Do you know who’s wandering around your company offices tonight?
Want to bet?

  • The barrier to perform RFID attacks has been lowered significantly.
  • Getting reliable RFID card cloning equipment, especially long-range equipment used to be expensive and hard. Now it is cheap and easy. so much so that vendors like Door King are advertising ways to protect it on their website.
  • Places like Home Depot, Ace Hardware, and Lowes have Key copying kiosks which include copying RFID cards. If your card goes missing for even an hour, it could have been copied.
  • KeyMe or Minute Key Kiosks are an easy way to copy RFID cards without needing to buy your own equipment (https://key.me/kiosks/) (https://www.minutekey.com/products/key-copy-kiosk/)
  • Watch out for interception tools. An attacker can easily remove the RFID reader from the wall and implant a reader directly onto the wire connecting it to the door access control system.
  • This allows an attacker to replay RFID cards and PIN codes that it has seen,
  • Bypasses the need to clone cards.
  • cheap and affordable $30.00

Ideas for protection:

  • Integrate RFID door access into your SIEM, if Sally accesses the main office and then two minutes later accesses the satellite office that is 3 hours away, then something may be wrong, collecting these logs and correlating them in your SIEM can help detect some of these issues.
  • Install security bits in the RFID readers and arm and detect the tamper switches inside the RFID readers. If someone messes with the device, you should know.
  • Defense in depth needs to be applied to physical security too.

Learn more about RFID card cloning and different ways you can improve the physical security aspect of your organization at Physical Security Village (https://physsec.org/) at DEFCON. We’ve got our Door-in-the-Box systems set up for you to play with! Read more here: https://www.inguardians.com/door-in-the-box/

Brian Halbach
Senior Security Consultant
InGuardians, Inc.