Security Industry Insights & Knowledge Base

A $30 Gadget Can Clone Your Office Key in 15 Seconds, Here’s How to Stop It

Is Your Office Security Stuck in the 90s? Why It’s Time to Ditch the “Beep”

Date: May 25, 2024

Category: Technology / Access Control

If you use a plastic white card to get into your office building, you probably don’t give it much thought. You hold it up to the reader, hear a "beep," and the door unlocks. However, if your system relies on the industry-standard "125kHz proximity card," security experts warn that you might as well be leaving your front door key under the welcome mat.

While this technology was cutting-edge thirty years ago, it has become a major security liability today. Here is why you need to upgrade and how to do it safely.

The "Key Under the Mat" Problem

The 125kHz proximity card (or "prox" card) is the most common access control card in North America. It became popular in the 1990s because it was convenient—you didn't have to swipe it like a credit card; you just had to get it near the reader.

The problem is that these cards were built for convenience, not high security. The data on these cards is not encrypted. When you hold your card to a reader, it simply "shouts" its ID number to anyone listening. Because there is no secret code or encryption protecting that number, it can be easily intercepted.

Cloning a Card Takes Seconds

In the past, cloning a security card required expensive, heavy equipment. Today, anyone can buy a cloning device online for as little as $30.

Security tests have shown that a thief can buy a scanner, take it out of the box, and clone a building access card in less than 15 seconds. There are even handheld devices, like the "Flipper Zero," available for under $200 that allow people to copy credentials easily.

Worse yet, criminals don’t even need to steal your card to copy it. Because 125kHz cards transmit their signal freely, a "sniffer" device can steal your card's information from a distance—perhaps while standing behind you in line for coffee—without you ever knowing.

The Solution: Get Smart or Go Mobile

To stop these easy attacks, businesses are moving to Smart Cards (specifically 13.56MHz MIFARE DESFire) or Mobile Credentials.

Smart Cards: Unlike the old 125kHz cards, smart cards use advanced encryption. They don't just shout their number; they have a secret "handshake" with the reader that cannot be easily copied or faked.
Mobile Access: Many companies are ditching cards entirely and allowing employees to use their smartphones using NFC technology. This is often more secure because phones are protected by biometrics (face ID or fingerprints) and are rarely shared between employees.

Why You Should Contact Anderson Consulting Partners

Upgrading your security system can feel overwhelming. It isn't just about buying new cards; it requires navigating a complex migration. You may need to replace readers, update software, or plan a phased rollout where old and new cards work simultaneously, a process that can actually introduce new risks if not handled correctly.

For example, if you install new readers but fail to turn off the old 125kHz frequency, hackers can still use "downgrade attacks" to bypass your new expensive security.

This is why you should contact Anderson Consulting Partners for your next upgrade.

Expert Assessment: They can identify if your current system is vulnerable to the $30 cloning attacks described above.
Seamless Migration: Large system migrations often need to be done in phases to fit budget parameters. Anderson Consulting Partners can map out a strategy that keeps your building secure while transitioning from legacy plastic to modern smart credentials or mobile solutions.
Future-Proofing: Whether you need the high encryption of MIFARE DESFire or want to move to a cloud-based mobile system, they can guide you toward the technology that best fits your specific industry needs.

Don’t wait for a security breach to find out your technology is outdated. Contact Anderson Consulting Partners today to secure your facility for the future.

Our goal is to look beyond the hardware and collaborate to make the world a safer place together.

Please Note: The information provided in these articles is general in nature and intended for educational purposes. Every operational environment has unique vulnerabilities; therefore, it is recommended to seek site-specific expert advice for your specific needs.

Page updated

Report abuse