Axis Releases Access Credentials - Insecure But Convenient

Author: Brian Rhodes, Published on Nov 02, 2016

Axis continues to build out their own end-to-end 'solution'. The company recently announced a series of credential cards, but instead of a cutting-edge and high security type, they are promoting a format that is easily exploited with equipment bought off the internet.

But it may not prove to a bad move, and rather may make using more Axis access product easier, especially for novice installers.

Inside we examine the new card offering, explain why it is an insecure choice, but why that largely may not matter to most users.

**** ********* ** ***** *** ***** ******-**-*** '********'. *** ******* ******** ********* * ****** ** ********** *****, but ******* ** * *******-**** *** **** ******** ****, **** are ********* * ****** **** ** ****** ********* **** ********* bought *** *** ********.

*** ** *** *** ***** ** * *** ****, *** ****** may **** ***** **** **** ****** ******* ******, ********** *** novice **********.

****** ** ******* *** *** **** ********, ******* *** ** is ** ******** ******, *** *** **** ******* *** *** matter ** **** *****.

[***************]

**********

*** ********** ** ***********, *** *** *********** ****** *********** *****.

Axis' *** *********** ***********

**** *** ********* * **** *****-***** **.** *** *********** ********** *****, ** ** ********-******** **-** **** (*.* * *.* × *.** in). **** **** ********** *****, ************ ** ***, ****** ******* moisture, *** ***** *** **** ******** *** ******** *****. *** ***** *** ***** *** ******** *** ******** ** *********** imaging *** ******* ** ********.

***** ***, ****' ********* ** ****** ******* **** *** ********* of**** ********** *** **** *******, *** ** ***********. **** ******** ***** * *** ******' ***-**-*** ********* ********* ** ****** *******.

Card *******

****** ******* *** **** ***** *** ~$*** *** *** ** 200, *** ******** ***** ********. ********** ******* ** ~$*.** *** each.

**** ** ***** **% **** **** *******, ***-**** ******* ***** that **** ******* *************, ***** ****** ** ~$*.** ** ********, ********* ** ****** ** $*.**.

Based ** ******* ****** ** ******

******* ***** **.** ***, ***** ********** ***** *** *** *** high-security ************.

*** ***** *** ****** ******* ** ******, ***** **** **** long *******, **** *** ***** ******* ******** *** ******** ** NXP ** *** *** *****. ****** ******** ****, **** **** ********* **** ***** ******* ***, *** ** ********* *** ~$*** *** **** ** '*****' those *********** ** ***** * *******.

Axis ****** **********

*** ******* ******* ** **** ********** ***** ** **** *** specified ** ** ********** **** ****' *** *******:

  • *****-*: *** ******** **** ******* **** ****** ** * *****-*****, indoor/outdoor, **** ********** ***** **** * ****** ***** ** ~$***.
  • *****-*: *** ************ ** **** ***** *** *** ****, *** add * *** ****** ** *** ****** **** *** ******* *********** **************. ****** ****** *** ~$***.

********** ******** ** ***** *******, **** ******** ** ******* *** ********* of ********* ** '********' *********** ** ***** *******. **** ********** the ******* ** ******** **** *** ******** **** **** ***** with ***** *******, ** ************* *** ********** ** ********** *** ****** dealers ** ***-*****.

Not *** ********* *****

**** ***** *** ******** **** * **********, *** **** * *** *** **.** *** ******* **** iClass *** *** *********, ***** ***** **** ** *** ********* Axis ******* *** *** ****, **** ****** ** ***** ** properly ******* * ********** *** ***** ******.

** **** *****, ******* **.** *** *******, **** ***** ******** to **** *** ***********, *** ** **** ** **** *** most ***** '**** ****** ******' (***) ** **** **** ********* cards **** * ******.

Practical ***** ******** *****

***** '**** *********' ******* ******** ********** ******* **** **** **** cracked, **** **** ****'* ****** ******* **, *** ******* **** of ******** *********** ** ********* *** * ******* ** ******* by **** ***-***** *** *********** *** ************ ********** ******** *** **** **** ******/*********** ** **** *** *** *** formats.

******* ******* ** ****** ** *********, *** **** ** ******** MIFARE ******* *********** **** ** ************ *** **** ****** *****, who *** *** *** ****** ****** *** ****-***** ******* ******** to ***** **** * ******* ******* ******** ** **** ********* risks **** **********************, ****** **** ********.

Comments (7)

"*** ** *** *** ***** ** * *** ****, *** rather *** **** ***** **** **** ****** ******* ******, ********** for ****** **********."

*** ***** ******* ****** *********** **** ***** **** ****** ******* easier? ** *** **** ** ****** ** ***** *** ***** is *** **** ******* ****** ****.

****** *********** **** ****** ********* ******** *** *****'* ** ***** in ******* ***** ***********.

***, **'* *** * **** ***** **** ** ****' ****.

*** ** **** *** '* ***** ****'?

**** ***-***** ** *** **** *** *********** ******* ****** ** iClass ** ******* ** ******, *** **** *** **** ********* the **** ** ******* *** *****'* **** **** ** **** for.

**** *** * ***** ********* ** *********** ** ***** ****** products; ********, *********, ******, ***. *** ***** *** '***** *****'?

******** **** *** **** *** **** **** *** ********* ***** the ****. ****** ***** ***'* **** ** **** ******* *** Prox ***** ***'* **** ** ******/******* *******.

**'* ***** ** **** ******** ******* **** *** ************ ******** for **** ******* *** *** ******** ** ******* **** *******. Extenders, ****** *** *** ** ***** * **** ***** **** are ********* **** * ******** ** ***** *******. **'* *** to *** **** ** *****'* **** *****, * **** ******'* classify ** ** * "***** ****".

"******** **** *** **** *** **** **** *** ********* ***** the ****. ****** ***** ***'* **** ** **** ******* *** Prox ***** ***'* **** ** ******/******* *******."

**** ** *********** *** ******* *** '***-**-***' ****** ****. *** supply ***** ******* ** '**** ****** ****' *** ***** *** reorder ******* ****, ******** ******** ********* **** **** *****'* **** (but ***** *** ****) ** *******.

**** **** ****'** ****** *** "****** ****" ** "**** ****" and **** **** ******, ******* ******* $*.** *****.

**** **** ****'** ****** *** "****** ****" ** "**** ****" and **** **** ******, ******* ******* $*.** *****.

*********** *** ***** ****** ******, ****** ******* *** ********* **** is ******* ** *** ****** *** *** ****** **** ******* for $*** - $*,*** **** **** ***** **** ******* ******** Amazon *** ******* ** *** $** - $** *******.

* ** *** ********* ****, * ***** *** ***** *** / **** / ******* ********* ** * ******* ** **** a **** ********, * ** **** ****** ***** *** ********** organizations *** ***** **** **** *** **** ** ***** ** cents *** **** **** ** *** ** **** ****.

* ***** *** ******** **** *** ****. ****, ***** ***********/*******/*** users *** ****** **** *** ***** ********/******* **** ***** *** extra ******* *** *** ***** ********. **** ** ***** **** to ******** "***********", ***** ******** ****** *** ******** *** **** in *** **** *******. **** **** ***** ** ** *** hands ** *** ******** ******* ** *******. *** ***** **** care **** *** ***** **** *** ******** *** *** "****".

** ******** ** ********** ****** ** * **** **** *** Hotel *** ****** ** ******* ** ********* **** *** ****. When ** **** **** ** ********** ***** *** ***** ****** we **** *** ****** ***** ***** *** **** **** ****. They *** * ****** *** ***** ** $*.** *** ****.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Lock Keyways For Access Control Guide on Mar 23, 2017
Lock keyways can be the difference between a lock working or not. Understanding keyways is important for access control. Indeed, a member recently...
Unikey Smart Phone Access Control Platform on Mar 21, 2017
More and more people carry smart phones. Many think this could replace the conventional key or card for access control. However, using a phone...
Brivo Opens Up, Adds Mercury Support on Mar 16, 2017
Brivo's cloud-based access control was built around the companies proprietary hardware controllers, and was often seen as a limitation by...
Access Control Course Spring 2017 on Mar 16, 2017
IPVM offers the most comprehensive access control course in the industry. Unlike manufacturer training that focuses only on a small part of the...
DMP Intrusion Tested (XR Series) on Mar 09, 2017
DMP is a major provider of intrusion systems, but lacks the global brand recognition of some of its rivals (such as Bosch, Honeywell, DSC, or...
Dahua Backdoor Uncovered on Mar 06, 2017
A major cyber security vulnerability across many Dahua products has been discovered by an independent researcher, reported on IPVM, verified by...
20 Manufacturer Favorability Ranked on Feb 28, 2017
20 security industry organizations' favorability was ranked based on direct feedback from over 100 integrators. In-depth comments revealed insights...
Avigilon Favorability Results on Feb 27, 2017
One of the fastest growing companies has turned into one of the rockiest, as cooling growth, management turnover and a roller coaster stock price...
Glass Doors and Access Control Tutorial on Feb 22, 2017
The biggest challenge for many access control systems are glass doors. Here's what happens when a maglock is improperly installed to an existing...
'Dirty': Hikvision Attacks Genetec on Feb 20, 2017
Hikvision is angry at the growing public awareness that Hikvision is owned by the Chinese government. They took aim at Genetec,...

Most Recent Industry Reports

Axis Camera Vulnerabilities From Google Researcher Analyzed on Mar 23, 2017
A Google security researcher has reported 6 vulnerabilities for Axis cameras, affecting multiple models and firmware versions. In this report, we...
OpenEye Takes Aim At Exacq on Mar 23, 2017
First Milestone targeted Exacq with a takeover offer, and now OpenEye is gunning for them with an offer to swap out Exacq for their cloud-managed...
Lock Keyways For Access Control Guide on Mar 23, 2017
Lock keyways can be the difference between a lock working or not. Understanding keyways is important for access control. Indeed, a member recently...
Broken Browser Support for Video Surveillance on Mar 22, 2017
Modern web browsers have left the security industry behind. Current Chrome, Firefox, and Microsoft Edge browsers do not support NPAPI plugins,...
ADI Favorability Results on Mar 22, 2017
150 North American integrators provided feedback on 6 distributors, and why they do (or do not do) business with ADI. ADI is clearly a big name in...
1 Million Dahua Devices Exposed To Backdoor on Mar 22, 2017
Statistics show that 1 million Dahua devices are publicly exposed and vulnerable to the Dahua backdoor. Despite this, Dahua has downplayed the...
Hikvision Hires Crisis Communication Writer on Mar 21, 2017
Hikvision has hired a crisis communication writer as the company ramps up its efforts to deal with the 'crisis' it feels it is facing. 'Crisis...
Glass Break Sensor Tutorial on Mar 21, 2017
Burglars often break glass windows to get into a house. Using glass break detectors in conjunction with alarm contacts is a good way to protect the...
Unikey Smart Phone Access Control Platform on Mar 21, 2017
More and more people carry smart phones. Many think this could replace the conventional key or card for access control. However, using a phone...
Hikvision Attacks IPVM on Mar 20, 2017
Hikvision has attacked IPVM repeatedly over the last month, both in the international press and in its dealer communications. Attacks Listed On...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact