You Know Those Badges That Open Doors – They are not Secure and Neither is the Replacement
Most of us have either used or seen others use that badges to unlock doors either at homes or offices. Most of these use a technology called Wiegand Wire. Compared to your average key, it is more secure and it does leave an audit trail, but the badges are easily cloned using devices available on Amazon for a couple hundred bucks.
For these type of badges, the cloning process only requires that the hacker be close to the badge being cloned for less that 30 seconds. The hacker does not need to be able to actually touch the badge.
Knowing that this was not secure, folks created a new standard about 10 years ago called Open Supervised Device Protocol or OSDP. The Wiegand protocol sends credentials unencrypted because, after all, who would want to break in, right?
The Secure Channel feature of OSDP encrypts the data using 128 bit AES, which is pretty strong.
Which, of course, caused researchers and hackers to look for other vulnerabilities. Presenters at Black Hat this year presented a paper describing 5 exploitable vulnerabilities and a host of other weaknesses. While some of these can be mitigated, so far, they have not been.
Like the devices that allow you to clone Wiegand cards, there are tools that leverage weaknesses in OSDP. One weakness is that you can insert a device in line with the real card reader to capture credentials. While this requires physical access and time to install the card (maybe 5 minutes of undetected time), this is really not hard in many situations. Probably no harder than placing a skimmer in an ATM and we see that done all the time.
It does not appear that this is going to get fixed any time soon, unfortunately, so our recommendation here is defense in depth.
Badges and fobs are still better than keys, but depending on your security needs, they may not be secure enough.
If you need help improving your badge security, please contact us. Credit: ARS Technica