Cybersecurity for access control

July 2017 Editor's Choice, Access Control & Identity Management, Information Security, Asset Management

Farpointe Data has posted the first radio frequency identification (RFID) cybersecurity vulnerability checklist for access control

manufacturers, distributors, integrators and end users to use to protect their access control systems from becoming hacker gateways to their facilities and IT systems.

"Seemingly daily, end users are being reminded of how their access control systems are no longer secure," emphasises Farpointe Data president, Scott Lindley. "They learn how a hotel had to pay a ransom to release guests that got locked into their rooms via a hack of the electronic key system or how easy it is to spoof popular access cards."

Since the start of 2017, end users have been informed of a series of hacks on various credentials states Lindley.

• The Chaos Computer Club stated that they "hacked a padlock product and its accompanying mobile app which communicates via Bluetooth Low Energy (BLE) to the padlock. This could potentially also affect hotels with mobile room keys as their door locks also communicate with smartphones via BLE technology and exchange confidential information." (www.hsyndicate.org/news/4082594.html.)

• IPVM reported how a $30 copier easily spoofed a popular proximity card. The column stated that the copier "used to copy the cards works much the same way as normal card readers, with transceiver coil, power supply, IC chip, buzzer and even LED components shared by both. Given the principal operation of contactless card readers, the copier excites the coil and delivers power wirelessly to the card, which then momentarily stores energy and then uses it to broadcast card details back to the copier." (https://ipvm.com/reports/card-copier-test.)

• In an on-site demonstration at the ShmooCon hacker conference, an ESPKey, a small device that costs about $100 to make and has half a dozen wire clamps, a Wi-Fi transmitter and 4 MB of memory, showed that it takes two or three minutes to break into an RFID card reader wall plate, attach the ESPKey and reinstall the wall plate to capture the ID codes of everyone in the workplace. (www.tomsguide.com/us/break-into-office-shmoocon,news-24285.html.)

To help prevent such attacks, the new Farpointe Cybersecurity Vulnerability Checklist covers a range of topics that can lead to hacks of contactless cards and readers. Sections include default codes, Wiegand issues, reader implementation tips, card protection solutions, leveraging long range readers, assuring anti-hacking compatibility throughout the system and leveraging additional security components.

"We are encouraging every access control manufacturer, dealer, distributor, integrator or end user to go to our website to either download or print out this cybersecurity vulnerability checklist and use it," adds Lindsey.

For a downloadable copy of the Farpointe Vulnerability Checklist, go to http://farpointedata.com/downloads/pr/VulnerabilityChecklist.pdf





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Access & identity expectations for 2024
Technews Publishing IDEMIA ZKTeco Gallagher Salto Systems Africa Regal Distributors SA Reditron Editor's Choice Access Control & Identity Management Information Security AI & Data Analytics
What does 2024 have in store for the access and identity industry? SMART Security Solutions asked several industry players for their brief thoughts on what they expect this year.

Read more...
AI-driven identity verification for access control
C3 Shared Services Editor's Choice
Facial authentication solutions combine advanced AI and 3D sensing technologies with ease of use to create a frictionless, touchless experience. The deployment of this technology in an access control system keeps users and administration moving.

Read more...
Access and identity in 2024
Technews Publishing Gallagher HID Global IDEMIA Ideco Biometrics Enkulu Technologies neaMetrics Editor's Choice Access Control & Identity Management Integrated Solutions
SMART Security Solutions hosted a round table discussion with various players in the access and identity market, to find out what they experienced in the last year, as well as their expectations for 2024.

Read more...
The promise of mobile credentials
Technews Publishing Suprema neaMetrics HID Global Editor's Choice Access Control & Identity Management IoT & Automation
SMART Security Solutions examines the advantages and disadvantages of mobile credentials in a market dominated by cards and fobs, in which biometrics is viewed as a secure alternative.

Read more...
Prepare for cyber-physical attacks
Gallagher Information Security Access Control & Identity Management
As the security landscape continues to evolve, organisations must fortify their security solutions to embrace the changing needs of the security and technology industries. Nowhere is this more present than with regard to cybersecurity.

Read more...
Zero Trust and user fatigue
Access Control & Identity Management Information Security
Paul Meyer, Security Solutions Executive, iOCO OpenText, says implementing Zero Trust and enforcing it can create user fatigue, which only leads to carelessness and a couldn’t care attitude.

Read more...
Passwordless, unphishable web browsers
Access Control & Identity Management Information Security
Passkey technology is proving to be an easily deployed way to bring unphishable, biometric-based security to browsers; making identification and authentication much more secure and reliable for all parties.

Read more...
Unleash the full potential of AI at the edge
Suprema AI & Data Analytics Access Control & Identity Management
Efficient AI algorithms, when embedded in edge access control devices, enable companies to optimise their use of AI and edge processing to deliver reliable and fast authentication.

Read more...
PQC, AI & sustainability: five cybersecurity trends for 2024
Editor's Choice
In this article, Nils Gerhardt looks at some of the most important developments that Utimaco experts see coming in 2024, both in technology and the wider world it intersects with.

Read more...
Protecting your business in the digital economy
Editor's Choice
Conducting business in the digital age has never been more challenging. In the Zero Trust cyber security model, nothing is more important than proactively safeguarding enterprise data.

Read more...