This weekend we came a cross a video showcasing how hackers can obtain the information from an access control badge and create a cloned card that can give unwanted access to a secured door.
Here are Grid Squared Systems suggestions to help reduce the risk of having cloned cards used against your access control system:
1- RFID Blocking Wallet
The simplest way to protect yourself is to use an RFID blocking wallet or sleeve. This simply works by blocking the signal from the card. If there is no signal interlopers cannot retrieve the unique information on the card and it cannot be cloned. The downside to this is how to apply this to a group of employees that have access cards. It would have to be a requirement that employees utilize RFID blocking wallets or sleeves. Then there would then need to be some way to enforce this policy. The next problem that could be encountered is the issue of convenience. Employees will have to stop, pull out the card from the wallet and present it to a reader. This may result in staff members ignoring this solution. So, although this is the simplest solution it does have some drawbacks.
2-Two Factor or Multi Factor Authentication
The next way to protect against the use of duplicated cards is to require 2 Factor or Multi Factor Authentication. What this means is that not only does a staff member need to present a card to the card reader but another form of identification needs to be entered. Usually this is done with a PIN code that is entered into an adjacent or attached keypad. Most card reader manufacturers have Reader/Keypad combination units for this purpose. Biometric authentication can also be used as a second factor for authentication. A hindrance to the use of Multi Factor Authentication is the increased cost for the additional devices.
3-Biometric Authentication
Biometric authentication is the use of unique biological features of individuals to grant access. The most popular example of this is the use of fingerprints. Each individual has a unique fingerprint that can be scanned and stored into a fingerprint scanner. Only when a matching fingerprint is presented will access be granted. Biometric Authentication eliminates the need for a card and therefore eliminates the threat of a replicated card. Other forms of other biometric authentication are Iris Recognition, Face Recognition, and Hand Recognition. As with Keypad/Reader combination devices there is an increased cost to deploy biometric authentication solutions. Other impediments to its use are the size of the scanners and with some forms accuracy can be an issue.
4-Mobile Pass Solution
Access Control manufacturer Brivo offers a solution called Brivo Mobile Pass. This solution eliminates the need for physical keycards and readers altogether. The Mobile Pass solution uses an application on your smart phone to grant entry to secured doors. Here is short youtube video describing the process.
5-Cameras
Installation of cameras to view and record events occurring at doors can provide valuable information when counterfeit cards are used to gain access. Many access control systems and video management systems provide integration’s between each other to make this task easier. This solution would afford valuable video information after a breach has been identified. As an example here is a link to the Access Control Integration page for Exacq.
Here is the video where the hackers showed us how easy it is to secretly clone a security badge.
