惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

宝玉的分享
宝玉的分享
S
SegmentFault 最新的问题
Google DeepMind News
Google DeepMind News
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
aimingoo的专栏
aimingoo的专栏
The Cloudflare Blog
博客园 - Franky
阮一峰的网络日志
阮一峰的网络日志
I
InfoQ
V
V2EX
P
Proofpoint News Feed
F
Fortinet All Blogs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
酷 壳 – CoolShell
酷 壳 – CoolShell
D
DataBreaches.Net
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
L
Lohrmann on Cybersecurity
Recent Announcements
Recent Announcements
Latest news
Latest news
P
Palo Alto Networks Blog
博客园_首页
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
S
Securelist
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
博客园 - 【当耐特】
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
MongoDB | Blog
MongoDB | Blog
Blog — PlanetScale
Blog — PlanetScale
NISL@THU
NISL@THU
博客园 - 聂微东
Hugging Face - Blog
Hugging Face - Blog
V
Visual Studio Blog
云风的 BLOG
云风的 BLOG
P
Privacy & Cybersecurity Law Blog
C
Cybersecurity and Infrastructure Security Agency CISA
Cisco Talos Blog
Cisco Talos Blog
月光博客
月光博客
Security Latest
Security Latest
P
Proofpoint News Feed
小众软件
小众软件
T
Threat Research - Cisco Blogs
A
About on SuperTechFans
博客园 - 三生石上(FineUI控件)
C
Cisco Blogs
T
The Exploit Database - CXSecurity.com
爱范儿
爱范儿
罗磊的独立博客
Project Zero
Project Zero
W
WeLiveSecurity
U
Unit 42

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Total System Dominance: Chaining RFID, Sub-GHz, and Infrared Exploits
v. Splicer · 2026-06-27 · via DEV Community

The amateur hits one vector. The professional chains them all and walks out before the alarm even thinks about ringing.

Let me tell you something that nobody in the “cybersecurity industry” wants to hear. Most of these people are playing checkers while the real players are three moves ahead on a board they don’t even know exists. They write their little blog posts about “how to clone a garage door” and they think they’ve hacked something. Cute. Really cute. Like watching a toddler try to pick a lock with a butter knife.

I’ve been in this game for over thirty years. I’ve watched firewalls come and go like seasonal fashion. I’ve seen “unhackable” systems get carved open on a Tuesday afternoon with coffee in one hand and a $50 radio in the other. And the one thing I’ve learned that separates the script kiddies from the ones who actually run the show is this: no single exploit ever wins the war. It’s the chain that breaks the castle.

RFID. Sub-GHz. Infrared. Three protocols. Three completely different attack surfaces. And when you chain them together, you don’t just open a door. You own the building.

The Philosophy of the Chain

Here’s what the corporate security world doesn’t understand. They build systems in silos. The access control team doesn’t talk to the alarm team. The alarm team doesn’t talk to the HVAC vendor. Everyone has their little fiefdom, their little budget, their little “that’s not my department” excuse. And that fragmentation? That’s not a bug in their system. That’s the bug in their thinking.

When I approach a target, I don’t think in terms of “what’s the weakest link.” I think in terms of “what’s the path of least resistance that connects the most systems.” And that path almost always runs through at least two, sometimes three, completely different protocol layers.

RFID gets you past the front door. Sub-GHz gets you into the network. Infrared gets you into the devices they forgot even existed.

That’s not a theoretical framework. That’s a Tuesday.

RFID: The Key They Hand You on a Silver Platter

Let’s start with the one everyone knows and nobody respects.

RFID access cards. The backbone of every office building, every gym, every co-working space that thinks a fob with a blinking LED makes them secure. Here’s the dirty little secret: most of these systems are running on protocols that were designed in an era when “security through obscurity” was considered a legitimate strategy.

We’re talking 125 kHz low frequency. We’re talking 13.56 MHz high frequency. We’re talking the HID Prox, the EM4100, the MIFARE Classic (yes, still. In 2025. Unbelievable but true). These protocols have been broken so many times that the exploits are practically folklore at this point.

But here’s where it gets interesting. Most people stop at “I cloned the badge.” And that’s fine if you just want to get into the gym after hours. But if you’re playing the long game, cloning the badge is just step one. Because that badge doesn’t just open a door. It logs an event. It talks to a controller. And that controller is almost always connected to something else.

I grab the badge with a Flipper Zero in under 10 seconds. I don’t even need to be close for long. The read range on most low frequency systems is generous enough that I can walk past someone in a hallway and have their credential in my pocket before they finish their sentence about the weather.

But I’m not done. Not even close.

Sub-GHz: The Silent Highway

This is where the magic happens. This is where you go from “guy who cloned a badge” to “person who just compromised an entire facility” without anyone noticing.

Sub-GHz radio. The frequency range that controls everything from garage doors to car key fobs to wireless weather stations to industrial control systems. It’s the wild west of wireless communication. No encryption on most of it. No authentication. Just raw RF signals flying through the air like they’re shouting their secrets to anyone with a receiver.

Here’s the chain I run most often. I clone the RFID badge. I get into the building. Now I’m inside, and I pull out the Flipper Zero again, but this time I’m on Sub-GHz. I’m scanning for the frequency that the building’s access control system uses to talk to its alarm panel. And you know what? I find it almost every single time. Because the installer was lazy. Because the integrator cut corners. Because nobody ever thought someone would be inside the building listening.

Once I have that frequency, I capture the rolling code or the fixed code that the alarm system uses. And then I replay it. The alarm doesn’t go off. The security company doesn’t get a call. But I’ve now got the ability to arm and disarm the system at will.

And this is the part that makes security people lose sleep. The alarm system, the access control, the HVAC, the lighting controls… they’re all talking to each other over Sub-GHz in most commercial installations. It’s not some exotic setup. It’s standard. It’s boring. It’s everywhere.

I didn’t hack three different systems. I hacked one frequency that connects all three.

Infrared: The Forgotten Vector

Now let’s talk about the one that gets completely ignored. Infrared.

IR is the protocol that controls your TV. Your air conditioner. Your projector. The little sensor on the wall that tells the lights to turn on when you walk into a room. It’s everywhere and nobody thinks about it because it feels “too simple” to be a security risk.

That’s exactly why it’s so dangerous.

Here’s a real scenario. I’m in a conference room. There’s a projector controlled by IR. I pull out the Flipper Zero, I capture the IR signal from the remote that’s sitting on the table (I don’t even need to know whose remote it is, I just need it to be pointed at the projector, which it always is), and now I can control the projector. But more importantly, I can also capture the IR signals from the room’s climate control, the blinds, the lighting system.

And here’s where the chain completes itself. That room’s climate control system? It’s on the same network as the building management system. Which is connected to the same Sub-GHz backbone as the alarm. Which is triggered by the same RFID event I cloned an hour ago.

I didn’t break in. I walked in. I cloned a badge. I listened to the radio. I copied a remote. And now I control the temperature, the lights, the projector, the alarm, and the door locks. All from a device that fits in my palm and costs less than a nice dinner.

Why Nobody Talks About Chaining

The reason this stuff doesn’t get talked about in the mainstream is simple: it doesn’t fit the narrative. The narrative is “buy our product, install our firewall, sleep at night.” The narrative is not “here’s how a single person with $200 worth of gear can own your entire physical security infrastructure in under an hour.”

The bureaucrats don’t want you to know this because it exposes how cheap and fragmented their “security” actually is. The vendors don’t want you to know this because it makes their 50,000 access control systems look like toys.And the certified professionals don′t want you to know this because it devalues their 300/hour consulting fees.

But I’m not interested in their feelings. I’m interested in the truth. And the truth is that physical security in 2025 is a joke held together with duct tape and wishful thinking.

The Real Skill: Knowing When to Chain

Chaining isn’t just about technical ability. It’s about thinking. It’s about walking into a building and seeing the invisible connections between systems that were never designed to talk to each other but do anyway because some guy in 2011 just wired them to the same controller to save money.

That’s the skill. Not the tool. The tool is just a Flipper Zero and a brain that refuses to think in silos.

I’ve seen people spend weeks trying to brute force a network when the HVAC system was broadcasting its credentials over Sub-GHz the entire time. I’ve seen people try to bypass an RFID reader when the infrared sensor next to it would have let them walk right in if they’d just thought to look.

The best hack isn’t the most complex one. It’s the one where you connect three dumb mistakes that nobody else thought to connect.

A Final Word to the People Who Think They’re Safe

You’re not. Your badge can be cloned in seconds. Your alarm frequency can be captured from the parking lot. Your TV remote is broadcasting its codes to anyone with a $50 device. And none of these systems talk to each other in a way that would catch the chain.

That’s not paranoia. That’s just Tuesday.

The systems were never designed to defend against someone who thinks laterally. They were designed to defend against someone who thinks like a burglar from 1995. And that’s the gap I live in. That’s the gap I’ve always lived in.

So the next time you badge into your office and feel safe, just remember: the door you walked through, the alarm that didn’t ring, and the lights that turned on automatically… they’re all just waiting for someone who knows how to chain them together.

And that someone might already be in the building.

If this kind of thinking speaks to you, and you want to go deeper than what the official docs will ever show you, I put together a couple of things that might interest you. No fluff. No corporate nonsense. Just the stuff that actually works.

The Flipper Zero Black Book 2026: 100+ Tricks & Payloads They Don’t Put in the Docs

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。