IVI053
commented
4 years ago As encryption has only limited impact in the event of physical attacks on hardware I suppose to implement intrusion detection to detect tinkering with the devices. If a possible attack is detected the corresponding device should be treated as unsafe until marked as safe by a trusted person.
The communication between RFID scanner -> client and keypad -> client are not encrypted. An attacker can simply record the communication and login with the wrong identity.
To protect the communication it need to be encrypted.