Cybersecurity for access control

July 2017 Editor's Choice, Access Control & Identity Management, Information Security, Asset Management

Farpointe Data has posted the first radio frequency identification (RFID) cybersecurity vulnerability checklist for access control

manufacturers, distributors, integrators and end users to use to protect their access control systems from becoming hacker gateways to their facilities and IT systems.

"Seemingly daily, end users are being reminded of how their access control systems are no longer secure," emphasises Farpointe Data president, Scott Lindley. "They learn how a hotel had to pay a ransom to release guests that got locked into their rooms via a hack of the electronic key system or how easy it is to spoof popular access cards."

Since the start of 2017, end users have been informed of a series of hacks on various credentials states Lindley.

• The Chaos Computer Club stated that they "hacked a padlock product and its accompanying mobile app which communicates via Bluetooth Low Energy (BLE) to the padlock. This could potentially also affect hotels with mobile room keys as their door locks also communicate with smartphones via BLE technology and exchange confidential information." (www.hsyndicate.org/news/4082594.html.)

• IPVM reported how a $30 copier easily spoofed a popular proximity card. The column stated that the copier "used to copy the cards works much the same way as normal card readers, with transceiver coil, power supply, IC chip, buzzer and even LED components shared by both. Given the principal operation of contactless card readers, the copier excites the coil and delivers power wirelessly to the card, which then momentarily stores energy and then uses it to broadcast card details back to the copier." (https://ipvm.com/reports/card-copier-test.)

• In an on-site demonstration at the ShmooCon hacker conference, an ESPKey, a small device that costs about $100 to make and has half a dozen wire clamps, a Wi-Fi transmitter and 4 MB of memory, showed that it takes two or three minutes to break into an RFID card reader wall plate, attach the ESPKey and reinstall the wall plate to capture the ID codes of everyone in the workplace. (www.tomsguide.com/us/break-into-office-shmoocon,news-24285.html.)

To help prevent such attacks, the new Farpointe Cybersecurity Vulnerability Checklist covers a range of topics that can lead to hacks of contactless cards and readers. Sections include default codes, Wiegand issues, reader implementation tips, card protection solutions, leveraging long range readers, assuring anti-hacking compatibility throughout the system and leveraging additional security components.

"We are encouraging every access control manufacturer, dealer, distributor, integrator or end user to go to our website to either download or print out this cybersecurity vulnerability checklist and use it," adds Lindsey.

For a downloadable copy of the Farpointe Vulnerability Checklist, go to http://farpointedata.com/downloads/pr/VulnerabilityChecklist.pdf





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Local manufacturing is still on the rise
Hissco Editor's Choice News & Events Security Services & Risk Management
HISSCO International, Africa's largest manufacturer of security X-ray products, has recently secured a multi-continental contract to supply over 55 baggage X-ray screening systems in 10 countries.

Read more...
NEC XON shares lessons learned from ransomware attacks
NEC XON Editor's Choice Information Security
NEC XON has handled many ransomware attacks. We've distilled key insights and listed them in this article to better equip companies and individuals for scenarios like this, which many will say are an inevitable reality in today’s environment.

Read more...
Gallagher Security launches Augmented Reality Training in Australia
Gallagher Training & Education Access Control & Identity Management
Gallagher Security has announced the latest addition to its innovative suite of training solutions, Augmented Reality Training, demonstrating its continued commitment to innovation and improving access to security training opportunities.

Read more...
Fluss launches the next wave of IoT solutions
IoT & Automation Access Control & Identity Management News & Events
Fluss has announced its newest IoT product; Fluss+ continues to allow users to manage access from anywhere globally and brings with it all the advantages of Wi-Fi connectivity.

Read more...
The future of digital identity in South Africa
Editor's Choice Access Control & Identity Management
When it comes to accessing essential services, such as national medical care, grants and the ability to vote in elections to shape national policy, a valid identity document is critical.

Read more...
Do you need a virtual CIO?
Editor's Choice News & Events Infrastructure
If you have a CIO, rest assured that your competitors have noticed and will come knocking on their door sooner or later. A Virtual CIO service is a compelling solution for businesses navigating tough economic conditions.

Read more...
AI-enabled tools reducing time to value and enhancing application security
Editor's Choice
Next-generation AI tools are adding new layers of intelligent testing, audit, security, and assurance to the application development lifecycle, reducing risk, and improving time to value while augmenting the overall security posture.

Read more...
Perspectives on personal care monitoring and smart surveillance
Leaderware Editor's Choice Surveillance Smart Home Automation IoT & Automation
Dr Craig Donald believes smart surveillance offers a range of options for monitoring loved ones, but making the right choice is not always as simple as selecting the latest technology.

Read more...
AI enables security solutions to define business strategies
Regal Distributors SA Editor's Choice
While allowing technologies to do exactly what they should do with even more efficiency and precision, AI is also empowering these same technologies to break through their traditional boundaries and create an ecosystem where one interface delivers outcomes across highly segmented verticals.

Read more...
Putting cyber into surveillance
Dallmeier Electronic Southern Africa Cathexis Technologies Technews Publishing Editor's Choice
Cybersecurity has become an essential part of the physical security industry. However, unlike other IoT technologies, of which security products are a part, surveillance technologies have more to protect.

Read more...