Axis Releases Access Credentials - Insecure But Convenient

Author: Brian Rhodes, Published on Nov 02, 2016

Axis continues to build out their own end-to-end 'solution'. The company recently announced a series of credential cards, but instead of a cutting-edge and high security type, they are promoting a format that is easily exploited with equipment bought off the internet.

But it may not prove to a bad move, and rather may make using more Axis access product easier, especially for novice installers.

Inside we examine the new card offering, explain why it is an insecure choice, but why that largely may not matter to most users.

**** ********* ** ***** *** ***** ******-**-*** '********'. *** ******* ******** ********* * ****** ** ********** *****, but ******* ** * *******-**** *** **** ******** ****, **** are ********* * ****** **** ** ****** ********* **** ********* bought *** *** ********.

*** ** *** *** ***** ** * *** ****, *** rather *** **** ***** **** **** ****** ******* ******, ********** for ****** **********.

****** ** ******* *** *** **** ********, ******* *** ** is ** ******** ******, *** *** **** ******* *** *** matter ** **** *****.

[***************]

**********

*** ********** ** ***********, *** ************** ****** *********** *****.

Axis' *** *********** ***********

**** *** ********* * **** *****-***** **.** *** *********** ********** *****, ** ** ********-******** **-** **** (*.* * *.* × 0.03 **). **** **** ********** *****, ************ ** ***, ****** against ********, *** ***** *** **** ******** *** ******** *****.*** ***** *** ***** *** ******** *** ******** ** *********** imaging *** ******* ** ********.

***** ***, ****' ********* ** ****** ******* **** *** ********* of ***** ***************** *******, *** ** ***********. **** ******** ***** * *** ******' ***-**-*** ****************** ** ****** *******.

Card *******

****** ******* *** **** ***** *** ~$*** *** *** ** 200, *** ******** ***** ********. ********** ******* ** ~$*.** *** each.

**** ** ***** **% **** **** *******, ***-**** ******* ***** that **** ******* *************, ***** ****** ** ~$*.** ** ********, ********* ** ****** ** $*.**.

Based ** ******* ****** ** ******

******* ***** **.** ***, ***** ********** ***** *** *** *** high-security ************.

*** ***** *** ****** ******* ** ******, ***** **** **** long *******, **** *** ***** ******* ******** *** ******** ** NXP ** *** *** *****. ****** ******** ****, **** ************* **** ***** ******* ***, *** ** ********* *** ~$*** *** **** ** '*****' those *********** ** ***** * *******.

Axis ****** **********

*** ******* ******* ** **** ********** ***** ** **** *** specified ** ** ********** **** ****' *** *******:

  • *****-*: *** ******** **** ******* **** ****** ** * *****-*****, indoor/outdoor, **** ********** ***** **** * ****** ***** ** ~$***.
  • *****-*: *** ************ ** **** ***** *** *** ****, *** add * *** ****** ** *** ****** **** *** ****************** **************. ****** ****** *** ~$***.

********** ******** ** ***** *******, **** ******** ** ******* *** thousands ** ********* ** '********' *********** ** ***** *******. **** simplifies *** ******* ** ******** **** *** ******** **** **** works **** ***** *******, ** ************* *** ********** ** ********** for ****** ******* ** ***-*****.

Not *** ********* *****

**** ***** *********** **** * **********, *** **** * *** *** **.** *** ******* **** iClass *** *** *********, ***** ***** **** ** *** ********* Axis ******* *** *** ****, **** ****** ** ***** ** properly ******* * ********** *** ***** ******.

** **** *****, ******* **.** *** *******, **** ***** ******** to **** *** ***********, *** ** **** ** **** *** most ***** '**** ****** ******' (***) ** **** **** ********* cards **** * ******.

Practical ***** ******** *****

***** '**** *********' ******* ******** ********** ******* **** **** **** cracked, **** **** ****'* ****** ******* **, *** ******* **** of ******** *********** ** ********* *** * ******* ** ******* by **** ***-***** *** *********** *** ************ ********** ******** *** **** **** ******/*********** ** **** *** *** *** formats.

******* ******* ** ****** ** *********, *** **** ** ******** MIFARE ******* *********** **** ** ************ *** **** ****** *****, who *** *** *** ****** ****** *** ****-***** ******* ******** to ***** **** * ******* ******* ******** ** **** ********* risks **************,************, ****** **** ********.

Comments (7)

"*** ** *** *** ***** ** * *** ****, *** rather *** **** ***** **** **** ****** ******* ******, ********** for ****** **********."

*** ***** ******* ****** *********** **** ***** **** ****** ******* easier? ** *** **** ** ****** ** ***** *** ***** is *** **** ******* ****** ****.

****** *********** **** ****** ********* ******** *** *****'* ** ***** in ******* ***** ***********.

***, **'* *** * **** ***** **** ** ****' ****.

*** ** **** *** '* ***** ****'?

**** ***-***** ** *** **** *** *********** ******* ****** ** iClass ** ******* ** ******, *** **** *** **** ********* the **** ** ******* *** *****'* **** **** ** **** for.

**** *** * ***** ********* ** *********** ** ***** ****** products; ********, *********, ******, ***. *** ***** *** '***** *****'?

******** **** *** **** *** **** **** *** ********* ***** the ****. ****** ***** ***'* **** ** **** ******* *** Prox ***** ***'* **** ** ******/******* *******.

**'* ***** ** **** ******** ******* **** *** ************ ******** for **** ******* *** *** ******** ** ******* **** *******. Extenders, ****** *** *** ** ***** * **** ***** **** are ********* **** * ******** ** ***** *******. **'* *** to *** **** ** *****'* **** *****, * **** ******'* classify ** ** * "***** ****".

"******** **** *** **** *** **** **** *** ********* ***** the ****. ****** ***** ***'* **** ** **** ******* *** Prox ***** ***'* **** ** ******/******* *******."

**** ** *********** *** ******* *** '***-**-***' ****** ****. *** supply ***** ******* ** '**** ****** ****' *** ***** *** reorder ******* ****, ******** ******** ********* **** **** *****'* **** (but ***** *** ****) ** *******.

**** **** ****'** ****** *** "****** ****" ** "**** ****" and **** **** ******, ******* ******* $*.** *****.

**** **** ****'** ****** *** "****** ****" ** "**** ****" and **** **** ******, ******* ******* $*.** *****.

*********** *** ***** ****** ******, ****** ******* *** ********* **** is ******* ** *** ****** *** *** ****** **** ******* for $*** - $*,*** **** **** ***** **** ******* ******** Amazon *** ******* ** *** $** - $** *******.

* ** *** ********* ****, * ***** *** ***** *** / **** / ******* ********* ** * ******* ** **** a **** ********, * ** **** ****** ***** *** ********** organizations *** ***** **** **** *** **** ** ***** ** cents *** **** **** ** *** ** **** ****.

* ***** *** ******** **** *** ****. ****, ***** ***********/*******/*** users *** ****** **** *** ***** ********/******* **** ***** *** extra ******* *** *** ***** ********. **** ** ***** **** to ******** "***********", ***** ******** ****** *** ******** *** **** in *** **** *******. **** **** ***** ** ** *** hands ** *** ******** ******* ** *******. *** ***** **** care **** *** ***** **** *** ******** *** *** "****".

** ******** ** ********** ****** ** * **** **** *** Hotel *** ****** ** ******* ** ********* **** *** ****. When ** **** **** ** ********** ***** *** ***** ****** we **** *** ****** ***** ***** *** **** **** ****. They *** * ****** *** ***** ** $*.** *** ****.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Door Operators Access Control Tutorial on Dec 05, 2016
Doors equipped with door operators, specialty devices that automate opening and closing, tend to be quite complex. The mechanisms needed to...
Free Online NFPA, IBC, and ADA Codes and Standards on Nov 29, 2016
Finding applicable codes for security work can be a costly task, with printed books and pdf downloads costing hundreds or thousands. However, a...
Solutions to 5 Common Access Control Problems on Nov 21, 2016
Effective security is more than just good equipment. In fact, thousands of dollars in electronic access control can be wasted if they are not used...
Massively Strong Maglock (Securitron) on Nov 16, 2016
One of the market's strongest maglocks has a twist: the 4,000 pounds claimed bond power is not purely magnetic. Securitron's hybrid MM15 maglock...
Access Control Markups 2016 on Nov 09, 2016
  Access control markups have remained solid, according to new IPVM integrator survey results. Response Breakdowns We asked...
Genetec Expels Hikvision on Nov 08, 2016
Genetec has removed support for Hikvision devices, deeming them 'untrustworthy', citing customer concerns about Chinese government ownership /...
Favorite Access Control Credentials 2016 on Nov 07, 2016
When it comes to the most popular way to unlock an access controlled door, which credential type holds the favored spot among integrators? The...
Bidding Divisions (08, 26, 27, 28) For Security Systems Guide on Oct 27, 2016
Navigating the world of system specifications and bidding work can be complex and confusing, but a standard format exists, and understanding it...
Favorite Access Control 2016 on Oct 25, 2016
Integrators told us "What is your favorite access control management software/system? Why?", and the responses are interesting indeed. While no...

Most Recent Industry Reports

XiongMai Master Password List Emailed By Chinese Spammer on Dec 05, 2016
XiongMai created an international uproar as their devices drove massive botnet attacks of major Internet sites. After pledging to recall cameras...
Hikvision Cloud Security Vulnerability Uncovered on Dec 05, 2016
A security researcher uncovered a critical vulnerability in Hikvision's global cloud servers. This vulnerability allowed an attacker to remotely...
Door Operators Access Control Tutorial on Dec 05, 2016
Doors equipped with door operators, specialty devices that automate opening and closing, tend to be quite complex. The mechanisms needed to...
Pelco Favorability Results on Dec 02, 2016
This is the first in a series of studies of manufacturer favorability. 100+ integrators rated and explained their views of each manufacturer. We...
Hikvision CEO Declares 'We Do Not Cut Rates" on Dec 02, 2016
Hikvision has led another press trip to China, and this time Hikvision's CEO is sharing insights into their competitive strategy, including...
Network Security Audit App (March Networks) Examined on Dec 01, 2016
Verifying one's video surveillance devices are locked down against common cybersecurity vulnerabilities is increasing important, as hacks using...
FLIR Acquires Drone Manufacturer For $134M on Dec 01, 2016
FLIR has acquired Prox Dynamics, a Norwegian maker of small military-grade drones, for $134M.  FLIR president Andy Teich provided additional...
Down to $50 IP Cameras From Honeywell on Dec 01, 2016
$100 IP cameras are literally old news. And you do not need to buy from spam email vendors anymore to get $50 ones. [premium_content] You can...
Distributor Offers Local Job Site Delivery on Nov 30, 2016
Local distribution branches are a big differentiator for many integrators, as they facilitate quickly picking up supplies locally without having to...
Dump Axis and Hikvision, Arecont Will Pay You on Nov 30, 2016
Do you want to get rid of your Avigilon, Axis, Bosch, Hanwha Samsung, Hikvision, Pelco or Sony cameras? Now, Arecont will pay you to dump them for...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact