Subscriber Discussion

Are There iCLASS Security Issues? If So, Where And How Bad?

Avatar
Luis Carmona
Jan 27, 2015
Geutebruck USA • IPVMU Certified

Was perusing around the Internet to learn a little more about iClass and came across some articles about iClass credentials being cloned and sniffed similar to how older 125khz prox is. Came across this one particular site discussing it indepth.

http://www.openpcd.org/HID_iClass_demystified

It seems the problem in this case was the way HID stored master encryption keys on their readers. The information though seems older, so I was wondering is this still an issue, or as serious an issue as the insecurity of 125khz prox when iClass is supposed to be much more secure. Are 3rd part iClass readers (non-HID) supposed to be more secure? Granted, nothing can or should be considered impenetrable.

Avatar
Brian Rhodes
Jan 29, 2015
IPVMU Certified

iClass has been 'cracked'. There is another group claiming to have a method of extracting even a facility-specific key from a reader, and then using that to crack a card which they can then spoof.

Interestingly, and this is a periodic point brought up by certain members, MiFARE DESFire uses 256 bit encryption compared to iClass' 128 bit. There are 'non-HID' smartcard formats that are 'more secure', meaning they haven't been cracked... yet.

(1)
Avatar
Brian Rhodes
Jan 29, 2015
IPVMU Certified
In reply to Brian Rhodes

I also watched a demo where someone reverse engineered the salted raw hex off an iClass card, and using a technique they called "Monkeys banging on a Keyboard" (not joking) use brute force to mimic valid hex. Supposedly they can 'guess' good codes this way.

There is a Youtube link somewhere by the guy who is wearing a Guy Fawkes mask the whole time. I can't find it right now! But it's just so absurd, it's entertaining.

(1)
(1)
New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions