Hackable 125kHz Access Control Migration Guide

Author: Brian Rhodes, Published on May 19, 2017

Despite being one of the most popular credentials, 125 kHz credentials are easily copied and insecure as we showed in our test results, video embedded below:

However, changing to more secure credentials is not always a clear path, and doing it can cost thousands of dollars for even smaller systems.

In this guide, we cover the most common migration paths and examine the pros and cons of each, so you can help choose the best path forward.

This guide covers:

  • The 3 Most Common Migration Paths
  • Pros & Cons of Each Method
  • Biometrics Option
  • HID Global Formats More Costly
  • 13.56 MHz Read Ranges Shorter
  • Changeover Cost Is The Biggest Factor

******* ***** *** ** *** **** ******* ***********, *** *** credentials *** ****** ****** *********** ** ** ****** ** *** **** *******, ***** ******** *****:

*******, ******** ** **** ****** *********** ** *** ****** * clear ****, *** ***** ** *** **** ********* ** ******* for **** ******* *******.

** **** *****, ** ***** *** **** ****** ********* ***** and ******* *** **** *** **** ** ****, ** *** can **** ****** *** **** **** *******.

**** ***** ******:

  • *** * **** ****** ********* *****
  • **** & **** ** **** ******
  • ********** ******
  • *** ****** ******* **** ******
  • **.** *** **** ****** *******
  • ********** **** ** *** ******* ******

[***************]

The ***** ****

*** **** ***** ** *** *******: *** **** ****** *** kHz **** ******* **** ** ****** *** ********** ***********, ** copying **** ** **** * ****** ** * *** ******* and ***** * *** *******. ***** *** **** ****** ** these ******** *********** ** ******** ***, *** **** **** ******* are **** ** ***** **** ******** ********** ** * **** issue *********.

Three ********* *****

*** ******** ** ***************: **** ***** *** *** ***********. ***** that *****, ****** ********* ******** ******* ********** *** ********* ******* of **** ******* ***** ********* ** ***** ********* ******* ***** them * ******* ***********.

*******, ***** *** * ****** ** ******* *** ********* *******, each **** ******* ***** *** ********* *** ********:

  • ****** ***** & ******* ***********
  • ******* *****-******** *******, ********* ******* *****
  • ******* ******** *******, ********* ******* *****

*****, ** ******* **** ****** ** ***** *** ***** *** pros **. **** ** **** *********** ***** **** ** **** for ******** *******.

HID ****** ******* **** ******

*** *** ************* **** ********* **** **** ****** ******* ** deciding ***** **.***** ****** ****** ** ******* ** *** *****? The *** **** ****** ******* ***** **** **** *** ********* vendors:

** *******, *** ****** ****** ** **** ********* ** * per-reader *** ***-********** ***** ******** ** ******/*******. *** ****** ** the **** ********** ** ******* *** ** *********, ** *** HID ******* ** ********, ** *** ************ ********, ** *** or ***** ****** **** *****. ** ********, *** ***-*** ******* are '**** ***' *** *********** **** *** *** ************ ** build ******* ******* **** **** ** ********* ****.

*** ****** ******* ********** ******* ****** ****** ******* ****** ***** on ********** **** *******, *** *** **** ********** ********* ****** 10% - **% **** *** *** *** ********. *******, ********** in ***** *******, *******, *******/******* *******, *** ******* ************ *** be ****** *** *** *** ******* *********** ****** ***** ** that ******. ********* ** *** *****, ***-***** ******* *** ** more *******, *** *******/******* *** ** **** *********.

*** ******** ******** ******* *** *** *******, *** ***:*** ** *** ***************.

13.56 *** **** ****** *******

**** ** *** *** **** ********** ******* ***********. ******* **** range ****** **** ** ************* *********, **** *** ***** ********* 125kHz ****** ******** ****** *********. ***** *** ******* ***** ** not * ******* ****** *** **** ***** ** ******* ***** applications ***** ***** **** **** **** * ****** **** **** the ******, ***** **** ********* **.***** ******* ****** **** ** ranges ****** *** ******* ****** ** ******* **** ************.

*** *******, ******* *** **** ***** ************ ** ** **" **** ******** *** ******* ***********, *** their**.** *** **************** ***** **" *** **** ********* *** ** **** ********** *** **************** *** ****** ****** ******* *** **** ***********.

Pros & **** ** ****

******** **** *** ***** *******, *** **** ****** *** ******* but ******* **** *** ****** ****** ****** ** ********* *********** of **** *** *** ******* *** **** *****, ***** *** least ********* *** *********** **** *** **** ********** ****** ** simply ******** * **.** *** ****** ***** ******** ***** *** begin ******** *** ***** ** ***** ** ******.

*** **** *** ** *** ****, ********** ******** ***********, *** low ****** ****** ** ** *** * *********** ****** **** can **** ******** **** *********** *** *******, ***** ****** '*****-********' readers. **** ***** ***** *** *****-****:

** *** ******** *****, ** ******** **** **** ** *****.

One: ******* *** ***** & ******* ***********

**** ********* **** ** *** **** ******, *** ** ****** the ******** *** *** ******* ** ********* *********** ** *** system ******* *** ***** ** ****. *********** ********** *** ** 125 *** *********** ***** **** *** ******* **** **********, *** such * ******* **** ******** **** ********* ****** *** ******* coordination ** ********* ******** *** *** ****** *********** **** *** replacement **.** *** *****.

** *******, * ****** **.** *** ****** *** **** $*** - $*** *** * ****** **** ***** ***** $* - $7 ****** ********** ************, *************, *** **** ******** *****, ** even * ******* ****** **** **** **** * ***** *** 50 ***** *** *** **** *** ********* ** *******, *** large **********/ *****-**** ******* *** **** ******** **** ** *********.

** ******** ** *** ****, ********* ******** *** *** ******* means ******** *********** *** *** *****, ** ******* *** ******** a ******* ***** ***** ********* *** ******* *** *********** **********. And ****-***** ************ *** **** ** ** **-********** ********.

** * ******, *** '******* ********** ** ****' ********* ** typically **** **** ** ******* ******* ***** *** **** *** logistic ****** *** *****.

Two: ******* *****-******** *******, ********* ******* *****

**** ********* **** ** ***** *** *** ****, *** ***** and ******** *** ***** ** *********. **** *** ***** ******, option *** ******** ********* *********** ** *** ******* ** * new ****** **** ********** **** *********** ** ****. ***** ****** 'multiclass' ** '***************' *******, ***** ***** *** **** ****** ********** frequency *** ******** *******.

***** **** **** ** ****** ***** **** ****** *********** *** be ******** ** * ******* ***** ****** **** *** ** once, ***** ******** * *** ****** *** *** ********* ******* of *********** *********** ** * ********** ********.

***** *** **** ** ***** ******* ** ***** ****** ** a ***-**** ***** ******** ** * ****** ********** **.** ***-**** unit, *** ******* ** ****** ** **% - **%. *** price ********** ** ********* ******* *** ***** **** *********, *** spreading *** *** ******* ** ********* ********** ***********, **** ** the **** ** ********** ******** *** *** ******* *** ****** or ***** ****, ** ********** *** **** ******** ********.

Three: ******* **** *******, ********* ******* *****

*** ***** ****** ** ***** *** ***** *********, *** ******** disciplined *********, ******* ****** ********, *** ***** ******* ******** ***** used: ******* * *** ****** **** ** *** *** ***.

**** ** ******-**** ******* ** ***** **** **** *****-********/********** *****, and **** *** ** ********* ******* ********** ********** ** *** existing ******* *** ***********.

*******, ********** *********** ******* **** **** *****, **** **** **** use ********* ***********, *** ****** **** ***** *********** ** **** unit. ********* ** ***** ** *** ****** **** ***** *** or ********* ********* **** **** ***** ** ***** * ***** trial ********.

** *********** ** *** ** *****, ********** *** **** **** prove ** **. ******** ********** ******* **** ** **** ***** creates ** ********* ***** *** ***** ***, ******** *** *** and *** **.** *** ******:

********, **** ********** ******** *** *** ******* **** **** *** reader *****, *** ********, ***********, *** ******* **** ********** ********* of *** ****** *** ** ********.

*******, *** ******* ** **** ****** *** ***** ******** ** no ***** ******* ********** **** ****** ************, *** ********* ** new *********** *** ** **** **** ** ***** *******, **** whatever **** ** ****** ********** ** ********** ** *** *** kHz **********.

Considering ********** *******

*** **** *******, *** *********** ** ******* *** ******** ***** credential ***** ********, **** **********. ***** *** **** ** ******, palm, *** **** ******** **** ********* **** *** **** ******, the **** ** ***** ****** ***** *** ********* **** **** 13.56 *** ************, *** **** ***** ******* *********** ******* *** user ********** *** **** ******** ** *** ** ******** *** the *** *******.

***** **** ***** *********** '**** *****', ***** *** ***** *********** or *********** ****** **** ********** ***** *********** **** ** ******* or ****** ************, ******* ********* ******** ******* ** *** ******* (and **** ******** ******** **** ******), *** ** **** ************* additional *********** **.** *** *********** *** ******* *** *********** ** certain ***** **********.

******* ** *** **** **** *** ********* *********** ******, ********* from *** *** ** ********** ** ********, ******** ********* ******** of ***** *********** ****** * **** ******** ****** ******* ****** copying ** ********** ******.

Changes **** *****

** *** *** *** ******** ****** *******, ******** **** ********* limits *** **** ********* *******. *** ***** *** ******** ******** often *** ****** ** ***** *** **** ** *** *** products ******* *** **** ** ********* **** **.

*** **** *****, *** **** *** ********* ** *** ***** to ******* ******** *****, *******, *** ********* ** ***** **** copiers *** ******* *** ********* *** *****. ******** ******** ****** now ******** *** ********** ** ******* ************ ********** *** '**** tech' *** *** ***** ** **** ** ******* '*** ****' duplicate ********** **** *** ** *** ******** ** *** *** retail *****.

Next **: ***** **.** *** *** ******?

** ******** *******, ** **** **** ********* **.** *** ******* to *** ***** **** *** ********** ** ******* ** ******** attacks ***** ********** ******* ** *********** ******** ***** *****. **** for *** ******* ** ***** ****** ****** ** '****' *** if **** ***** *** *****.

Comments (10)

** **** *** **** *** **** ******* ** *** ** our ********* *** **** **** **. ********** ****** **** ***** boys, ******.

*** ****** ***********/**** **** ******** ***** ******* **** *** ******** to ***** *** ********* ******? **** ******** ** ******* ** "digital *************" ** *** **** *** ****** ***** ** ***% unless ******* ** **** ** * **** *** *** ** using **** ******** ******* *** *** ****** *** ******* ** be ***********.

**** *** *** ***** ** ******** *** **** ***** ***** the ******* ** ******* *** ** *** ************* *** ********? When *** **** **** *********** *** **** *** ****** ****** replacing *** ************* ** *** ** **** ****.

** **** ********* ******* ******** *******/******* *** **** ** ***** a **** **** ****. **** *** **** ****** ****.

*** **** ** **** ******* ** ********* ****:****-**** ****** **** ******* ******

** ***** **** *********, *** * *** **** ** **** even ******* * ****** ***** **** ******** ******.

**** **** ** ******** *** ****** ********** ** *** **** cards **** ****-****** *** *****, **** *********** * ******* ** begin ********* ******* *** *** **** ******* **** ****** ***** at +** ***** ********* **** *** *********, **** **** ****** points *** ******** *****. **** ****** * ********* ** *** security ****** **** *** *** *** *********** ******* *** ** be ******. ******* ** ******* ****** ****; **** *********** **** 6mths *** ******* ** ** ******* *** ********** **** (******, security *********, ***'* ***). ** ****** *** ***** ********** **** both ****** *******, ** *********** ** *** *** *****. ****-****: if *** ******* * *** *********** **** ****** *****, *****'* matter ** ****** **** * ***** (** **** ** ****** don't **** *** *** **** *** ****).

** *** ******* * *** ***********

#*, ****** *** *******. *** ***** **** *** ******* ******** or ********** ***** ********* * ***? ** ***** **** ** increase ***** / *** ************ ** ********. ** *** ***** hand, ********* ** *** ****** **** ******** ***** ** **, it *** ** ***** **.

***** *** *** *** **** ********** ******? * **** *** to ***** ****** **** ** ** **** *** **** ** is. * ***** ******** **** * *** ** ******* *** cards **** **** *** **.

****** **** ****** ********, *** **** *** *********** **********, ******* the **** *** ***** ** * ******** (***'* **** ********** for ******** *****).

*** ************ *** ****** **** ** ***** ** **** ** our ******** ********, ************ ** ******** ***** ******* ** **** business *****. **** *** *** ******** *** ****** ** ****** points ***** ****'* ********* ****** (**** **** *** ****/***********) *** only ***** **% ** ***** *** ******** ** *** ***********.

******* ********* *** ***** ******** **** *** ******** **** *** years, *** ****** ****** ***** ***'*. ***** *** *** ** roll-out ***** ** ******** ****** ** **** * *** *** and **** ** **** ** *** ********** ******* (**** **** signing ** *** * ****** ****).

**** **** ******** ** ** ********* *********** ** ******* *** PIN's *** ********.

**% ** ****** **** ******** ** ****** ****, **% **** tow *** **** ** ****** ****, **'* *** ****** **% you **** ** *** *** *** **** *** *** **** way ** ** **** ** **** * **** ********* *** comm ********.

******, **********. * ***** ** ** ** * *** **** helpful **** ************* **** *** **** ******** ** *** ********* on * ******* *****, *** **** **** ********* ** ********. If *** ******* ******** ********** *********** *** ***** ** ***** these ********* *** ***** ****, *** *********** ***** **** *** their ************* *** ********** ** *** *******, ****'** * *** more ****** ** *** *** ****. ****'* *** *** ******* a *** *********, *** ********* *******, *** **** ****** **** like ****'** **** ** *** ********, *** **** * ****** of **.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Multipoint Lock Access Control Tutorial on Oct 17, 2017
Doors are notoriously weak at stopping entry, and money can be misspent on wrong locks that leave doors quite vulnerable. While closed and locked...
PoE Powered Access Control Tutorial on Oct 12, 2017
Powering access control with Power over Ethernet, like for IP cameras, has become increasingly common.  However, the demands for access power are...
Dahua Access Control Tested on Oct 10, 2017
Can Dahua become a major force in access control? We bought Dahua's ASC1202B to find out. We tested Dahua access and its management application...
Dahua Trying, Struggling To Respond To Hacking Attacks on Oct 04, 2017
Now, 2 weeks since large-scale hacking attacks commenced against Dahua vulnerable devices, we analyze Dahua's response. On the positive side,...
Delayed Egress Access Control Tutorial on Oct 04, 2017
Is it ever legal to lock people into a building? The answer is: Yes... under specific situations. With so much of access control driven by life...
Hikvision USA Misleads Dealers On Backdoor on Oct 03, 2017
Hikvision USA emailed their dealers overnight with their 5th cyber security 'special bulletin' of the year. Misleading Unfortunately, they...
FLIR Thermal Camera Multiple Vulnerabilities, Patch Released on Oct 03, 2017
Multiple cyber security vulnerabilities exist in FLIR thermal cameras, which have not been fixed, despite being reported months ago. In this note,...
Improving Project Registration Guide on Sep 29, 2017
Manufacturers want integrators to register large projects. Integrators want the discounts that come with registration, but not some of the other...
Propped Doors Access Control Tutorial on Sep 28, 2017
Doors should keep 'bad guys' out. One of the most basic problems with doors is people propping them open: Even worse, door propping...
Access Control Job Walk Guide on Sep 26, 2017
Significant money can be saved and problems avoided with an access control job walk if you know what to look for and what to ask. By inviting...

Most Recent Industry Reports

Buy From B&H, Ship Direct From ADI on Oct 16, 2017
B&H, one of the largest online sellers of video surveillance equipment to end users, regularly purchases their video surveillance equipment...
Competing Against Siemens on Oct 16, 2017
Siemens entered the integration business with 15,000+ customers, through their acquisition of Security Technologies Group in 2001. Since that time,...
Geovision GV-EDR2100 Tested Vs Hikvision on Oct 16, 2017
A number of ADI's top selling IP cameras are, at least surprisingly to us, from Geovision. We recently bought and tested the Geovision EDR2100...
Top Problems Searching Surveillance Video (Statistics) on Oct 13, 2017
When crimes, accidents or incidents happen, the video surveillance system is a key component in finding out and proving what actually...
Exacq M Series Low Cost NVR Tested on Oct 12, 2017
With recent cyber security issues hitting NVRs and cameras from low cost leaders Dahua and Hikvision, users are increasingly seeking alternatives...
Long Time Industry Exec Leads New Security Franchise Offering on Oct 12, 2017
John Nemerofsky previously built and sold a $150 million dollar integration business, and then was VP of Niscayah from its spinout of Securitas,...
PoE Powered Access Control Tutorial on Oct 12, 2017
Powering access control with Power over Ethernet, like for IP cameras, has become increasingly common.  However, the demands for access power are...
Knightscope Rockets To $20 Million Funding on Oct 11, 2017
Knightscope is celebrating. 15 months after running over a child and 3 months after a Knightscope robot drowned, Knightscope is having the last...
Avigilon / Canon New Lawsuits, No Settlement on Oct 11, 2017
In July, Canon sued Avigilon, a notably rare move amongst major players in the industry, including Canon's subsidiaries Axis and Milestone. At...
Surveillance Systems Remote Access Usage Statistics on Oct 11, 2017
Remote access is a major benefit and risk for video surveillance. It is a benefit because it allows users to manage security or review...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact