Physical Access Security - Cloning Prox Cards

CraginS · ‎10-15-2019

Oh, goody! The automatic brass key cutting machines in many store lobbies are being upgraded to duplicate RFID key fobs and cards! How're your security and HR teams going to like it to discover employees can make their own backup spare access cards?

CBS News Radio investigation: Experts say popular key-copying kiosks pose new security threat
OCTOBER 14, 2019 / 8:02 AM / CBS NEWS

From the article:

"Security consultant Jim Elder says the KeyMe kiosks have made it too easy to copy electronic keys like "proximity cards" to buildings, posing potential security concerns.

'I don't know anybody in my business who would recommend proximity cards now — just because of the ability to clone that card,' Elder said."

If your pentesting team includes physical intrusion in the contract, this capability adds a new level. too!

Craig

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts

emb021 · ‎10-15-2019

I've seen these machines (at least the key making ones) near the entrance/exit of local WalMarts.

On cloning key cards, etc. I've sat in on presentations on those who do physical pen testing, and what they had to do to capture info from key cards to clone them. Since they don't steal them, but get close enough to copy the info, while its not quite the same, this would require getting a hold of the actual fob or card to create a copy.

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow