Everyone working in an office or commercial facility is used to scanning their card (or key fob) before entering the building. For years, contactless proximity cards (prox cards) have been the norm to control facility access. However, recently one of the most commonly used prox card types, 125 kHz, has proven to be easily copied, or ‘cloned,’ using equipment which is commonly available online. This development puts security systems employing the 125 kHz prox card at significant risk.
A 125 kHz prox card is easily cloned using inexpensive and easily assessable equipment, making cloning even simpler than duplicating a household key at the local hardware store. The simplest model of duplicator requires that the prox card be in close contact with the duplicator to operate, but more portable, inconspicuous, and longer-range models can be constructed, which allow card cloning from a distance. That guy with the satchel standing next to you on the subway could clone your prox card!
How it Works
The 125 kHz prox card vulnerability issue is widely understood by security professionals, and despite the inherent cloning risk, 125 kHz prox cards are still in common use. Surprisingly, up to 30 percent of new security systems still use the 125 kHz prox card. Given the proliferation of prox cards, and their ease of cloning, the risk of a security breach is a very real concern. Additionally, because the clone is identical to the original, the security breach could be undetectable and repeatable.
Replace vulnerable 125 kHz prox card system components with 13.56 MHz (smartcard) components. The 13.56 MHz radio frequency is much higher, and can carry encrypted data which inhibits cloning. Migration from 125 kHz prox cards to 13.56 MHz smartcards is not as simple as a one-for-one replacement. Possible approaches have varying cost implications. 125kHz prox card system owners should develop a migration strategy which considers relevant existing system factors such as the following.
Card Administration Capability
- How many cards are issued in the existing system?
- How easily/quickly can existing cards be replaced?
- Is it possible for users to hold two card types during the upgrade?
Quantity of Existing Card Readers
- How many card readers are in the existing system?
- What type of card readers are in the existing system?
- Is it possible to place two card reader types at each location during the upgrade?
- Is it possible to do the upgrade in one phase?
- If the system upgrade must be multi-phased, over how much time?
- Multi-frequency readers can make the upgrade easier, but are more expensive.
Level of Urgency
- Is the 125kHz prox card cloning risk perceived as urgent?
- Is the cloning risk perceived as tolerable?
- Is cloning risk mitigation a short or long-term goal?
As with any critical system modification, it would be wise to engage a qualified and trusted security consultant to help assess existing conditions, and develop the appropriate mitigation strategy. An independent consultant-led solution can yield the most effective result, provide the highest return on investment, and minimize service disruption. A well-implemented mitigation strategy will enhance the security and safety of a facility, while eliminating the 125kHz prox card cloning risk.