Hackable 125kHz Access Control Migration Guide

Author: Brian Rhodes, Published on May 19, 2017

Despite being one of the most popular credentials, 125 kHz credentials are easily copied and insecure as we showed in our test results, video embedded below:

However, changing to more secure credentials is not always a clear path, and doing it can cost thousands of dollars for even smaller systems.

In this guide, we cover the most common migration paths and examine the pros and cons of each, so you can help choose the best path forward.

This guide covers:

  • The 3 Most Common Migration Paths
  • Pros & Cons of Each Method
  • Biometrics Option
  • HID Global Formats More Costly
  • 13.56 MHz Read Ranges Shorter
  • Changeover Cost Is The Biggest Factor

******* ***** *** ** *** **** ******* ***********, *** *** credentials *** ****** ****** *********** ** ** ****** ** *** **** *******, ***** ******** *****:

*******, ******** ** **** ****** *********** ** *** ****** * clear ****, *** ***** ** *** **** ********* ** ******* for **** ******* *******.

** **** *****, ** ***** *** **** ****** ********* ***** and ******* *** **** *** **** ** ****, ** *** can **** ****** *** **** **** *******.

**** ***** ******:

  • *** * **** ****** ********* *****
  • **** & **** ** **** ******
  • ********** ******
  • *** ****** ******* **** ******
  • **.** *** **** ****** *******
  • ********** **** ** *** ******* ******

[***************]

The ***** ****

*** **** ***** ** *** *******: *** **** ****** *** kHz **** ******* **** ** ****** *** ********** ***********, ** copying **** ** **** * ****** ** * *** ******* and ***** * *** *******. ***** *** **** ****** ** these ******** *********** ** ******** ***, *** **** **** ******* are **** ** ***** **** ******** ********** ** * **** issue *********.

Three ********* *****

*** ******** ** ***************: **** ***** *** *** ***********. ***** that *****, ****** ********* ******** ******* ********** *** ********* ******* of **** ******* ***** ********* ** ***** ********* ******* ***** them * ******* ***********.

*******, ***** *** * ****** ** ******* *** ********* *******, each **** ******* ***** *** ********* *** ********:

  • ****** ***** & ******* ***********
  • ******* *****-******** *******, ********* ******* *****
  • ******* ******** *******, ********* ******* *****

*****, ** ******* **** ****** ** ***** *** ***** *** pros **. **** ** **** *********** ***** **** ** **** for ******** *******.

HID ****** ******* **** ******

*** *** ************* **** ********* **** **** ****** ******* ** deciding ***** **.***** ****** ****** ** ******* ** *** *****? The *** **** ****** ******* ***** **** **** *** ********* vendors:

** *******, *** ****** ****** ** **** ********* ** * per-reader *** ***-********** ***** ******** ** ******/*******. *** ****** ** the **** ********** ** ******* *** ** *********, ** *** HID ******* ** ********, ** *** ************ ********, ** *** or ***** ****** **** *****. ** ********, *** ***-*** ******* are '**** ***' *** *********** **** *** *** ************ ** build ******* ******* **** **** ** ********* ****.

*** ****** ******* ********** ******* ****** ****** ******* ****** ***** on ********** **** *******, *** *** **** ********** ********* ****** 10% - **% **** *** *** *** ********. *******, ********** in ***** *******, *******, *******/******* *******, *** ******* ************ *** be ****** *** *** *** ******* *********** ****** ***** ** that ******. ********* ** *** *****, ***-***** ******* *** ** more *******, *** *******/******* *** ** **** *********.

*** ******** ******** ******* *** *** *******, *** ***:*** ** *** ***************.

13.56 *** **** ****** *******

**** ** *** *** **** ********** ******* ***********. ******* **** range ****** **** ** ************* *********, **** *** ***** ********* 125kHz ****** ******** ****** *********. ***** *** ******* ***** ** not * ******* ****** *** **** ***** ** ******* ***** applications ***** ***** **** **** **** * ****** **** **** the ******, ***** **** ********* **.***** ******* ****** **** ** ranges ****** *** ******* ****** ** ******* **** ************.

*** *******, ******* *** **** ***** ************ ** ** **" **** ******** *** ******* ***********, *** their**.** *** **************** ***** **" *** **** ********* *** ** **** ********** *** **************** *** ****** ****** ******* *** **** ***********.

Pros & **** ** ****

******** **** *** ***** *******, *** **** ****** *** ******* but ******* **** *** ****** ****** ****** ** ********* *********** of **** *** *** ******* *** **** *****, ***** *** least ********* *** *********** **** *** **** ********** ****** ** simply ******** * **.** *** ****** ***** ******** ***** *** begin ******** *** ***** ** ***** ** ******.

*** **** *** ** *** ****, ********** ******** ***********, *** low ****** ****** ** ** *** * *********** ****** **** can **** ******** **** *********** *** *******, ***** ****** '*****-********' readers. **** ***** ***** *** *****-****:

** *** ******** *****, ** ******** **** **** ** *****.

One: ******* *** ***** & ******* ***********

**** ********* **** ** *** **** ******, *** ** ****** the ******** *** *** ******* ** ********* *********** ** *** system ******* *** ***** ** ****. *********** ********** *** ** 125 *** *********** ***** **** *** ******* **** **********, *** such * ******* **** ******** **** ********* ****** *** ******* coordination ** ********* ******** *** *** ****** *********** **** *** replacement **.** *** *****.

** *******, * ****** **.** *** ****** *** **** $*** - $*** *** * ****** **** ***** ***** $* - $7 ****** ********** ************, *************, *** **** ******** *****, ** even * ******* ****** **** **** **** * ***** *** 50 ***** *** *** **** *** ********* ** *******, *** large **********/ *****-**** ******* *** **** ******** **** ** *********.

** ******** ** *** ****, ********* ******** *** *** ******* means ******** *********** *** *** *****, ** ******* *** ******** a ******* ***** ***** ********* *** ******* *** *********** **********. And ****-***** ************ *** **** ** ** **-********** ********.

** * ******, *** '******* ********** ** ****' ********* ** typically **** **** ** ******* ******* ***** *** **** *** logistic ****** *** *****.

Two: ******* *****-******** *******, ********* ******* *****

**** ********* **** ** ***** *** *** ****, *** ***** and ******** *** ***** ** *********. **** *** ***** ******, option *** ******** ********* *********** ** *** ******* ** * new ****** **** ********** **** *********** ** ****. ***** ****** 'multiclass' ** '***************' *******, ***** ***** *** **** ****** ********** frequency *** ******** *******.

***** **** **** ** ****** ***** **** ****** *********** *** be ******** ** * ******* ***** ****** **** *** ** once, ***** ******** * *** ****** *** *** ********* ******* of *********** *********** ** * ********** ********.

***** *** **** ** ***** ******* ** ***** ****** ** a ***-**** ***** ******** ** * ****** ********** **.** ***-**** unit, *** ******* ** ****** ** **% - **%. *** price ********** ** ********* ******* *** ***** **** *********, *** spreading *** *** ******* ** ********* ********** ***********, **** ** the **** ** ********** ******** *** *** ******* *** ****** or ***** ****, ** ********** *** **** ******** ********.

Three: ******* **** *******, ********* ******* *****

*** ***** ****** ** ***** *** ***** *********, *** ******** disciplined *********, ******* ****** ********, *** ***** ******* ******** ***** used: ******* * *** ****** **** ** *** *** ***.

**** ** ******-**** ******* ** ***** **** **** *****-********/********** *****, and **** *** ** ********* ******* ********** ********** ** *** existing ******* *** ***********.

*******, ********** *********** ******* **** **** *****, **** **** **** use ********* ***********, *** ****** **** ***** *********** ** **** unit. ********* ** ***** ** *** ****** **** ***** *** or ********* ********* **** **** ***** ** ***** * ***** trial ********.

** *********** ** *** ** *****, ********** *** **** **** prove ** **. ******** ********** ******* **** ** **** ***** creates ** ********* ***** *** ***** ***, ******** *** *** and *** **.** *** ******:

********, **** ********** ******** *** *** ******* **** **** *** reader *****, *** ********, ***********, *** ******* **** ********** ********* of *** ****** *** ** ********.

*******, *** ******* ** **** ****** *** ***** ******** ** no ***** ******* ********** **** ****** ************, *** ********* ** new *********** *** ** **** **** ** ***** *******, **** whatever **** ** ****** ********** ** ********** ** *** *** kHz **********.

Considering ********** *******

*** **** *******, *** *********** ** ******* *** ******** ***** credential ***** ********, **** **********. ***** *** **** ** ******, palm, *** **** ******** **** ********* **** *** **** ******, the **** ** ***** ****** ***** *** ********* **** **** 13.56 *** ************, *** **** ***** ******* *********** ******* *** user ********** *** **** ******** ** *** ** ******** *** the *** *******.

***** **** ***** *********** '**** *****', ***** *** ***** *********** or *********** ****** **** ********** ***** *********** **** ** ******* or ****** ************, ******* ********* ******** ******* ** *** ******* (and **** ******** ******** **** ******), *** ** **** ************* additional *********** **.** *** *********** *** ******* *** *********** ** certain ***** **********.

******* ** *** **** **** *** ********* *********** ******, ********* from *** *** ** ********** ** ********, ******** ********* ******** of ***** *********** ****** * **** ******** ****** ******* ****** copying ** ********** ******.

Changes **** *****

** *** *** *** ******** ****** *******, ******** **** ********* limits *** **** ********* *******. *** ***** *** ******** ******** often *** ****** ** ***** *** **** ** *** *** products ******* *** **** ** ********* **** **.

*** **** *****, *** **** *** ********* ** *** ***** to ******* ******** *****, *******, *** ********* ** ***** **** copiers *** ******* *** ********* *** *****. ******** ******** ****** now ******** *** ********** ** ******* ************ ********** *** '**** tech' *** *** ***** ** **** ** ******* '*** ****' duplicate ********** **** *** ** *** ******** ** *** *** retail *****.

Next **: ***** **.** *** *** ******?

** ******** *******, ** **** **** ********* **.** *** ******* to *** ***** **** *** ********** ** ******* ** ******** attacks ***** ********** ******* ** *********** ******** ***** *****. **** for *** ******* ** ***** ****** ****** ** '****' *** if **** ***** *** *****.

Comments (10)

Thumbnail profile

Michael Gonzalez

05/19/17 06:23pm

** **** *** **** *** **** ******* ** *** ** our ********* *** **** **** **. ********** ****** **** ***** boys, ******.

Undisclosed End User #1

05/22/17 06:19pm

*** ****** ***********/**** **** ******** ***** ******* **** *** ******** to ***** *** ********* ******? **** ******** ** ******* ** "digital *************" ** *** **** *** ****** ***** ** ***% unless ******* ** **** ** * **** *** *** ** using **** ******** ******* *** *** ****** *** ******* ** be ***********.

**** *** *** ***** ** ******** *** **** ***** ***** the ******* ** ******* *** ** *** ************* *** ********? When *** **** **** *********** *** **** *** ****** ****** replacing *** ************* ** *** ** **** ****.

Thumbnail pp 5

Brian Rhodes

IPVMU Certified | In reply to Undisclosed End User #1 | 05/22/17 06:24pm

** **** ********* ******* ******** *******/******* *** **** ** ***** a **** **** ****. **** *** **** ****** ****.

Thumbnail pp 5

Brian Rhodes

IPVMU Certified | In reply to Brian Rhodes | 05/28/17 10:54pm

*** **** ** **** ******* ** ********* ****:****-**** ****** **** ******* ******

Thumbnail 1981

Armando Perez

IPVMU Certified | In reply to Undisclosed End User #1 | 06/14/17 06:19pm

** ***** **** *********, *** * *** **** ** **** even ******* * ****** ***** **** ******** ******.

Undisclosed End User #2

05/23/17 12:59am

**** **** ** ******** *** ****** ********** ** *** **** cards **** ****-****** *** *****, **** *********** * ******* ** begin ********* ******* *** *** **** ******* **** ****** ***** at +** ***** ********* **** *** *********, **** **** ****** points *** ******** *****. **** ****** * ********* ** *** security ****** **** *** *** *** *********** ******* *** ** be ******. ******* ** ******* ****** ****; **** *********** **** 6mths *** ******* ** ** ******* *** ********** **** (******, security *********, ***'* ***). ** ****** *** ***** ********** **** both ****** *******, ** *********** ** *** *** *****. ****-****: if *** ******* * *** *********** **** ****** *****, *****'* matter ** ****** **** * ***** (** **** ** ****** don't **** *** *** **** *** ****).

John Honovich

IPVM | In reply to Undisclosed End User #2 | 05/23/17 11:21am

** *** ******* * *** ***********

#*, ****** *** *******. *** ***** **** *** ******* ******** or ********** ***** ********* * ***? ** ***** **** ** increase ***** / *** ************ ** ********. ** *** ***** hand, ********* ** *** ****** **** ******** ***** ** **, it *** ** ***** **.

Undisclosed Integrator #3

05/23/17 01:21pm

***** *** *** *** **** ********** ******? * **** *** to ***** ****** **** ** ** **** *** **** ** is. * ***** ******** **** * *** ** ******* *** cards **** **** *** **.

Undisclosed End User #2

05/23/17 01:47pm

****** **** ****** ********, *** **** *** *********** **********, ******* the **** *** ***** ** * ******** (***'* **** ********** for ******** *****).

*** ************ *** ****** **** ** ***** ** **** ** our ******** ********, ************ ** ******** ***** ******* ** **** business *****. **** *** *** ******** *** ****** ** ****** points ***** ****'* ********* ****** (**** **** *** ****/***********) *** only ***** **% ** ***** *** ******** ** *** ***********.

******* ********* *** ***** ******** **** *** ******** **** *** years, *** ****** ****** ***** ***'*. ***** *** *** ** roll-out ***** ** ******** ****** ** **** * *** *** and **** ** **** ** *** ********** ******* (**** **** signing ** *** * ****** ****).

**** **** ******** ** ** ********* *********** ** ******* *** PIN's *** ********.

**% ** ****** **** ******** ** ****** ****, **% **** tow *** **** ** ****** ****, **'* *** ****** **% you **** ** *** *** *** **** *** *** **** way ** ** **** ** **** * **** ********* *** comm ********.

Thumbnail profile

Michael Gonzalez

In reply to Undisclosed End User #2 | 05/23/17 07:27pm

******, **********. * ***** ** ** ** * *** **** helpful **** ************* **** *** **** ******** ** *** ********* on * ******* *****, *** **** **** ********* ** ********. If *** ******* ******** ********** *********** *** ***** ** ***** these ********* *** ***** ****, *** *********** ***** **** *** their ************* *** ********** ** *** *******, ****'** * *** more ****** ** *** *** ****. ****'* *** *** ******* a *** *********, *** ********* *******, *** **** ****** **** like ****'** **** ** *** ********, *** **** * ****** of **.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Avigilon CEO Attacks Asian Companies Cyber Insecurity on Aug 18, 2017
Avigilon CEO is taking aim at their Asian competitors. And he is going directly after these company's cyber security issues. In this note, we...
IP Networking Course September 2017 on Aug 17, 2017
This is the only networking course designed specifically for video surveillance professionals plus it includes live training, personal help and...
Hikvision Responds To Cracked Security Codes on Aug 15, 2017
Hikvision has responded to IPVM's report on Hikvision's security code being cracked, both with a 2 page update to dealers and communication...
Vulnerability Directory For Access Control Cards on Aug 14, 2017
Knowing which access credentials are insecure can be unclear, especially because most look and feel the same. Even the most insecure 125 kHz types...
IP Camera Specification / RFP Guide 2017 on Aug 14, 2017
RFPs are hard. Do them 'right' and it takes a lot of knowledge and time. Do them 'wrong' and you can be (a) unwittingly locked into a specific...
Competing Against G4S on Aug 09, 2017
G4S Secure Solutions is a global company, operating in multiple countries and offering a suite of products and services from guards to their AMAG...
Hikvision Security Code Cracked on Aug 08, 2017
Hikvision's 'security code' feature has been cracked and a program generating security codes is being distributed online. IPVM has obtained and...
ONVIF Releases Profile A for Access on Aug 08, 2017
ONVIF has struggled so far in access control. In 2014, ONVIF released Profile C for access control, but in the 3 years since, only 2 companies...
US Army Bans Chinese DJI Drones on Aug 08, 2017
The US Army has issued a ban on Chinese-made DJI drones. A US Army memo obtained by sUAS News references a classified document from the Army...
Access Control Commissioning / Install Checklist on Aug 03, 2017
This 80+ point checklist helps end users, integrators and consultants verify that access control installation is complete. It covers the following...

Most Recent Industry Reports

Dahua 4K IR PTZ Tested on Aug 21, 2017
4K has made its way to IR PTZs. In this report, we examine the Dahua 6AE830VNI, a 4K PTZ with 30x optical zoom, 200m (~650') integrated IR, and...
Top Used License Plate Capture Cameras on Aug 21, 2017
Capturing license plates is a common video surveillance application. But what cameras do integrators mostly commonly used? Special purpose LPC...
VLAN For Video Surveillance Usage Statistics on Aug 21, 2017
VLANs (see our tutorial) are an option for networks using video surveillance, but how often are they actually used? 125+ integrators told us how...
Avigilon CEO Attacks Asian Companies Cyber Insecurity on Aug 18, 2017
Avigilon CEO is taking aim at their Asian competitors. And he is going directly after these company's cyber security issues. In this note, we...
Sony Next Gen HD Dome Camera Tested (SNC-EM642R) on Aug 18, 2017
Sony has released their latest generation, claiming improved WDR and low light, increased IR range, and more. We tested the SNC-EM642R outdoor IR...
IP Networking Course September 2017 on Aug 17, 2017
This is the only networking course designed specifically for video surveillance professionals plus it includes live training, personal help and...
Knightscope Raises $10 Million With $3,320 Average Per Investor on Aug 17, 2017
Congrats to Knightscope. And condolences to their legion of little investors. Knightscope has disclosed they have raised $10+ million from their...
Axis and Arecont Legal Conflict Over Multi-Imager Cameras on Aug 17, 2017
Arecont threatened Axis. Axis has responded by moving to invalidate an Arecont patent. It is an important contest. Multi-imagers are Arecont's...
Directory Of Consumer Security Cameras on Aug 16, 2017
The consumer camera segment continues to grow, with new startups and models from existing players released seemingly every month. In this report we...
Cat 5e vs Cat 6 vs Cat 6a Network Cable Usage Statistics on Aug 16, 2017
Cat 5e? Cat 6? Cat 6a? What do integrators use in practice, today? 140+ integrators told IPVM. Here are the results: For those who want to...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact