Subscriber Discussion

125khz Vulnerability Statistics

mh
mark holm
Jun 02, 2017

IPVM is replete with discussion on the 125kHz credential vulnerability, and I'm grateful for all the insight.  I'd be interested in any statistics on how frequently that vulnerability is successfully exploited.  Anyone know of a successful 'clone' security breach?  How/when it was detected?  Or where to find related statistics?  Thanks in advance!

Avatar
Brian Rhodes
Jun 02, 2017
IPVMU Certified

Hello Mark:

I do not think these statistics exist anywhere, and if they did, they'd be suspect as accurate.

Part of the vulnerability is that copying can happen without detection, so confirming such an event stands to be significantly under-reported.  Proving a negative with a positive is pretty slippery!

There are businesses built around providing such services(eg: 1, 2, 3), and it is fair to say that not all of their customers are legit.  So the exploit/weaknesses are so pronounced there are cottage industries built around them.

U
Undisclosed
Jun 02, 2017

I've had customers discover the device on Amazon and confront their integrators, recently.  

Avatar
Mark McRae
Jun 02, 2017
Inaxsys Security Systems

It happens often enough to justify opening a retail store that specializes in copying cards, fobs and remotes: https://fobcopy.ca/faqs/ 

It is a serious, significant problem and is one of the most severe security breaches that our industry faces (along with the lack of supervision on PSTN alarm dialers, the lack of supervision of wiegand proximity readers and the neverending backdoors being found in IP cameras, VMS software and recording machines). 

Put all this together and you might as well call us the InSecurity Industry (or should that be the "UnSecurity Industry"? It's been a long week...)

(1)
Avatar
Mark McRae
Jun 02, 2017
Inaxsys Security Systems

A few years ago, a Canadian government lottery corporation had the security staff's HID prox card cloned on live TV (on the news) while the card was still on the person (the cloner did it from a distance of about 3-4 feet, without the person knowing).

Heads were spinning the next day! 

And the worst part: every day we have customers deciding to keep their old HID prox cards because changing the cards and readers is too expensive/too much effort (even though they are spending big $$$ on upgrading their access control systems). 

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions