Security Dealer & Integrator

NOV 2018

Find news and information for the executive corporate security director, CSO, facility manager and assets protection manager on issues of policy, products, incidents, risk management, threat assessments and preparedness.

Issue link: https://sdi.epubxp.com/i/1050197

Contents of this Issue

Navigation

Page 22 of 70

20 Security Dealer & Integrator / www.SecurityInfoWatch.com November 2018 Tech Trends BY RAY COULOMBE Prox Cloning Goes Mass Market The inherent weaknesses of proximity cards have created an opportunity for integrators Prox cards (125 kHz-based proximity cards) have been susceptible to cloning for several years. Instructional videos abound, and equipment can easily be purchased on Amazon, eBay or elsewhere. While this is old news for the hacker population, the word has apparently not reached many in the security community; in fact, getting a prox card or key fob cloned is easier and more convenient than ever. Jim Elder, President of security consulting firm Secured Designs, recently asked me if I was aware of the KeyMe Kiosks (see www.Key.me). “I just used it to duplicate a 35bit Corporate 1000 prox card, and no one seems to be aware of (the kiosks’) existence – integrators included,” Elder told me. “I was visiting one of the best integrators in town a couple of weeks ago, and he is still selling prox.” You do not have to look very hard to find a KeyMe kiosk – they can be found in retail stores such as Safeway, Bed Bath and Beyond, and Kroger, just to name a few. They are convenient machines that enable a user to create a duplicate traditional key in a matter of minutes. Recently, however, the company has expanded its duplication capabilities to RFID cards. Rolled out in April 2018, KeyMe says in a statement that users can visit a kiosk, hold a low-frequency (LF) 125 kHz RFID proximity card or fob to the scanner, and the unit will read the information “so that our technicians can create a spare key” that is mailed to the customer. They add: “Customers often ask if they are allowed to copy RFID keys, fobs and access cards. To be sure, check with your home or office building’s management, or check your lease to see if copying of keys is prohibited. Additionally, some RFID keys have security measures that prevent copying.” So, with little effort or investment, anyone can clone an access card or key fob based on 125 kHz prox technology. Of course, this can turn into a problem for a business if the card or fob itself is the only authentication factor it uses. Why Prox is Still Attractive Prox has several attractive features: • Ubiquitous – Millions of readers, cards and fobs have been deployed. • Cost – Reputable readers can be purchased for $100-$200, and the cheap stuff can be as little as $10. • Range – While dependent on the reader/antenna configuration, typical distances are 10 cm, and semi-active and active configurations for longer range systems are offered on the order of 10m. • Concealment – Readers can be mounted behind any non-metallic substrate, including glass and drywall. • Convenience – No need to take a card out of a wallet or purse, as prox is a “non-contact” technology. Prox Alternatives A range of options exist for those who want additional security, but, like anything else, they come with added cost. The first is to add additional authentication factors. Shep Sheppard of Farpointe Data wrote in a recent LinkedIn post: “If you have concerns that your EAC system may be at risk from a cast of bad actors, or you simply want to heighten security without having to issue all new credentials, then consider simply upgrading the readers on the perimeter. A high-quality combination reader and keypad on the perimeter with broad protocol support is critical.” He goes on to suggest a combination of PIN through the keypad in addition to the card. In some instances, a keypad may be deemed insufficient, for example, where the requirement is for a truly contactless solution. This is where biometrics can come into play. One solution I recently found is offered by StoneLock, which is based on highly accurate, proven facial recognition technology. The StoneLock Pro and StoneLock Go products are designed to provide a “frictionless” experience, and they can be obtained in a multi-authentication Chances are you will find a KeyMe kiosk, which can now copy prox cards and fobs, in a retailer near you. Photo: KeyMe

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Dealer & Integrator - NOV 2018