Can Access Control Systems Be Hacked?
Jay360 would like to help. We have a highly experienced team of access control specialists who will check your system to expose any vulnerabilities to plug access gaps and recommend upgrades where necessary. Contact us today for more information on how to proceed.
Security technology is advancing at an impressively fast pace. That would be great news if hackers weren’t getting smarter and more sophisticated just as fast.
Unfortunately, physical access control systems, the first line of defence against unauthorized entry into our homes and places of work can be hacked.
What’s more worrying, especially for organizations that rely on outdated security technology, is that it doesn’t take a highly skilled person or expensive equipment to hack an access control system.
The good news is if you put the necessary safeguards in place and take precautions with keycard usage, you can significantly minimize the opportunity for hackers manipulating vulnerabilities in your access control system to gain access to your building.
Ways in which access control systems can be hacked
A successful hack depends on the hacker getting access to passwords and other personal information. In most cases, hackers exploit vulnerabilities within a security system, hardware inadequacies, and complacent behaviour on the part of system users.
Let’s look at these individually:
Access control system vulnerabilities
A favourite target of hackers has been HID proximity cards. With these keycards, a hacker surreptitiously duplicates/clones or makes a copy of the original card. They will then use the clone to gain access to a facility.
Now, manually cloning HID proximity cards should be out of a random criminal’s wheelhouse. And it is. But then some specially-skilled people figured they could make and sell card cloning/reading machines. These simple and cheap devices turned card cloning into a growth business.
With a duplicating machine, cloning a proximity card requires getting the reader close enough to the targeted card. While that should not be easy as you don’t expect people to leave their access cards dangling from their back pockets, all it takes is a determined criminal and a careless keycard holder.
HID proximity cards are so easy to copy because all they contain is a password. They differ from your bank card where PIN codes are stored externally, which adds an extra layer of security.
Hardware inadequacies
Your access control system’s hardware, particularly your contactless card readers, can also provide a backdoor for hackers.
By removing the card reader’s cover, the hacker can access the reader’s internal wiring to which they will connect a chip that exploits vulnerabilities in Wiegand protocol. Wiegand is the industry standard for transmitting data between a card reader and a keycard.
Once a hacker successfully connects their cloning device to the reader’s internal wiring, they can do all sorts of nefarious things. First, the device captures card credentials as an authorized user enters through the controlled door.
The scary part is that the access control system’s logs will not show all this activity. So, if this hijack of the system happened overnight while the office is closed, you would never know there was an access breach, beyond realizing (if you can) that there is important stuff missing.
By using another preprogrammed card, the hacker can also lock out all authorized users of the access control system. When they are done doing whatever they had planned on doing inside the building, they will simply restore the system to work as it does normally.
By using another preprogrammed card, the hacker can also lock out all authorized users of the access control system. When they are done doing whatever they had planned on doing inside the building, they will simply restore the system to work as it does normally.
How to prevent your access control system from being hacked
To prevent access breaches at your facilities through hacking, it helps to accept that almost no security system is foolproof. The majority only provide reasonable security.
What makes any security system fully secure are the extra security measures you institute to protect your assets. Good old vigilance in sniffing out suspicious activity also goes a long way in thwarting hacks.
Here a few ways you can make it difficult for hackers to manipulate vulnerabilities in your access control system and gain unauthorized access to your buildings and facilities:
Secure your system’s default installer code
You can leave your access control system open to attack right at installation by failing to secure the installer default code.
If a hacker gets ahold of the default installer code, which can be found by a simple Google search, they can use it to log into the system’s backend where they can access the master code and all the system users’ access codes. When this happens, you are probably safer with a rudimentary system of manual locks and keys.
Ask the installer for the default installer code or have them find out if they don’t have it. Also, make sure that the code isn’t embedded unencrypted with the software.
HID proximity cards are so easy to copy because all they contain is a password. They differ from your bank card where PIN codes are stored externally, which adds an extra layer of security.
Use a more secure over-the-air communication protocol than Wiegand
A more secure alternative to Wiegand is MaxSecure, whose higher-security handshake ensures readers accept requests from similarly coded access cards.
Deploying the ValidID technology will also help foil card reader tempering. An embedded code checks to see if the access control data on a given keycard isn’t counterfeited.
Contact Our Experts Today
Make hackers’ jobs harder with two or three-factor authentication
Even with a not-so-secure Wiegand based system, adding another authentication level will make the hacker’s task that much harder.
As well as your contactless readers, add PIN codes, and if possible a third biometric authentication factor. Though more secure, on their own, even biometrics aren’t foolproof.
Of course, PIN codes will need to remain secret to the user, otherwise, they too can become a serious access loophole.
Contact Our Experts Today
Tamper-proof your card readers
Make it difficult, impossible even, to remove card reader covers and access internal wiring. Potting, where an epoxy seal is used to make it hard to pry open a card reader’s cover, is recommended.
You can also embed your card readers into the wall to make it impossible to access their internal wiring from the unsecured side of the building.
Your card readers’ screws must not be visible and accessible to outsiders. If they can’t be shielded, make sure to use security screws that are harder to undo.
A useful tip where reader wire tampering is an issue is to encase your reader cables in a metal pipe. This ensures the wiring is protected from outside tampering. Just make sure the metal conduit is earthed.
Contact Our Experts Today
Employ additional security measures to complement your access control system
On its own, your access control system may not be able to fully secure your building. If a hacker successfully tricks your physical access control system to gain entry, you can still be alerted to the access breach if you have an alarm system installed.
Security surveillance cameras also help a great deal, especially when investigating access breaches. You can only prevent future hacks if you know how the previous ones were executed.
Without camera footage of all the people who came through your doors, it can be hard to pinpoint exactly who the hacker was, which card reader they hacked, and what time the hack took place.
Upgrading your card readers so they are able to send alerts to your security personnel when a hacker tampers with your card readers is also helpful. If your security guards are vigilant, you can even catch hackers and vandals in the act.
Not sure how you can proof your access control system against hacking?
Jay360 would like to help. We have a highly experienced team of access control specialists who will check your system to expose any vulnerabilities to plug access gaps and recommend upgrades where necessary. Contact us today for more information on how to proceed.
