Cyberattackers can exploit access control measures installed on supposedly secure facility doors to gain unauthorized building access to sensitive locations — as well as breach internal IP networks directly from these systems, researchers are warning.

In a closed-door session at Black Hat Europe 2023 this month, analysts at Otorio demonstrated how attackers can easily subvert modern physical access control systems (PACSs), which are typically installed by secure doors in the form of a badge-scanner, card-swiper, or keypad.