Your browser does not support JavaScript!

Security Audits Reveal Vulnerabilities with Proximity Cards

If You are Using Standard Proximity Cards Your Security System is at Serious Risk of Compromise.

Vulnerabilities of RFID credentials

Security Audit on 125KHz Credentials - Failed!

The standard proximity reader and contactless proximity card are ubiquitous throughout the world for use in access control and payment systems as well as asset tracking in industry.

However, in terms of the security they offer, they have past their use by date and maybe the single most vulnerable point of your entire access control system.  This presents serious risks for your organization and people.

The first culprit is the typical RFID (Radio-Frequency Identification) card that transmits its data at a frequency of 125 KHz. These cards were great in their day but are now so easily cloned with a $20 reader from eBay and it takes less than 10 seconds to create a new card from an existing one.

Even if the attacker does not have an original card to start with, they can easily produce of suite of 256 cards that will probably give them entry to most of the buildings around the world that use the standard 125KHz prox card.

More sophisticated cloners can carry a small long-range aerial in their backpack and clone these cards from around 6-9 feet away from the person carrying their card without the victim even knowing.  Even the more secure Mifare classic card that was meant to offer a greater level of security by transmitting at a frequency of 13.56MHz can easily be hacked by an android phone with a publicly available app.

Touchless Access Control

Person using Mobile Credential to Gain Entry Through Door What is the solution to overcoming these vulnerabilities?

First step is, move to a higher level of security and upgrade your proximity cards to Mifare Plus, iClass, Legic, or Desfire and set up the access control system to read not the UID number but the user's credential stored in a secure sector of the card.

Another solution is to have two factor authentication. This could be a proximity card and PIN (Personal Identification Number) at doors such as the server room and main entries to the facility, etc.

A more secure method would be to replace your existing proximity readers with new models that can read cards and/or fingerprint credentials from a mobile phone. Many organisations have done away with the proximity card altogether and just use

mobile access

 with a digital credential embedded inside the phone. This method is secure, less expensive, and reduces administration time significantly.

We suggest you use an

Access Control Consultant

 to help navigate this technology and develop a solution that will seamlessly integrate with your existing

physical access system.

Please call us on 1300 952 785 if you would like us to conduct a

physical security audit

  and provide an assessment of the security level/vulnerabilities of your current access control system.