I am developing an access control system based on Particle devices [see: https://github.com/TeamPracticalProjects/MN_ACL]. The project consists of Argon-based RFID card stations and separate (Photon - based) RFID Lock hardware. The project heavily leverages Particle’s cloud security; specifically, card stations communicate their access control decisions to lock control hardware using pub-sub via a secure Particle account. The firmware is all open source, but the facility strictly limits access to their Particle account. Therefore, only access control devices that are claimed into this account can communicate with one another.
A hacker could modify our (open source) firmware to bypass some of the access control rules, but a hacker’s Argon could not communicate with lock devices without access to the facility’s private Particle account. Likewise, a hacker can’t OTA flash new firmware to a card access station’s Argon because the hacker doesn’t have access to the facility’s Particle account.
Here is my question: if a hacker locally compiles hacked firmware (via Workbench) and if they can gain physical access to a card station’s Argon (one that is claimed into the facility’s Particle account), could that hacker locally flash their hacked firmware onto the Argon and thereby gain access to other devices in the facility’s Particle account? For example, could a hacker who gains physical access to a station’s Argon, put the Argon in DFU mode and locally flash new firmware to the Argon with a USB connection, or does locally compiled firmware include some sort of access token that prevents this from happening if the hacker is not (was not) logged into the facility’s Particle account? If there is protection on local flashing via USB, is there some other way for a hacker to locally flash code to a Particle device that bypasses Particle account access control (but still leaves the Particle device claimed into a secured Particle account)?