Blog: Hardware Hacking
Making sure your door access control system is secure: Top 5 things to check
Your door access control system (aka a physical access control system or PACS), also referred to as RFID cards or ‘swipe’ cards often have a poor reputation for being vulnerable to cloning attacks.
Here’s the thing: it’s generally possible to configure your system to be very resistant to card cloning, but few actually do so.
PACS can be secure, incredibly hard to exploit, with covert card cloning being near impossible.
Below are some tips to make sure hackers can’t clone your employees badges at a nearby supermarket and subsequently waltz into your building through your secure doors:
1. Use custom, unique encryption keys
Many PACS use encryption, but use the same generic key. The installer doesn’t think to change it or realise that they should do. When that key is exposed in the public domain, every office PACS installation using that key is also exposed. This has happened to several PACS vendors, most notably HID iCLASS, often when they dealt poorly with a researcher trying to disclose vulnerabilities to them.
Make sure you are using completely custom encryption keys, unique to your installation and licensed to you alone.
2. Disable all the unused card technologies supported by readers
Why are your readers accepting card technologies you don’t need to use?
Why invest heavily in HID SEOS or Mifare DESFire and still accept older and vulnerable iCLASS and Mifare Classic? This stops attacks called “technology downgrade”, where an attacker takes the authentication data off a secure card, and puts it on an insecure one “downgrading” the technology.
3. Make sure your installation vendors truly understand cloning resistant configuration
Installation engineers are not hackers, and generally don’t understand the various cloning attacks against the systems they install.
iCLASS is technically encrypted, but with a known key. Don’t be sold down the river of insecurity.
Even better, specify in your procurement contract that the PACS you are purchasing must be resistant to cloning attacks. That should help qualify out installers and vendors who don’t understand security and will give you recourse if you are sold a lousy system!
4. Use protected authentication data format types.
Some authentication data format types are closely protected and controlled; HID Corp 1000 for example.
This won’t stop an attacker being able to clone your card alone, but will make it much harder if you are using a card technology without a leaked key.
5. Don’t undermine a good secure PACS with weak front end readers
Backend systems aren’t all the same, some are much better than others. Don’t spend all your money on an expensive back end access control system and then put insecure readers on your doors. We see this time after time!
The only components of a PACSs that really stop an attacker getting into your building are the tokens and the readers. Invest wisely here.
Conclusion
Physical access control systems can be really secure, very resistant to card cloning attacks, but only if you configure them well. These systems protect your building and control access to your most sensitive systems. Give them some love; ask us for some guidance and advice if you aren’t sure about the security of yours.