RFID Security Bypass: A Threat to Your Business?

30.05.23 12:30 PM Comment(s) By Bradley Geldenhuys

RFID Security Bypass: A Threat to Your Business?

Most companies focus on internet security with firewalls, patching, MFA and a lot more. And while this is very important, there is an area that we sometimes neglect. The office physical security, and this could lead to bypassing the firewalls, and hooking into the local network directly.

Recently GT Protection Team have been performing a number of onsite physical assessments. One of the areas we have been focusing on is RFID tags for physical access. "RFID stands for Radio Frequency Identification. RFID tags are small devices that contain a chip and an antenna. When an RFID tag is brought near an RFID reader, the reader sends out a radio signal that activates the tag's chip. The chip then sends back a unique identification number to the reader. The reader then compares the identification number to a database of authorized users. If the identification number is found in the database, the reader will unlock the door."

If that RFID is cloned then access can be transferred to whomever cloned the device. Check out the video below to see how quickly we where able to clone the tag to gain access.

The RFID tag in question is an EM4100 tag. "EM4100 is a type of RFID tag that uses 125 kHz frequency. It is a read-only tag, which means that the data on the tag cannot be changed. EM4100 tags are commonly used for applications such as access control, time and attendance, and inventory management."

It consists of 3 parts

The MAC address. The MAC address on an EM4100 RFID chip is a unique identifier that is used to identify the tag. The MAC address is assigned to the tag by the manufacturer and cannot be changed. The MAC address is used by RFID readers to identify tags and to associate tags with data in a database.

The FC Number. The FC number is a two-digit number that is assigned by the International Organization for Standardization (ISO). The first digit of the FC number indicates the frequency band, and the second digit indicates the sub-band.

The Card Number. The card number on the RFID tag is the unique identification number of the tag. It is assigned to the tag by the manufacturer and cannot be changed. The card number is used by RFID readers to identify tags and to associate tags with data in a database.

Knowing this information RFID tools can be used to emulate a known RFID tag.

So what do you need to do to secure your physical access systems is prevent cloning of the RFID tag. The following tags are better options.

HID iCLASS SE - This tag uses a high-security encryption algorithm to protect data. It is also resistant to cloning and tampering.
Invensense Monza R6000 - This tag uses a 128-bit encryption algorithm to protect data. It is also resistant to cloning and tampering.
NXP MIFARE® Classic 1K - This tag uses a 64-bit encryption algorithm to protect data. It is also resistant to cloning and tampering.

These tags are all more secure than EM4100 tags because they use stronger encryption algorithms and are more resistant to cloning and tampering. As a result, they are a better choice for applications where security is critical, such as access control and inventory management.

In addition to the tags listed above, there are a number of other RFID tags that offer varying levels of security. It is important to choose a tag that meets the specific security requirements of the application.

Here are some factors to consider when choosing a secure RFID tag:

Encryption algorithm: The encryption algorithm used to protect data is one of the most important factors in security. A stronger encryption algorithm will make it more difficult for attackers to read or modify data.
Resistance to cloning: The tag should be resistant to cloning, which is the process of creating a copy of the tag's data. Cloning can be used to gain unauthorized access to a system or to counterfeit products.
Resistance to tampering: The tag should be resistant to tampering, which is the process of altering the tag's data or hardware. Tampering can be used to disable the tag or to modify its data.

I hope this has been helpful and you can make your physical locations that much more secure.