Understanding the Vulnerabilities of the standard Wiegand Format.
The Evolution to More Secure Card Formats is Moving Rapidly Away from the Wiegand Format.
The Wiegand Format Emerges!In June 1974, a German scientist named
John R. Wiegandfiled a US patent for a new type of sensing technology that was originally intended for the automobile industry. It was not really needed in the automobile industry at that time but eventually made its way into other industries for position sensing and then also into the electronic access control market.
John Wiegand discovered that by continually twisting, stretching, and annealing special alloy wires made up of cobalt, iron and vanadium, the wires would eventually hold a residual permanent magnetic field in both the shell and core of the wire. These magnetic fields are always opposite (i.e. one is north pole and the other south pole).
If the wires were arranged in small parallel strips and exposed to an external magnet of enough force, they would flip their magnetic fields to the opposite state and generate a voltage pulse. This is called the "Wiegand Effect" . See the image below.
Original Wiegand Swipe CardTo take advantage of this new discovery Wiegand produced a new ID card with small strips of wires sandwiched between two layers of plastic and arranged in a row with different spacing's to create an encrypted binary code when passed along the magnet of a swipe card reader.
He also developed a swipe-through reader that contained a permanent magnet and a pickup coil of standard copper wire that would produce a voltage output when the Wiegand strips passed by it.
The first company to produce and distribute this new technology to a large scale was Cardkey Systems™ who were based in California USA and had tremendous success in rolling out this new technology throughout the world.
Original Cardkey L40 swipe readerWhen the card was passed through the reader the series of voltage pulses (from the Wiegand wire strips passing by the reader pickup coil) were processed and then output on three wires to the host controller in a one-way bit stream like the diagram below.
This is called the Wiegand format and it consisted of 26 bits of data. The first 8 bits were used for a site code (i.e. 8 bits would enable 255 unique site codes) and the remaining 16 bits were dedicated for the card ID number.
So, the bit stream in the image below was considered the "go to" protocol for all new manufacturers entering the security control market. It did not matter what type of technology they were using such as Magnetic Stripe, 125Khz RFID Proximity, PIN Keypad, Biometric or wireless, the output from the devices still copied the same old original Wiegand format.
This enabled nearly all access control systems to accept different readers and cards from almost anyone without creating compatibility issues.
Vulnerabilities EmergeThis meant that in terms of security, the original Wiegand cards (with the strips of wire embedded into them) were extremely secure and almost impossible to clone unless you had a manufacturing plant and a team of highly skilled engineers. The vulnerability lies not in the card type but in the transmission format of the data stream from the reader to the access control system.
The Wiegand "data stream" is basic, unencrypted, unmonitored and can easily be intercepted with small unobtrusive devices and the captured data can then be used to create a new card. Furthermore, the readers could be removed from their location without any notification, as they only transmit data when a card is swiped through. Therefore, if they were removed, no one would know. In time, many new technologies evolved and, although secure initially, were eventually hacked as simple copying tools became widely available.
Over the years the tools to intercept the Wiegand stream or clone RFID cards became available to anyone. This drove manufacturers to devise new ways to make it more difficult to clone cards by moving from standard 26-bit format to 32 or 37 bits, or even higher. Then they scrambled the bits on the card so cloning would be more difficult.
At the end of the day the typical Wiegand format is now obsolete and new forms of encrypted "card data" transmission are being developed continuously.
New Reader Technology and Signaling FormatsWhat are these new formats? Enter Encrypted RFID technology and RS-485 and OSDP signaling protocols. These protocols are now universally available on nearly all new card readers and access control panels and they are poll and reply, which means the reader is always supervised. If it becomes disconnected, the access control system will report that it is “offline.”
Virtually all modern ISO 14443A, 14443B or 15693 readers support RS-485 with most manufacturers offering strong encryption modes. In addition to the fact that the readers are now supervised, they are exponentially more secure than even the proximity cards read by them, and in today’s world are no costlier.
In another article we will discuss the implementation of RS-485 and OSDP as the new standards for credential readers.