Key dupe kiosks now offering prox copying. They tell me the only ones in California are in LA.
NOW will you please consider switching to DESFire or something?
Key dupe kiosks now offering prox copying. They tell me the only ones in California are in LA.
NOW will you please consider switching to DESFire or something?
We did a post on KeyMe back when they first started: App Replaces Locksmiths: KeyMe
The warning you give is well placed. 125 kHz cards are easily copied by services/kiosks like these. 13.56 MHz formats are not.
It looks like KeyMe has kiosks all over California, and many major cities now:
In terms of duplicating cards, their website doesn't go in to too much detail, ie:
But I have no doubts they offer this. There are other sites like CloneMyKey that tout the same duplication services too, and offer overnight shipping:
oh, sit on that site for 30 seconds and a chatbot shows up and some entity interacts with you and answers questions. That's where I got the LA info. They're in Safeway, they're in Fry's, they're in a 7-11 near UC Berkeley. Apparently it's their next-gen kiosk that does it. Allegedly 111 exist today, I thought perhaps we would hear if someone's seen it.
Not to poo poo the security ramifications, I get that, but honestly how many people want to copy these? Will it be enough to support building he kiosks and deploying them widely? I'd assume the kiosk companies need to pay rent, supply costs and power/wifi on these.
Writable cards, writing equipment at low cost, and lots of low cost readers means there is a market, I think. It would seem to be evolving like CD's, from magically created at factories to "blanks on sale, 9 dollars for 100".
I just hope the people selling street level access to fancy condos in big cities have been selling systems more robust than just a prox card.
I keep telling customers that they really need to switch to a more secure technology. I even show them my cloning device and clone their card but more often than not it still doesn't matter to them. Having kiosks like this make it really simple for people to do. Employees can take their card and make spares. Not good at all.
Demand appears to be high.. all of the 7-Elevens (10+) in the downtown Chicago area are capable, I just found out.
At least move to two factor authentication - card and pin or as others have said a more secure card.
Think of this from a nefarious side, take teacher's prox off their desk before lunch, copy it and return it to desk, or throw it under the desk (i.e. misplaced).. Now you have a key card to the school.. Not good. Not good at all.
This site in Vancouver claims to be able to copy iClass cards. I had not heard of anyone claiming this yet, especially not the iClass SE cards
Interesting find. I sent them an email on this. I do not suspect they are copying iClass SE/SEOS, but the older iClass 'legacy' format. I'll report back here when they respond.
I think it would be the older iClass format also (it is the only one that was confirmed to be cracked; I had not heard of any SE/SEOS crack). That being said, this (copying iClass SE) would still be VERY surprising from a retail store - my understanding was that brute-force copying of any smart card was very complex (requiring complex knowledge and sophisticated equipment) and time-consuming.
A walk-in retail store that copies smart cards while you have a coffee next door is surprising and eye-opening...
So far they have not been responsive. I've emailed and reached out on Facebook (their recommendation), and they asked me for a picture of my iClass card but then not followed up on it:
If they respond, I'll update.
I asked them specifically if they could clone iClass SE /SEOS and they asked me for a picture of my 'fob'.
I sent them two pictures - one of an iClass DH (legacy) that you see in the pic above, and another iClass SEOS card.
That photo of the card is not SEOS, as SEOS cannot be punched.
Brian.. Any updates?
None so far. No response since I posted this last night. I'll bump them now, but I suspect they were not fully aware of all iClass formats when they made the claim.
They have them at Bed Bath & Beyond now around me! Amazing!
Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.