Does The Use Of A Multi-Class-Type Credential / Reader Create A Long-Term Security Issue?

Let’s say we dealing with a large legacy electronic access control implementation that one wants to move to newer, more secure technology. The implementation of "multi-class" / multiple technology credentials and/or readers is common to facilitate the change over time. Assume the legacy is 125 kHz cards/readers with ye ol' 26-bit Wiegand. Assume hundreds of credentials are already assigned and hundreds of 125KHz-only readers deployed. Forklifts aren't possible due to time and money but we need to start moving in a better direction ASAP. Card skimming/spoofing is not very difficult with the older tech. Yes, it also plausible for some of the newer stuff out there but due to it being more difficult it’s arguably a decreased risk. So even though one might be rolling newer technologies with higher-security features (encryption), it seems that as long as that newer stuff is multi-tech capable that someone could always still exploit the older "side" if the multi-tech card to use with the older "side" of the multi-tech reader. Only when all readers or credentials are the newer selected (as secure as it gets) technology and ONLY that technology instead of a multi-tech concept do you alleviate the baggage of the security gap. Am I missing something with this line of thinking?

Login to read this IPVM discussion.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

***** *** ******** *** ********, ** *** *** *** ******* the *****. ** *** ****** * ****** **** *** ** is "*******" ** *** **** **, *** ********** **** ***** be **** ** *** ********** ******. ** **** **** **** is *** ** ***** ** **. *** ******** ** * multiclass (**** ** **********) ** **** ***** ** ** ***** layer ** ********** ******* *** *** **** *** ****** **** is ****** ** *** ****/*****. *** ********* ** ********** ** the ******* ** *********** ******** ******* (********* ******). **** *** owners ***********, *********** ** *** ********* ******* *** *** ******* the *** ******* ** **** *** ******* ***** *** **** your *********** ** ***** ***** *** *** **** ** **** your ***** *** *****. *** ** *** **** ******** ****** to ********* ***** **** ****** ******* ** *** ********* ** the ****** **** ******** ** * *** ********* ******** *** distribution ** *** *** *****. ********** ***** ** ********* *** new ***** *******.

** **** ****** *** ***** ** ******* ***** ************ **** higher-security ******** (**********), ** ***** **** ** **** ** **** newer ***** ** *****-**** ******* **** ******* ***** ****** ***** exploit *** ***** "****" ** *** *****-**** **** ** *** with *** ***** "****" ** *** *****-**** ******.

**** ** ****, *** ********** *** ********** ** ******** **** credentials ** ***** ** '*******' ********. ***** ** ***** ** upgrade *****-**** ******* *** **** *** **** ****** ***-********* ** cards ****** ** ******* *** *****.

**** **** *** ******* ** *********** *** *** ***** ******** (as ****** ** ** ****) ********** *** **** **** ********** instead ** * *****-**** ******* ** *** ********* *** ******* of *** ******** ***.

***% *****

** ***** ******* **** **** ***** ** ******* *** *** *** "****" on *** **********-***** ******* **** *** **** *********** *** ********. I ****** **** ** ****** **** ****** ***** ** **** products *** * **** *** ****** **** ****. * ***** this ******* ** **** ** * **** ********** **** ******* ******* * ***** ***** (************ ******) **** spewing *** **** *******. ** ******'* ** *** ***'* ** more *** ****** **** ** ***** ** *** ** ***** but **'* ***** ****** *** ****** ***** ** *** ******** code ** *****.

*****, * ***** **** ** **** *** * ***** ***** other ****** **** **** **** *** ***** **** **** ***** just ** **** ****** *******. ** ***** **** ***** *** any *** **** *********** **** ***** ** *******. **** *******'* exist... *** ****** ** ***** ** ******* **** *** ****** but ** **** ******* ** *** ************ *** ******* **** is **********.

**** ************ ***** ***** ********* **** ****, *** ***** ***** attempt **** **, **** *******; **** ***** ***** ****. **** is *********** **** *** ******** ******** ***** *** **** ******** ** help ***** **** ******* ********* ** **** ***** *********. * failed ***** ** * ******* ***** **** *** ** **** to ******* ******** ******* ***** *** ***** ***** ******.

*** *** ******** **** ** ****** **** ********** ********** ** to *** * ********* ******** **** *** ********** *** ****** when ********* *****/****/***.

**** ***, ****** ****** *** ******* ****** (*********) ******** ***** from ***** **** ** * ******. ****, * ********* **** CSN ******, ******* **** * ****** *********** ***** ****** * or * ****** ****** **** *** *** *****, *** ****** serve ** '**** ***' *********** ********* ********** *** ** * system.

************** ******. ** **** *** *** ****** ***** ** *** do **** ****** (** **** ***) *** ******* **** ****** as ***** ***'* * ******** **********/**** ********** *******, **** ********** added ** *** ****** ** **** ******** ** **. ********/****# combo ************ *** ******. **** *** **** ** **** ********. In **** **** * **** *** ******. **** ** **** offset ***** ** **** **** *******. (** ****** ****** ******* I **** *** ******* **** ***.) ** ***** ****, **** this ***** **'* * **** *** * *** ****** **** the **** *'* ******* ***, **'* **** ** **** ****** work ** ******* ****.

* *** ******** ***** *** *** ******** **** ******* ** I *** ******* ******* *** ****** **** ******* *** **** spurred ******* *******. *****-*****/*****-**** *********** ***** **** ****** **** ***** weak **** **** **** ***** *** **** *** ***** *** want ****** ***. **'* * *** ******** ** ********* *** it's *** ***** ****** *** *'** **** ******** * *** get. ** ** *** ******** **'* ** ****** ** ******* the ********* ** *** ********* ** *** ***** ***** *** only *** *** ****. ********* ********, ********* *** *** ********* something ** ********.

* ***** *** **** ***** ***'** ******* ** *** ******* point *** ******* ** **** ***'** ********** ** *** ***** place.

***** *** ********* **** ******* **** *** **** ***** ********* to * *** **** **********:

*. ******** **********. ******* *** *********** *** *** ** *** fell *****. *** **** ** *****, *** ***** **********. *********** depends ** ***** ******** ****. *** ** ***** ** ******** 3 *****, *** ** ** *** *** **** ******.

*. ***** ****-********* ***** (** ** *** **-*** **** + Indala), *** ********* ******* ******* ** *** *** ****** ****** (hypothetically. ** *** ****** **** ** **** [** ** ******] just *** *** ******.). **** ****** ****** ** ******** ********* all ********* ****** ***** ******** *** ***** ************ *** **** secure **********. **** **** *** ***** ** **** ********** *****, and **** *** **** ** ********* *** *******. *** ** the ******* ** **** ********.

*. ******* ******* **** ********* ******* ** ***** *** *********. Once *** ******* **** **** ********, ******** ***** ** *** new **********. ********** *** ********** ** *******. **** ** ********* out **** ******** ********* ** ********* ** ******* *******. *** is ***** ** ******** ***, *** ******** ** ******** ***** the ******* *** ***** ********.

****** ****, *** ******* ** * ********* ****** ***'* ** immediately **** * ****** **** ******. *** ******* ** ** give ******** * ********** ******* **** ** * **** ****** technology.

***** ****, ****** ******* **** ****** ** ****** ** *** face. **** ** ****** *** **.

***** ****, ****** ******* **** ****** ** ****** ** *** face. **** ** ****** *** **.

***. ***'* ****** **** **** *****. (**% ***** ****** *** ***)

**, *'* **** *****. **** **** ***** *** **** ** "integrators" *** **** ***** ******* ****** **** *******.

**** *****'* **** **'* *** ***** ***** ** **, ** that **'* ***********.

****** **** **** **** "******" ** ** ****** **** ******** up *** *** **** **** **** ***'* **** **** ** the **** ****'** *****.

** ***** *** * *** ** **** / **** * card **********, *** *** **** ********** / ***** ** **** to ***** * ********** ** **** * **** ******* *** card ***** ********** / ***** **** *** ******??

********* ****** *****!

****** ********** #*, ** ***** **** ** **** ***** ** disable *** ****** **** ** *** **********-***** ****** **** *** the ******** ****** *********** **** **** ********. *******, ** *** legacy ********** *** ** ******** **** * ****** ****, **** most ****** ** *** **** ** **-******* **** ******* ****** card. **** *** ****** ****** ** ************, *** **** ****, vulnerability.

****'* ******* **** ********* **** *****'* ************* **.***** ***********: **** identifier ** *** *** ****** *******? **** *** ***** **** select ** **** ****** ********* **** ***** ****** **** *** credential’s *** (**** ****** ******), *** *** *** **** ****** method ** ****** ****** ********* **** *** ********** **** ********* in *** **********'* ********* ******. ***? *** *** ** ********* on (******) *** *********** ***** *****. **** *** ********* ** ISO (************* ********* ************), **** ******* ******* ** **-, **-, 56- ** **-****. *** **** *** ** ******* **** * multitude ** *** **** ********* (*** ****: ***.****.***/***/****/************?****=**&***=**&********=****), *********** *** concern ** ***** ****** **** * ************'* *********** ********** **** secret ***, * ******'* ****** ******, ** ** **********'* ***** layer ** **********. *******, *** ******* ** **** *** ***, because ** ** ****, ************ *** ***********, ** ** **** target *** ******* *** ***** *** ******. ********** ****** ******** CSN's ** ** ****** *** ******** ** ************ *******.

*** ********** #*, ** ******** ** *** ****, **** * agree **** **** ***** ****** ** *********** *** ****** ****** in *** **** *****. **** ** *** **** ****** ******. And ******** ** *****'* ********, ********** *'** **** ******* *** end ***** **** **********'* ******* *** *****-** ********** ******** ** these **.** *** *****. **** *** **** ********* **** ***** that *** **.***** *********** ***** ***** *** **** ****** **** 125kHz ********* ***********, *** **** ****** ***'* ********** *** ***** differences. *** ********** **** ***** ********** *** **********’* ******** ********* increases *** *********** *** ***** *** ***** ** ****** *** maximum ****** **** ***** ********** **********.