  • If you are installing the BlockerBox onto an existing system: Consider the wiring length’s reach. You want to ensure a proper balance of cable slack on both the panel-side cabling, as well as on the door-side cabling.

Question B.29 : Is the Spider Blocker UL Listed?

The Spider Blocker PCB Board/Module is UL-94 Compliant. We will be obtaining additional UL Certifications in the near future.

Question B.30 : Should we only deploy Spider Blockers onto the most important doors of our buildings?

We recommend provisioning Spider Blocker for every access device on your system.

Your system is only as strong as its weakest link. Neglecting just one device, creates a a void in your overall security posture.

The primary objective is to eliminate the any & all possibility of card cloning or data replaying. Just one compromised credential, derived from a single unprotected reader, can create havoc in any organization.

Question B.31 : Can the Spider Blocker identify when a counterfeit/cloned access card has been used?

No, it cannot. Cloned access cards are often perfect identical copies of the originals. 

With the Spider Blocker we focus on the root of the problem: By disallowing the theft of the data credentials (out of access readers) to begin with. Without this data, a perpetrator would need to find other means to steal credentials. And there are ways  to prevent those other actions as well.

Question B.32 : Does the Spider Blocker store, analyze, process, save, or record data in any way?

Noit does not. All information from the reader is either passed through to the controller as-is, or expires instantly.

Not a single bit of data is stored in the Spider Blocker.

Question B.33 : Why is the Spider Blocker the ideal choice for initiating door lock-downs?

The Spider Blocker is the #1 ideal choice to serve as a Door Lock-Down Module.

A hardware-based component that can help mitigate threats (and losses) in dangerous situations, such as Active-Shooter scenarios.

Unlike software-based Lock-Down commands, it is not prone to network latency, infrastructure downages, or server crashes.

Connected to a panic button, lobbies & public areas can be quickly locked down with card readers disabled — should a hostile situation arise. The assailant’s access would be compartmentalized, and they could be hindered from crossing into additional areas.

Question B.34 : How is the Spider Blocker able to provide cable 'line supervision' monitoring?

Wiegand-based Card Reader “home run” cables are fully exposed, bearing no supervision whatsoever. This permits the potential for exploitation, without detection.

When the Spider Blocker is connected to a Normally Closed Tamper Switch (such as a Spider Tamper Switch), it opens up the capability into providing crucial monitoring & supervision of the cable.

Once set up: If the cable was to be cut/tampered anywhere in between the Reader and Control Panel, the Spider Blocker will be tripped into an Alarm and can be configured to alert Security of potential foul play.

Question B.35 : Does the Spider Blocker provide encryption?

No, it does not. But it also doesn’t need to.

The battle of encryption vs. decryption is a ‘never-ending arms race’.

Norton Antivirus was initially launched by Symantec in 1989. Even to this day: They still cannot fully guarantee that a protected PC can’t ever become infected or hacked into. 

RSA 4096-Bit encryption was once considered unbreakable, but was successfully reverse-engineered in 2013 using a microphone

The problem with encryption — is that it cannot ever be guaranteed to be free of potential decryption in the future. 

Instead, we have designed the Spider Blocker to prohibit physical access onto operational data signal lines altogether… regardless of what signal types they may be carrying. 

No access to “live signals” = No potential for manipulation.

×
×

Cart