Did HID Drop The Ball Here?

I know this is not an IP question, but since we are all in the business, I wonder the reaction to this article this morning. I have already gotten calls from clients, and the article was posted just this morning.

How Secure is Your Security Badge?

Security conferences are a great place to learn about the latest hacking tricks, tools and exploits, but they also remind us of important stuff that was shown to be hackable in previous years yet never really got fixed. Perhaps the best example of this at last week’s annual DefCon security conference in Las Vegas came from hackers who built on research first released in 2010 to show just how trivial it still is to read, modify and clone most HID cards — the rectangular white plastic “smart” cards that organizations worldwide distribute to employees for security badges.

HID iClass proximity card.

HID iClass proximity card.

<snip>

Unfortunately, this means that anyone with a modicum of hardware hacking skills, an eBay account, and a budget of less than $500 can grab a copy of the master encryption key and create a portable system for reading and cloning HID cards. At least, that was the gist of the DefCon talk given last week by the co-founders of Lares Consulting, a company that gets hired to test clients’ physical and network security.

<snip>

Login to read this IPVM discussion.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

***** ****:

* ***** **** ****** **** ****** ** **** ** '**********' lock ** *******, **:****** ******** ******.

*** ****** **** **** ****** ************* ** **** **** ** even **** ********** *** ********* ** **** ***, ***** ********* ** ** * ******** **********:

*** **** ** ******** *** ******* ** ****, ** *****. However, ** ***** **** ******** ******** *** *********** ***** *** risk ** *****.

* ***** *** **** ****** ** *** **** **** ** to ************** *********** *******. ******* **** **** *** **** ** ********** **************, *** the **** ** * ****** ****** ********** ** *********.

********* ******** ****** *** ****** *******/***** ******** **** **** *** buying *** ******* ***** ** **** ******** **** ** ******* the **** ******** ** *** **** ****** **** ******** *** Khz ****. ** ********* ** **** *** **** ******** ** an ********* **** ** **** ********** ********, **** *** **** solution ** *******.