Subscriber Discussion

Unmanned 125 Khz Copying Kiosks Anyone Can Use

U
Undisclosed
Mar 15, 2018

KeyMe Website

Key dupe kiosks now offering prox copying.  They tell me the only ones in California are in LA. 

NOW will you please consider switching to DESFire or something?

 

(2)
Avatar
Brian Rhodes
Mar 15, 2018
IPVMU Certified

We did a post on KeyMe back when they first started: App Replaces Locksmiths: KeyMe

The warning you give is well placed. 125 kHz cards are easily copied by services/kiosks like these.  13.56 MHz formats are not.

It looks like KeyMe has kiosks all over California, and many major cities now:

In terms of duplicating cards, their website doesn't go in to too much detail, ie:

But I have no doubts they offer this.  There are other sites like CloneMyKey that tout the same duplication services too, and offer overnight shipping:

 

U
Undisclosed
Mar 15, 2018

oh, sit on that site for 30 seconds and a chatbot shows up and some entity interacts with you and answers questions.  That's where I got the LA info.  They're in Safeway, they're in Fry's, they're in a 7-11 near UC Berkeley.  Apparently it's their next-gen kiosk that does it.  Allegedly 111 exist today, I thought perhaps we would hear if someone's seen it.  

 

 

(1)
CH
Chris Hendrickx
Mar 16, 2018

Not to poo poo the security ramifications, I get that, but honestly how many people want to copy these? Will it be enough to support building he kiosks and deploying them widely? I'd assume the kiosk companies need to pay rent, supply costs and power/wifi on these.

Avatar
Mark McRae
May 16, 2018
Inaxsys Security Systems
In reply to Chris Hendrickx

"but honestly how many people want to copy these?"

Well, there are retail stores popping up, in Toronto and Vancouver for instance (many of them, I only show one example each but Toronto has at least 5 retail stores). They must be doing enough business to support a retail storefront...

U
Undisclosed
Mar 16, 2018

Writable cards, writing equipment at low cost, and lots of low cost readers means there is a market, I think.  It would seem to be evolving like CD's, from magically created at factories to "blanks on sale, 9 dollars for 100".

I just hope the people selling street level access to fancy condos in big cities have been selling systems more robust than just a prox card.

SD
Shannon Davis
Mar 17, 2018
IPVMU Certified

 I keep telling customers that they really need to switch to a more secure technology. I even show them my cloning device and clone their card but more often than not it still doesn't matter to them. Having kiosks like this make it really simple for people to do. Employees can take their card and make spares. Not good at all.

(1)
UE
Undisclosed End User #1
May 16, 2018

Demand appears to be high.. all of the 7-Elevens (10+) in the downtown Chicago area are capable, I just found out. 

At least move to two factor authentication - card and pin or as others have said a more secure card.  

Think of this from a nefarious side, take teacher's prox off their desk before lunch, copy it and return it to desk, or throw it under the desk (i.e. misplaced).. Now you have a key card to the school..   Not good. Not good at all. 

(1)
(1)
UM
Undisclosed Manufacturer #2
May 16, 2018

This site in Vancouver claims to be able to copy iClass cards. I had not heard of anyone claiming this yet, especially not the iClass SE cards

(2)
Avatar
Brian Rhodes
May 16, 2018
IPVMU Certified
In reply to Undisclosed Manufacturer #2

Interesting find. I sent them an email on this.  I do not suspect they are copying iClass SE/SEOS, but the older iClass 'legacy' format.  I'll report back here when they respond.

(3)
UM
Undisclosed Manufacturer #2
May 16, 2018
In reply to Brian Rhodes

I think it would be the older iClass format also (it is the only one that was confirmed to be cracked; I had not heard of any SE/SEOS crack). That being said, this (copying iClass SE) would still be VERY surprising from a retail store - my understanding was that brute-force copying of any smart card was very complex (requiring complex knowledge and sophisticated equipment) and time-consuming.

A walk-in retail store that copies smart cards while you have a coffee next door is surprising and eye-opening...

Avatar
Brian Rhodes
May 18, 2018
IPVMU Certified
In reply to Undisclosed Manufacturer #2

So far they have not been responsive.  I've emailed and reached out on Facebook (their recommendation), and they asked me for a picture of my iClass card but then not followed up on it:

If they respond, I'll update.

UM
Undisclosed Manufacturer #2
May 18, 2018
In reply to Brian Rhodes

I can't see from the photo- is your card an SEOS or the older iClass?

Avatar
Brian Rhodes
May 18, 2018
IPVMU Certified
In reply to Undisclosed Manufacturer #2

I asked them specifically if they could clone iClass SE /SEOS and they asked me for a picture of my 'fob'.

I sent them two pictures - one of an iClass DH (legacy) that you see in the pic above, and another iClass SEOS card.

U
Undisclosed #3
May 18, 2018
In reply to Undisclosed Manufacturer #2

That photo of the card is not SEOS, as SEOS cannot be punched.

UE
Undisclosed End User #1
May 18, 2018

Brian.. Any updates?

Avatar
Brian Rhodes
May 18, 2018
IPVMU Certified
In reply to Undisclosed End User #1

None so far.  No response since I posted this last night.  I'll bump them now, but I suspect they were not fully aware of all iClass formats when they made the claim.

UI
Undisclosed Integrator #4
May 19, 2018

They have them at Bed Bath & Beyond now around me!  Amazing!  

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions