Physical access control systems are charged with protecting people and assets. However they are also subject to vulnerabilities if not well protected. This note examine some of the access control vulnerabilities and how to tackle them.
Physical access control systems are charged with protecting people and assets. However
they are also subject to vulnerabilities if not well protected. This note examine some of the access control vulnerabilities and how to tackle them.
Needless to say, the physical access control system is a must-have for any end user organization. An access control system is consisted of various components. Chief among them are the access control card/credential; a reader that reads the card; a controller that communicates with the reader, server and the lock; and a server in which the access control management software is installed.
While the access control system is charged with protecting the building and its occupants, the system itself is subject to vulnerabilities and breaches. Some cards or credentials, for example,
can be easily cloned. Communications between the card and reader can be intercepted and understood, if not encrypted.
“Over 80 percent of proximity card access control systems have easily exploitable vulnerabilities. Today’s hackers are savvy, and it is not difficult for a motivated individual to gain access to the tools and technology needed to breach physical security systems and even copy user credentials. It is a sobering fact that many access control credentials can be copied at low cost on Amazon or even taken to a key copying kiosk. A quick Internet search can yield the necessary documentation and even step-by-step videos showing how to copy even the most modern and advanced credentials,” said Luke Bencie, MD of
Security Management International, and his colleague Charlie Froese. “We’ve performed penetration tests for our clients and have found that cloning facility access cards – in some cases by utilizing RFID readers while the card owner was out in public – is one of the easiest ways to gain entry into offices and other infrastructures.”
Common types of vulnerabilities and solutions
That said, it would be good for end users to be equipped with some basic knowledge about access control vulnerabilities. Below are some of the more common ones and how they can be tackled.
Card cloning: A lot of access control cards can be cloned. The cloning requires specialized hardware which, unfortunately, are easy to obtain and relatively inexpensive.
There are ways to counter this, though. “The easiest way to protect a card from being cloned, or ‘skimmed,’ is to employ shielded badge holders, which protect the card with a thin metal strip that prevents RFID chips from being accessed by the wireless hacking technology employed by attackers. It is also important to ensure that organizations have multiple layers of back-up security. Ideally, an access card should not be the sole means of access. Additionally, simple situational awareness is always helpful, as attackers generally need to be close in proximity to the card in question,” Bencie and Froese said.
Having better encryption also helps. “Other recommendations include beefier encryption to ensure the ID is not sent in clear text (challenge/response authentication) and the use of contactless smart cards which have encryption, mutual authentication and message replay protection incorporated within,” Bencie and Froese added.
Wire-tampering: Exposed wires can be tampered with and can lead to unauthorized access. “Wire-tampering can only occur if lock or control cables are obviously placed, exposed, or readily accessible. Good physical security practices and routine maintenance will lessen the risk of wire-tampering as a means of gaining unauthorized access,” Bencie and Froese said.
Breach against a Wiegand solution: According to Bencie and Froese, the Wiegand protocol is the most widely used for securing keycard readers, but unfortunately it is also older and prone to misuse. “The Wiegand protocol is plain-text, easily intercepted, easily replayed, includes outputs from biometric readers (meaning an attacker can steal whatever data is stored on a card that is using the reader), and includes output even from strong crypto contactless smart readers,” they said. “Unfortunately, it is not a secret that access control manufactures still produce keycard readers that use the Wiegand protocol and are well aware of its vulnerabilities. The only real way to protect against a breach against Wiegand is simply to upgrade. A proper solution is to use proximity cards capable of performing cryptographic handshakes with the reader.”
Communication channel hacking: Similarly, unsecure communication channels between different parts of an access control system, for example between reader and controller or web browser and server, can be breached. “Targeting communications channels is likely the most common avenue of attack, as the means of communication are so widespread and varied,” Bencie and Froese said. “Best practices for protecting an organization from cyberattacks apply here as well. Strong password policies, good computer network management, the use of “white hat” hackers to routinely test vulnerabilities, and system hardening procedures are all effective techniques to lessen the chances of a cyber-attack.”