Protecting the Wiegand protocol from attack

Access & Identity Management Handbook 2015 Access Control & Identity Management, Cyber Security

As Tony Diodato, founder and CTO of Cypress Computer Systems so succinctly states, “Gone are the days when Wiegand was considered inherently secure due to its obscure and non-standard nature. No one would accept usernames and passwords being sent in the clear, nor should they accept vulnerable credential data. ID harvesting has become one of the most lucrative hacking activities.”

Scott Lindley, president, Farpointe Data.
Scott Lindley, president, Farpointe Data.

Wiegand is the industry standard protocol commonly used to communicate credential data from a card reader to an electronic access controller. In these attacks, a credential’s identifier is cloned, or captured, and is then retransmitted via a small electronic device to grant unauthorised access to an office or other facility. For those that consider this a problem – and many should – the good news is that there are a series of remedies.

First of all, when considering any security application, it is critical that the end user realistically assess the threat of a hack to their facilities. For example, if access control is being used merely as a convenience to the alternative of using physical keys, chances are the end user has a reduced risk of being hacked. However, if the end user is using their access system as an element to their overall security system because of a perceived or imminent threat due to the nature of what they do, produce or house at their facility, they may indeed be at higher risk and they should consider methods to mitigate the risk of a hack. Here are a few steps that may be considered in reducing that danger.

How end users can help reduce hacking

Just as we’ve become aware of criminal skimmers causing mischief with the ATM infrastructure, card holders should avoid presenting access control credentials to any access readers that appear to have been tampered with. Secondly, these same card holders should be encouraged to quickly report to the facility’s security and management teams any suspicions or access control system tampering, including instances involving either the access control readers or access credentials.

How integrators can reduce hacking

The integrator is the frontline defence for protecting a security system. Integrators need to understand what the customer’s needs are, what the customer can do, what the customer has to work with, what hackers can do, where the hacker is most likely attack and what can be done to thwart the hacker. In other words, the integrator needs to figure out how to apply the cliché: ‘a good offence is the best defence’. There are many things that can be done to reduce hacking of a Wiegand system.

• Install only readers that are fully potted and that do not allow access to the reader’s internal electronics from the unsecured side of the building. An immediate upgrading is recommended for readers that fail to meet this standard.

• Make certain the reader’s mounting screws are always hidden from normal view and make use of security screws whenever possible.

• Embed contactless readers inside the wall, not simply on the outside, effectively hiding them from view. Or, if that is not possible and physical tampering remains an issue, consider upgrading the site to readers that provide both ballistic and vandal resistance.

• Make use of reader cable with a continuous overall foil shield tied to a solid earth ground in a single location. This helps block signals from being induced onto the individual conductors making up the cable as well as those signals that may be gained from the reader cable.

• Deploy readers with a pig tail, not a connector. Use extended length pig tails to assure that connections are not made immediately behind the reader.

• Run reader cabling through a conduit, securing it from the outside world.

• Add a tamper feature, commonly available on many of today’s access control readers.

• Use the ‘card present’ line commonly available on many of today’s access control readers. This signal line lets the access control panel know when the reader is transmitting data.

• Use access control readers with an output alternative to the industry-standard Wiegand output, provided they are supported by the electronic access control system. Alternatives can include ABA Track II, OSDP, RS-485 and TCP/IP.

• Offer the customer cards that can be printed and used as photo badges, which are much less likely to be shared.

How electronic access control system manufacturers can reduce hacking

Here are some items that manufacturers could offer their integrators and ultimately end-users.

• Provide credentials other than those formatted in the open, industry standard 26-bit Wiegand. Not only is the 26-bit Wiegand format available for open use, but many of the codes have been duplicated multiple times.

• Offer a custom format with controls in-place to govern duplication.

• Avoid multi-technology readers as credential duplication risks increase.

• Promote a technology to limit the credentials a reader can read to a very specific population. Consider implementing a high-security handshake, or code, between the card or tag and reader to help prevent credential duplication and ensure that the customers’ readers will only collect data from these specially coded credentials.

• Offer a smart card solution that employs sophisticated cryptographic security techniques. An example is MIFARE DESFire EV1 cards making use of AES 128-bit encryption.

• Provide credentials that include anti-tamper technology, such as Valid ID, that indicate to the system when it detects tampering.

• Make available credentials with an anti-playback routine, such as transmitters instead of cards. Long range transmitters offer the additional benefit of not requiring a reader be installed on the unsecure side of the door. Instead they can be installed in a secure location, such as the security closet, perhaps up to 61 m away.

• Offer a highly proprietary contactless smartcard technology such as Legic.

• Provide 2-factor readers including contactless and PIN technologies. Alternatively, also offer a third factor, normally a biometric technology.

Assure additional security system components are available

Such systems can also play a significant role in reducing the likelihood of an attack as well as mitigating the impact of a hack attack should it occur.

• Intrusion: Should the access control system be hacked and grant entry to a wrong individual, have a burglar alarm system in place to detect and annunciate the intrusion.

• Video: If the access control system is hacked, granting entry to an unauthorised individual, have a video system in place to detect, record and annunciate the intrusion.

• Guards: If the system is hacked and intruders are let in, make sure that guards in the control room as well as those performing a regular tour receive an alert notifying them that someone has physically tampered with the access control system.

We must always stay one step in front of the bad guys. There are several ways to obviate card system security, whether via the card itself or, as we’ve covered here, via the Wiegand communication protocol. With the proper tools, any of these assaults can be defended.

For more information go to

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Turnstar ramps up countermeasures
Turnstar Systems Editor's Choice Access Control & Identity Management News Products
Turnstar has developed and patented an early warning and deterrent system which will alert security, and anyone nearby, of any attempt to place ramps over the raised spikes.

Suprema integrates biometric access control with Genetec
Suprema News CCTV, Surveillance & Remote Monitoring Access Control & Identity Management
Suprema has announced the successful integration of its biometric access control products with Genetec Security Center, a unified security platform that connects security systems, sensors and data in a single intuitive interface.

IDEMIA South Africa achieves level 1 B-BBEE status
IDEMIA News Access Control & Identity Management
As part of the action plan to improve its status to Level 1, IDEMIA now works with over 40 black-owned local suppliers, representing over 30% of IDEMIA’s local suppliers.

Suprema no. 1 in the global biometric market excluding China
Suprema News Access Control & Identity Management
According to the latest report by Omdia, a global market research firm, Suprema ranks first in global market share, excluding China, in the field of biometric readers.

Dahua and Yeastar PBX-intercom integration
Dahua Technology South Africa News Access Control & Identity Management
Dahua Technology and Yeastar announced their new ECO partnership on PBX-intercom integration to provide a comprehensive and unified communication solution for small- and medium-sized enterprises.

Traka launches experience centres
News Access Control & Identity Management
Traka launches inaugural Experience Centres in Australia and South Africa; aims to drive continuous collaboration and innovation.

New platform for keyless access
Access Control & Identity Management
The new ABLOY CUMULUS platform for keyless access combines locking hardware with secure access and management applications in a single ecosystem with a risk-free, integrated cloud service.

Intelligently adapting African cities for a better as well as a safer life
Government and Parastatal (Industry) Cyber Security
Smart buildings and cities therefore require as much a security-centric approach as they do an environmentally sustainable one.

The importance of staying up to date
Access Control & Identity Management Government and Parastatal (Industry)
Africa’s cyber threat landscape is constantly evolving, with government’s facing a range of digital threats from espionage, critical infrastructure sabotage, organised crime and combat innovation.

Dynamic Drop Arm Barrier
Turnstar Systems Access Control & Identity Management
Suited to medium-volume access and medium-level security applications such as office reception areas, health clubs, universities and libraries, the Dynamic Drop Arm Barrier also allows special needs access.