16 Nov 2017
Issues and resolutions for access control vulnerability
90% of all access control cards in the industry today are easily copied and cloned. Copied credentials, fake credentials and card cloners can easily be ordered on the internet. This has created the growing realization that most access control ID systems are therefore totally open to being compromised and seriously vulnerable to attack.
An employer using older techniques can no longer rely on the transactions on an audit report being accepted as proof of where someone went as people can simply claim it was not them, and their card must have been copied.
Even when you used biometric devices there are hacking tools out there that make these systems equally at risk of attack unless proper actions are taken.
Many corporate compliance rules can easily be broken by employees modifying their passes to a different number to perform an illegal event. For example: the banking rules on compulsory holidays, secure document printing, computer login, ensuring people do not discuss financial deals during transactions, ensuring people can only use equipment if they are authorized etc.
Whether you are using prox cards, older or new smart cards, biometrics or a mobile form of credential, we recommend that you quickly perform a penetration review of your system. This will identify if your credentials can be cloned or copied and that your whether you readers/communications can be tampered with allowing them to be bypassed by a sniffing attack.
Sniffing devices are now available on eBay which attaches to the cable between the reader and the controller. These devices store the valid card transactions and can be transmitted to by a phone app to replay the number sent to be checked by the controller. No card or biometric is then needed to access the door.
Many readers are not fitted with tamper devices and even those which are tamper protected may not be removed and checked after a tamper to see if a sniffer has been fitted.
Our solution to these latest hacking vulnerabilities also offers a true high-security option that not only secures the cards and readers but also uses the latest Open Supervised Device Protocol (OSDP) to ensure that sniffing devices cannot be installed behind the reader or along the communications path.
You may only need to change certain parts of your security solution that are open to compromises such as the ID cards and card readers. We have solutions to allow your organization to become secure again while minimizing the cost, and operational disturbance. We can also come up with a solution where you can upgrade as many or as few of your old readers as you wish depending on your risk evaluation. Those readers that are upgraded will securely read the new secure card. Those you leave as less important readers will simply read the old part of the card, you can upgrade these readers when budget permits.
Vanderbilt, keeping ahead to keep you secure.