Keycard and Keyfob Cloning put your premises at risk.
Keycard cloning is a serious security concern that has plagued residential and commercial buildings for years. Cloning allows unauthorized individuals to access secure areas, potentially putting the entire building and its occupants at risk. One type of keycard that has been particularly vulnerable to cloning is the HID iClass card. In this blog post, we will explore the issue of keycard cloning, with a focus on HID iClass cards, and the risks associated with this security vulnerability.
First, it’s important to understand what keycard cloning is and how it works. Keycard cloning is the process of creating a copy of an existing keycard. The cloned keycard will have the same data as the original, allowing the person in possession of the cloned keycard to access the same areas as the original keycard owner. Cloning can be done using various methods, such as copying the data onto a blank keycard or by programming a new keycard with the same data as the original.
One of the most common types of keycards that are cloned is the HID iClass card. HID Global is a leading provider of access control systems and their iClass card is a popular choice for many businesses. However, the iClass card has been known to have vulnerabilities that make it susceptible to cloning.
The vulnerabilities in HID iClass cards are primarily due to their use of a static key. A static key is a digital code that is used to authenticate the card and allow access to secure areas. In the case of iClass cards, the static key is stored on the card itself and is not encrypted with an open source encryption but instead with a proprietary encryption using a rainbow table, this type of proprietary encryption can be found in many other security systems such as URMET FDI, ICT, Gallagher and much more. Ethical hackers and crackers have warned the public for over a decade that using proprietary encryption ultimately gives ways for crackers to decrypt the keycards, it’s also referred to the security through obscurity. This means that anyone with access to the card can easily copy the static key and use it to create a cloned keycard.
Another vulnerability in iClass cards and their readers is the TTL communication between the reader and the door controller, which doesn’t uses RFID technology. RFID stands for Radio Frequency Identification, and it’s a technology that uses radio waves to communicate between the card and the reader. However, the communication between the reader and door controller (software management) is not secure, and the data transmitted can be intercepted by anyone with the right equipment, exposing the building facility code (site code). This means that an attacker can easily intercept the data from an iClass card and use it to create a cloned keycard.
Again another vulnerability with HID Global BLE for multiple reader lines, including HID iClass SE and HID Signo…
The risks associated with keycard cloning are significant. When an unauthorized individual gains access to a building or secure area, they could steal confidential information, cause damage, or harm occupants. Additionally, people who clone keycards are often keeping copies for potential clients looking to access the building facilities or to use parking illegally. This is a common practice for many unlicensed service providers, who offer keycard cloning as part of their services. These individuals are not vetted and may have ulterior motives, such as theft or vandalism.
People who choose to clone their keycards are also putting themselves and the entire building at risk. By using an unlicensed service provider, they are allowing a stranger access to sensitive information and secure areas. Furthermore, the cloned keycard can be easily shared or sold to other individuals, increasing the likelihood of unauthorized access and security breaches.
The solution to the problem of keycard cloning is to transition to more secure access control systems. HID Global has already released a new version of their iClass cards, called iClass SE then SEOS, which uses more advanced encryption and secure communication protocols. This makes it much harder for attackers to intercept data and clone keycards but not impossible thus right now the entire iClass credentials can be cloned…
However, the best solution is to move away from physical keycards altogether and transition to mobile access control systems. Mobile access control systems use virtual keycards that are stored on a user’s smartphone. These virtual keycards cannot be cloned and can be easily revoked if they fall into the wrong hands. Additionally, mobile access control systems offer a host of other benefits, such as the ability to remotely manage access and track usage.
In conclusion, keycard cloning is a serious security concern that can have significant consequences so we recommend to look at new solutions and security integrators if your current security integrator failed repetitively to secure your premises or is still using HID global.
Keycard & Keyfob cloning is the process of creating a copy of an electronic access card or fob, which can be used to gain access to secure areas or buildings. In Australia, keycard and keyfob cloning is legal provided it is done for legitimate purposes by authorized persons, such as building managers or security professionals.
When it's done by unknown people in the street or a shop, it's illegal without the correct licencing.
Most keycards and keyfobs use RFID (Radio Frequency Identification) technology to communicate with the access control system. If your keycard or keyfob uses RFID, it is likely that it can be cloned. However, some manufacturers use proprietary technology that cannot be easily copied. If you are unsure, you can contact the manufacturer or a reputable security professional to determine if your keycard or keyfob can be cloned.
It is unlikely that someone can clone your keycard or keyfob without your knowledge, as they would need to physically access the card or fob in order to clone it. In some instance, it's possible to clone a credential just by knowing its printed numbering.
However, if your keycard or keyfob is lost or stolen, it is possible that someone could clone it before you realize it is missing.
To prevent this, you should report any lost or stolen keycards or keyfobs to the appropriate authorities immediately.
To protect your keycard or keyfob from cloning, you should keep it in a secure location when not in use, and avoid leaving it unattended in public places.
You can also purchase protective sleeves or wallets that block the RFID signal, making it harder for someone to scan or clone your card or fob.
Additionally, you can use a password or PIN code in conjunction with your keycard or keyfob to add an extra layer of security.
While it is technically possible to clone your own keycard or keyfob using off-the-shelf equipment, it is not recommended unless you have the necessary technical expertise.
Attempting to clone your own card or fob without the proper knowledge or equipment can result in errors or even damage to the original card or fob.
It is best to hire a professional security company that specializes in keycard and keyfob cloning to ensure a successful and secure cloning process.