Secure access control cards are as vulnerable to cloning as bank and credit cards! In part one of this blog we looked at the potential dangers to any organisation that uses these cards. Here in part two, we look at practical steps you can take to lessen the security risk to your organisation.
Being Aware of the Dangers
Unfortunately, it is quite easy to clone certain access control and identity cards these days. With brazen offers of illegal cloning and card spoofing technology online, we are starting to see many organisations (especially larger and more security conscious ones) becoming more aware and wary of these potential problems.
At TDSi we are finding that more and more of our customers are asking about the dangers and what can be done to address them. Some organisations have asked whether they need to scrap all their proximity cards and the simple answer is no, not necessarily!
Naturally, the first step is to be aware of the risks, and once you have achieved that there are sensible steps you can take. It’s vital to implement and enforce a company policy that encourages staff to protect and guard their cards at all times. If criminals want to get up to no good, they will, so don’t give them the opportunity!
Practical Protection Steps
There are other measures that can be implemented as well. It is possible to buy special cases or wallets for cards that protect the credentials from being ‘sniffed’ (i.e. copied in situ). These products recognise that criminals are an unfortunate reality, but that the individual can protect themselves against the generalised threats more easily. This is also a great basis for any organisation’s security policy.
If you are adopting card technology for the first time, there is even more scope to protect these security credentials. Firstly, be aware that proximity cards are the easiest to clone and therefore the most potentially vulnerable. For many organisations this won’t necessarily be a problem, but for those with particularly stringent security requirements, they may not be suitable.
MIFARE Classic cards and particularly the serial number versions (which simply read the serial number from the chip) are the easiest ones to clone, even with the more basic cloning systems available online.
For a new site, we would always recommend either using MIFARE Plus technology (SL1 or SL3) or MIFARE DESFire EV1, where the part of the chip containing the access control number is encrypted. With these in place, criminals have to not only hack the card but also the encrypted sector, to gain access. This offers a welcome dual level of protection.
Attack of the Clones!
The cloning of secure access control cards is something that all security-conscious organisations need to be well aware of.
The security industry always aims to stay one step ahead and the technology has advanced to counter threats. Realistically, this is mainly a threat to older/less up-to-date card technology, but nobody should be complacent.
Naturally anything an organisation can do to make it more difficult for criminals to operate is always a smart move! Just because criminals exist and want to steal data, it doesn’t mean you have to make it easy for them.