The Prox Card Vulnerability
125kHz readers and credentials are still used by many organizations. But this outdated and unsecure technology can be cloned, granting hackers access to EVERYTHING.
HID is the world’s largest provider of access control readers and credentials, so it wasn’t surprising to hear that they’d been targeted by a hacker of sorts several years ago. 125kHz readers and credentials can be cloned, thus granting hackers access to EVERYTHING that card holder has. How? A simple $20 online purchase of a device that can copy cards (see how easy it is by watching this video). While organizations have been advised to migrate away from 125kHz, many are still using this outdated and unsecure technology. In this post, we’ll cover the vulnerability presented by 125kHz, common red flags, and options for transitioning to more secure technology.
What’s happening
When a cloned card is presented to card readers on an access control system using 125kHz, the system attributes a valid card read to the authorized card holder. Now there are two identical cards in circulation and the system doesn’t know the difference, making it harder for the legitimate card holder to prove they didn’t access the space.
What’s next
If your organization is on 125kHz technology, how do you quantify the vulnerability? How likely is it that someone would want access to your facility? Or that an employee or vendor might want access to an area that is off limits? And how would you even know if it’s ever happened?
Most companies rarely look at their system’s “access granted” activity, but these activity reports can shed light on potential security breaches. Instead of assuming that only people who CAN get in, WILL get in; review the activity with a critical eye. When an access granted event occurs, is it out of character for this person to enter at that time of day? Is it unusual for the card holder to enter a certain area? Is the card holder on vacation or did they leave early that day? How could their card be used when you know they weren’t around?
HID has several higher security options that offer flexibility for all situations, budgets, and timelines. What to learn more? Get in touch.
Secure Migration Paths
Here is an overview of the migration options that can ease the transition away from 125kHz access control technology.
Upgrade Everything Immediately eliminate the vulnerability by replacing ALL access cards and card readers now. Great option if:
You can’t risk any amount of vulnerability
You have the budget for the full upgrade
Hit Critical Areas First Eliminate some vulnerability by replacing ALL access cards and ONLY the most critical card readers. Great option if:
You have areas that are more secure than others
You don’t have the budget for the full upgrade
Start with Access Cards Set yourself up for the future by replacing ALL access cards that will work on the current card readers now and the new card readers later. Great option if:
You have minimal card holders
You are planning to update your badge design
You have too many sites and/or card readers to replace right now
Replace Card Readers Get closer to the end goal by installing ALL new card readers that work with the current access cards now, new access cards later, and offer remote capabilities with various mobile devices. Great option if:
You have minimal card readers
You have too many card holders to replace right now
You use your access cards for other systems
You want an easier way to gain and mange access
We don’t want to leave you vulnerable to malicious intent - our experts can help you pave the path to a safer environment. If you would like to assess your current level of risk, discuss budgeting recommendations, or choose a migration strategy that fits your current and future security needs, let’s talk.