How Secure is Your Security System?


by: Mark Holm, PSP, CTS-D

Everyone working in an office or commercial facility is used to scanning their card (or key fob) before entering the building. For years, contactless proximity cards (prox cards) have been the norm to control facility access. However, recently one of the most commonly used prox card types, 125 kHz, has proven to be easily copied, or ‘cloned,’ using equipment which is commonly available online. This development puts security systems employing the 125 kHz prox card at significant risk.

The Problem

A 125 kHz prox card is easily cloned using inexpensive and easily assessable equipment, making cloning even simpler than duplicating a household key at the local hardware store. The simplest model of duplicator requires that the prox card be in close contact with the duplicator to operate, but more portable, inconspicuous, and longer-range models can be constructed, which allow card cloning from a distance. That guy with the satchel standing next to you on the subway could clone your prox card!

How it Works

A contactless prox card communicates with the card reader by radio frequency. The 125 kHz radio frequency is comparatively low, and does not have the capacity to encrypt its data transmission. The duplicator emulates the signal of a card reader so the prox card transmits its identification data. The duplicator records the data so that it can be copied to a writable card. This process produces a perfect clone, which is indistinguishable from the original card. Someone using the clone can now open any door the original card could open.

The Risk

The 125 kHz prox card vulnerability issue is widely understood by security professionals, and despite the inherent cloning risk, 125 kHz prox cards are still in common use. Surprisingly, up to 30 percent of new security systems still use the 125 kHz prox card. Given the proliferation of prox cards, and their ease of cloning, the risk of a security breach is a very real concern. Additionally, because the clone is identical to the original, the security breach could be undetectable and repeatable.

The Solution

Replace vulnerable 125 kHz prox card system components with 13.56 MHz (smartcard) components. The 13.56 MHz radio frequency is much higher, and can carry encrypted data which inhibits cloning. Migration from 125 kHz prox cards to 13.56 MHz smartcards is not as simple as a one-for-one replacement. Possible approaches have varying cost implications. 125kHz prox card system owners should develop a migration strategy which considers relevant existing system factors such as the following.

Card Administration Capability

  • How many cards are issued in the existing system?
  • How easily/quickly can existing cards be replaced?
  • Is it possible for users to hold two card types during the upgrade?

Quantity of Existing Card Readers

  • How many card readers are in the existing system?
  • What type of card readers are in the existing system?
  • Is it possible to place two card reader types at each location during the upgrade?

Available Budget

  • Is it possible to do the upgrade in one phase?
  • If the system upgrade must be multi-phased, over how much time?
  • Multi-frequency readers can make the upgrade easier, but are more expensive.

Level of Urgency

  • Is the 125kHz prox card cloning risk perceived as urgent?
  • Is the cloning risk perceived as tolerable?
  • Is cloning risk mitigation a short or long-term goal?

Next Steps

As with any critical system modification, it would be wise to engage a qualified and trusted security consultant to help assess existing conditions, and develop the appropriate mitigation strategy. An independent consultant-led solution can yield the most effective result, provide the highest return on investment, and minimize service disruption. A well-implemented mitigation strategy will enhance the security and safety of a facility, while eliminating the 125kHz prox card cloning risk.

For More Information

Click here to view JENSEN HUGHES security offerings, or email us for more information.