Many users of proximity card readers and cards do not realize that most access control systems can be totally compromised by a perpetrator clandestinely copying cards electronically (card cloning). Ninety-five percent of all access cards and smartcards today are easily cloned without the customer even realizing it is happening. Black-Market technology exists to clone most proximity cards in just a few seconds using a device that can be purchased on the Internet for under $30. Employers, facility managers and security directors can no long rely on the transactions their audit report as proof of who or where someone accessed the facility or entered an interior zone.
Small sniffing devices are available on the Internet for under $15 that sniff card reader data-lines, capture card and biometric numbers and send that information to a perpetrator’s telephone via Bluetooth. This information can be transmitted to the access control system, allowing a violator to gain access without the need of a card. This pirating technology works on biometric devices as well as access control cards.
Using cloning technology, a dishonest employee can modify their access card to show a different number. This could allow them to perform an illegal activity and then re-program their card to the original number. There would be no record of them ever leaving their desk!
Recently, an international provider of proximity cards had their encryption keys exposed on the Internet, leaving their customers are totally vulnerable to card number and facility code duplication.
The only way a company can ‘future-proof’ their access control system is to create and secure their own encryption keys.