all InfoSec news
Mellon - OSDP Attack Tool
OSDP attack tool (and the Elvish word for friend)
Attack #1: Encryption is Optional
OSDP supports, but doesn't strictly require, encryption. So your connection might not even be encrypted at all. Attack #1 is just to passively listen and see if you can read the card numbers on the wire.
Attack #2: Downgrade Attack
Just because the controller and reader support encryption doesn't mean they're configured to require it be used. An attacker can modify the reader's capability reply …