Open Sesame: Stack Smashing Your Way into Opening Doors


Physical security is the forgotten sibling of information security. This part usually is often offloaded to traditional security teams and especially to people that don't "get" what hacking is about.

However Physical Access Control Systems (PACS) bridge the wall between physical security and information security. These systems are more and more ubiquituous and more importantly they are becoming "smart" (aka always connected). Therefore they are becoming hackable.

This talk will feature a complete security audit of Idemia's Sigma Lite, a high-end PACS device that can be found in ministries, embassies or Fortune 500's companies and which controls user access, biometric identifiation and time attendance. It will cover attacks from the hardware, upgrade system and contactless protocol.


Sharing the same curse as Ian Beer, people thinks that Lucas GEORGES is not a real person. Or more precisely that a real person is behind this pseudonym. Honestly, what kind of parents would name their children after a world famous director ?

Well, my parents did that. To their defense I don't think they have seen any movie directed by my illustrious homonym.

Apart from that Lucas GEORGES is a veteran reverse engineer with 10 years of work under his belt, currently trading his brains muscles for Synacktiv against a monthly salary. He used to be particularly competent on Windows security but as the world is trying to step away from Microsoft prying hands, Lucas tries to do it too.