You are probably not aware that the common “prox” or key cards used to open 100’s of thousands of doors across America can be copied by anyone in a matter of minutes. Even though these passive prox cards are used by some of America’s largest and most tech-savvy companies, most people will be shocked to learn that these key cards can be easily copied by nearly anyone, in just a few seconds. Should you be concerned? If you have responsibility for physical security in a corporate environment, the answer is a resounding “yes”.
When the low-frequency (125 kHz) prox technology was introduced in the 1990’s it was considered quite secure at the time. A combination of many site codes and a large number of unique serial numbers meant that it was highly unlikely that one key card was able to open the doors in an unauthorized building. But as the number of cards in use proliferated, previously low probability became increasingly higher because there were only 255 unique site codes built into the original card’s technical design. And to make matters worse, over time more and more people backward-engineered the cards in an effort to compromise their security.
Today, this Prox technology represents the largest percentage of technology cards in use for access control in America. Across the country, photo ID cards printed on low-frequency RFID card stock are the most common form of business credentials. Perhaps because of the ubiquity of these cards, users have been lulled into a false sense of security based on “if everyone else is using this, it must be fine”.
A number of years ago, small handheld readers became available on the internet which could copy and reproduce an exact replica of these low frequency ID cards. While there was no restriction on the use of these readers, they remained a relatively obscure product and did not have a wide impact on the market. Security professionals did not consider them a major threat. The ubiquitous 26-bit prox card continued to proliferate and most employees continued to be oblivious of the ease with which their corporate badges could be copied.
But recently a much greater concern has arisen. A new service has been developed and rolled out which allows quick and easy copying of key cards and keyfobs. A company called KeyMe has developed a unique yellow kiosk which can be found in major chain stores around the country: Rite Aid, Safeway, Dollar General, 7 Eleven, etc. At these kiosks, anyone can tap their prox card and order a cloned RFID tag or card, for delivery to their home in 3 to 5 days. It is inexpensive and easy, and the company even offers a 100% satisfaction guarantee.
The ability to copy a key has always been important, as any homeowner knows when their kids grow to an age when they can be entrusted with their own house key. However, security professionals protecting the offices and warehouses of corporate America don’t look so kindly on the ability to easily copy key cards that they have issued, and that are meant to keep businesses secure against unwanted intruders.
As a result of these new developments, today it is much too easy for just about any employee to take a supposedly “secure” prox card, and create one or more copies for distribution to friends or other unauthorized people. This is now creating considerate consternation among corporate security officers, because U.S. corporations are the largest users of prox technology, with millions of low-frequency cards issued over the past 25+ years.
Fortunately there are many options available to replace Prox technology for access control. Swapping low-security prox technology for high-security alternatives can be as simple as changing the cards, if the company has multi-technology door readers. And even if the readers need to be replaced to support the new technology, this is generally a relatively low cost investment.
If you are concerned about the security of your current access control cards, don’t hesitate to consult InstantCard for advice on how you can upgrade the security of your system to support card technology which can not be cloned without extensive technical skills.
