RFID as access device instead of key

[Rudy Toody]

Are there any security issues with using RFID in place of keys for building access?

Power outages would prevent access.

Are there any spoofing devices that could be a problem?

 

[Modelworks]

Yes
RFID is easy to monitor with the right antenna and equipment.
I would use a contact device if I was concerned about security.
smartcards are cheap and the locks that you can make with them are pretty damn hack proof.
Its also cheap tech as you can build an interface to a micro for under$20 including the card.


http://www.smartcardsupply.com...tent/Cards/ISO7816.htm

If you do use RFID make sure the card uses encryption when sending the information to the receiver. Most systems just have a card that waits for a request then sends its data. That is why they are easily broken. Encrypted cards are more expensive but well worth it.

 

[Rudy Toody]

Thanks. I made a mistake. I was told it was RFID. However, it is the IEI Prox Pad IR reader and keypad. They has some sort of keychain fob that you hold up to it and the door unlatches.

I found the master password on the internet and am able to open the door without the fob. This setup was installed in my building several months ago and left sitting there without a change to the default password.

So, I guess my question should be: can one spoof the IR fob? Could someone read my fob as I walk by and get my access number?

EDIT: changed with to without.

 

[Born2bwire]

Originally posted by: Rudy Toody
Thanks. I made a mistake. I was told it was RFID. However, it is the IEI Prox Pad IR reader and keypad. They has some sort of keychain fob that you hold up to it and the door unlatches.

I found the master password on the internet and am able to open the door without the fob. This setup was installed in my building several months ago and left sitting there with a change to the default password.

So, I guess my question should be: can one spoof the IR fob? Could someone read my fob as I walk by and get my access number?

Not unless you are in the habit of pointing the fob at people and turning it on. I assume you push a button to turn it on otherwise it's just silly.

 

[sdifox]

RFID doesn't really offer any new solutions. Why would you increase the detectable range of a key? Besides, all decent systems are multi-link already. So you need a card, biometrics and a (maybe timecoded) password to gain access. I don't see how the RFID improves anything. Not being able to access a system during power failure is a good thing

 

[Rudy Toody]

I haven't used a fob yet. I'm supposed to get mine on Wednesday morning as are all the other tenants.

I took it upon myself to change the master password from the factory default. I left a note for the building manager to contact me if he wants to program the unit.

I think I will make myself scarce on Wednesday!

 

[Modelworks]

IR isn't any better really.
Actually its easier.
I can read an ir signal and copy it with about $5 in parts and a pc with a halfway decent sound card.

I hope this lock system doesn't open the door to your apartment.
I still prefer a contact device.

 

[MadAmos]

We use a embedded chip in the security badges where I work. I have always assumed that it was RFID and is backed up with a hand scanner ( and the rumor is a retina scanner soon). I would ask but it isn't worth the trouble, since 911 they are very twitchy about people who want to know how the security system works.

 

[Cogman]

Magnetic reader + pin number for each individual employee would be one of the safer methods (through in a thumb print scanner if you really want a little more security).

I wouldn't trust anything like RFID where the signal is transmitted. It just opens too big of a hole with the possibility that someone figures out and cracks the encryption.

 

[mpilchfamily]

We use proximity readers here at work. The card needs to be right up against the reader to be read. The more secure areas require the badge and a personal pin.

 

[Rudy Toody]

I just found out that replacing the default master code to make the system secure until they did the change-over, is very much against the law in Seattle. I have been asked to move. (However, the resident manager passed on some thanks from his bosses because they found five other buildings were still using the default master codes.)