Hack Your Access Control with a Card Copier – updated July 23

Insight was able to purchase one of these card copiers online in New Zealand.

We wanted to check what access control system cards the card copier could hack, see  what the risks were to our clients and come up with ways of mitigating the risks.

A majority of access cards used in New Zealand or the most common type of access card used is the 125kHz HID. This type of card which is shown in above video is very easy to clone. What this means depending on the card copier / cloning device is that 125kHz cards can be copied and used for access. As shown in the video, by presenting the card to the card copier you are able to copy the access rights of the card. Even more disturbingly cards can be copied metres away from the original card i.e walking down the street with a card copier in bag.

 

The card copier scans the information from a card, records the information and then allows a probable thief to copy the access information onto a blank card. They now have all your access rights.

 

Original Card Copier Blog

What can you do to ensure your access control system cannot be hacked and to mitigate your exposure to unlawful access.

 

The MIFARE and DESFIRE encrypted cards cannot be cloned easily.

These cards have to be authenticated through an encrypted path directly between the reader and the card.

 

All readers that Insight EDS have recently installed or replaced have both MIFARE and 125kHz technology built in. This gives the readers the ability to read both card formats.

 

If you are still using an access control system that accepts the 125kHz cards you may be able to upgrade your readers to read MIFARE cards.

Once you have migrated all your readers across to the MIFARE / 125kHz readers you can then start issuing only MIFARE encrypted cards. Once everyone has a new card Insight can switch your readers to only read MIFARE formatted cards. This reduces your risks of your access control system being hacked and someone gaining unlawful access.