Your access control system might not be as secure as you think it is.
It was once complicated and expensive for people to make copies of access control cards. But, people can now defeat access control systems with tools they find online. Even with a widely available product that costs only $20. Now, only access control systems making use of edge-to-edge encryption are truly secure.
Despite the awareness of these risks in the industry, it’s becoming easier and cheaper to defeat access control systems.
Most access control systems make use of contactless RFID proximity cards, which have historically used 125 kHz unencrypted communication. Unfortunately, these unencrypted cards are easy to duplicate. Most home improvement stores now have key duplication kiosks with RFID proximity card cloning capabilities. Just tap an encrypted card and the machine spits out a duplicate.
This means that it is relatively simple to access facilities and assets that are ‘protected’ by a physical security system.
Older access control readers that make use of the Wiegand communication protocol can be easily compromised. This is done through the same processes used by criminals to skim bank cards at ATMs.
“Over the past couple of years, the issues around access control and card readers have come to light. With advancements in modern technology, now anyone can buy a card duplicator online and clone unencrypted RFID cards to access a building. To keep operations safe, businesses will bolster encryption measures within access control systems to prevent these threats in 2020.” – Brad Konkle, Director of Integrated Solutions at STANLEY Security
Excerpt from STANLEY Security’s 2020 Industry Trends Report
Which Industries Use Access Control Systems?
Some industries have taken a closer look at the security of these devices. The banking and finance sectors use encryptions for access cards, as well as the control readers, panels, servers, and databases. Unfortunately, many campuses either don’t know or don’t care about the risks. This applies to both SMBs and larger enterprises.
This is where security integrators come in. It falls to integrators and other security providers to educate consumers on the risks. They help them to take the necessary steps to protect themselves against potential threats.
Nobody really took cybersecurity seriously until multiple high-profile data breaches had taken place. We would rather not see the same kind of indifference towards the potential weaknesses in physical access control.
What Does This Mean for Campuses?
While it’s good that there is a focus on cybersecurity, campuses should be just as vigilant about their physical security. After all, an access control breach can be just as damaging as a cybersecurity breach. Especially given that access control systems secure sensitive assets. These include data centers, servers and infrastructure critical to maintaining data and finances.
It is for this reason that campuses should upgrade their access control technology. They must use encrypted credentials that aren’t copiable. Most access control systems already support edge-to-edge encryption. Even when specified on a new installation, it doesn’t cost significantly more.
Ideally, campuses should have an integrator who can educate them on the need for this newer technology.
While it’s now easier and cheaper to defeat access control systems, protecting against these threats is just as simple. Talk to us today about encrypted access control technology.