Can Access Control Systems Be Hacked?


Jay360 would like to help. We have a highly experienced team of access control specialists who will check your system to expose any vulnerabilities to plug access gaps and recommend upgrades where necessary. Contact us today for more information on how to proceed.

Security technology is advancing at an impressively fast pace. That would be great news if hackers weren’t getting smarter and more sophisticated just as fast.

Unfortunately, physical access control systems, the first line of defence against unauthorized entry into our homes and places of work can be hacked.

What’s more worrying, especially for organizations that rely on outdated security technology, is that it doesn’t take a highly skilled person or expensive equipment to hack an access control system.

The good news is if you put the necessary safeguards in place and take precautions with keycard usage, you can significantly minimize the opportunity for hackers manipulating vulnerabilities in your access control system to gain access to your building.

Ways in which access control systems can be hacked


A successful hack depends on the hacker getting access to passwords and other personal information. In most cases, hackers exploit vulnerabilities within a security system, hardware inadequacies, and complacent behaviour on the part of system users.

Let’s look at these individually:

Access control system vulnerabilities


A favourite target of hackers has been HID proximity cards. With these keycards, a hacker surreptitiously duplicates/clones or makes a copy of the original card. They will then use the clone to gain access to a facility.

Now, manually cloning HID proximity cards should be out of a random criminal’s wheelhouse. And it is. But then some specially-skilled people figured they could make and sell card cloning/reading machines. These simple and cheap devices turned card cloning into a growth business.

With a duplicating machine, cloning a proximity card requires getting the reader close enough to the targeted card. While that should not be easy as you don’t expect people to leave their access cards dangling from their back pockets, all it takes is a determined criminal and a careless keycard holder.

HID proximity cards are so easy to copy because all they contain is a password. They differ from your bank card where PIN codes are stored externally, which adds an extra layer of security.

Hardware inadequacies


Your access control system’s hardware, particularly your contactless card readers, can also provide a backdoor for hackers.

By removing the card reader’s cover, the hacker can access the reader’s internal wiring to which they will connect a chip that exploits vulnerabilities in Wiegand protocol. Wiegand is the industry standard for transmitting data between a card reader and a keycard.

Once a hacker successfully connects their cloning device to the reader’s internal wiring, they can do all sorts of nefarious things. First, the device captures card credentials as an authorized user enters through the controlled door.

The scary part is that the access control system’s logs will not show all this activity. So, if this hijack of the system happened overnight while the office is closed, you would never know there was an access breach, beyond realizing (if you can) that there is important stuff missing.

By using another preprogrammed card, the hacker can also lock out all authorized users of the access control system. When they are done doing whatever they had planned on doing inside the building, they will simply restore the system to work as it does normally.

By using another preprogrammed card, the hacker can also lock out all authorized users of the access control system. When they are done doing whatever they had planned on doing inside the building, they will simply restore the system to work as it does normally.

How to prevent your access control system from being hacked

To prevent access breaches at your facilities through hacking, it helps to accept that almost no security system is foolproof. The majority only provide reasonable security.

What makes any security system fully secure are the extra security measures you institute to protect your assets. Good old vigilance in sniffing out suspicious activity also goes a long way in thwarting hacks.

Here a few ways you can make it difficult for hackers to manipulate vulnerabilities in your access control system and gain unauthorized access to your buildings and facilities:

Employ additional security measures to complement your access control system


On its own, your access control system may not be able to fully secure your building. If a hacker successfully tricks your physical access control system to gain entry, you can still be alerted to the access breach if you have an alarm system installed.

Security surveillance cameras also help a great deal, especially when investigating access breaches. You can only prevent future hacks if you know how the previous ones were executed.

Without camera footage of all the people who came through your doors, it can be hard to pinpoint exactly who the hacker was, which card reader they hacked, and what time the hack took place.

Upgrading your card readers so they are able to send alerts to your security personnel when a hacker tampers with your card readers is also helpful. If your security guards are vigilant, you can even catch hackers and vandals in the act.

Not sure how you can proof your access control system against hacking?


Jay360 would like to help. We have a highly experienced team of access control specialists who will check your system to expose any vulnerabilities to plug access gaps and recommend upgrades where necessary. Contact us today for more information on how to proceed.
Copy link