DEFCON32 took place last week in Las Vegas. As has been increasingly common, a number of the sessions focused on vulnerabilities and exploits related to security industry products:

Securing CCTV Cameras Against Blind Spots

Watchers being watched: Exploiting the Surveillance System and its supply chain

Open sesame - or how vulnerable is your stuff in electronic lockers

But one session in particular seems to be generating a lot of interest:

High Intensity Deconstruction: Chronicles of a Cryptographic Heist

PDF of the presentation (leaves a bit to be desired without the narration)

In this session a group of researchers outlined how they extracted the encrypted keys used in HIDs iCLASS SE readers. This session, and the implications of the exploit, have been analyszed online in a number of place already, eg: IPVM, Reddit, Wired, and my LinkedIn post.

Here, I'd like to dig a little deeper into this and discuss how to assess any potential risk to your organization, what this exploit means in practical terms, and how you can reduce your exposure if you are a user of these devices.