Axis Releases Access Credentials - Insecure But Convenient

Author: Brian Rhodes, Published on Nov 02, 2016

Axis continues to build out their own end-to-end 'solution'. The company recently announced a series of credential cards, but instead of a cutting-edge and high security type, they are promoting a format that is easily exploited with equipment bought off the internet.

But it may not prove to a bad move, and rather may make using more Axis access product easier, especially for novice installers.

Inside we examine the new card offering, explain why it is an insecure choice, but why that largely may not matter to most users.

**** ********* ** ***** *** ***** ******-**-*** '********'. *** ******* ******** ********* * ****** ** ********** *****, but ******* ** * *******-**** *** **** ******** ****, **** are ********* * ****** **** ** ****** ********* **** ********* bought *** *** ********.

*** ** *** *** ***** ** * *** ****, *** ****** may **** ***** **** **** ****** ******* ******, ********** *** novice **********.

****** ** ******* *** *** **** ********, ******* *** ** is ** ******** ******, *** *** **** ******* *** *** matter ** **** *****.

[***************]

**********

*** ********** ** ***********, *** *** *********** ****** *********** *****.

Axis' *** *********** ***********

**** *** ********* * **** *****-***** **.** *** *********** ********** *****, ** ** ********-******** **-** **** (*.* * *.* × *.** in). **** **** ********** *****, ************ ** ***, ****** ******* moisture, *** ***** *** **** ******** *** ******** *****. *** ***** *** ***** *** ******** *** ******** ** *********** imaging *** ******* ** ********.

***** ***, ****' ********* ** ****** ******* **** *** ********* of**** ********** *** **** *******, *** ** ***********. **** ******** ***** * *** ******' ***-**-*** ********* ********* ** ****** *******.

Card *******

****** ******* *** **** ***** *** ~$*** *** *** ** 200, *** ******** ***** ********. ********** ******* ** ~$*.** *** each.

**** ** ***** **% **** **** *******, ***-**** ******* ***** that **** ******* *************, ***** ****** ** ~$*.** ** ********, ********* ** ****** ** $*.**.

Based ** ******* ****** ** ******

******* ***** **.** ***, ***** ********** ***** *** *** *** high-security ************.

*** ***** *** ****** ******* ** ******, ***** **** **** long *******, **** *** ***** ******* ******** *** ******** ** NXP ** *** *** *****. ****** ******** ****, **** **** ********* **** ***** ******* ***, *** ** ********* *** ~$*** *** **** ** '*****' those *********** ** ***** * *******.

Axis ****** **********

*** ******* ******* ** **** ********** ***** ** **** *** specified ** ** ********** **** ****' *** *******:

  • *****-*: *** ******** **** ******* **** ****** ** * *****-*****, indoor/outdoor, **** ********** ***** **** * ****** ***** ** ~$***.
  • *****-*: *** ************ ** **** ***** *** *** ****, *** add * *** ****** ** *** ****** **** *** ******* *********** **************. ****** ****** *** ~$***.

********** ******** ** ***** *******, **** ******** ** ******* *** ********* of ********* ** '********' *********** ** ***** *******. **** ********** the ******* ** ******** **** *** ******** **** **** ***** with ***** *******, ** ************* *** ********** ** ********** *** ****** dealers ** ***-*****.

Not *** ********* *****

**** ***** *** ******** **** * **********, *** **** * *** *** **.** *** ******* **** iClass *** *** *********, ***** ***** **** ** *** ********* Axis ******* *** *** ****, **** ****** ** ***** ** properly ******* * ********** *** ***** ******.

** **** *****, ******* **.** *** *******, **** ***** ******** to **** *** ***********, *** ** **** ** **** *** most ***** '**** ****** ******' (***) ** **** **** ********* cards **** * ******.

Practical ***** ******** *****

***** '**** *********' ******* ******** ********** ******* **** **** **** cracked, **** **** ****'* ****** ******* **, *** ******* **** of ******** *********** ** ********* *** * ******* ** ******* by **** ***-***** *** *********** *** ************ ********** ******** *** **** **** ******/*********** ** **** *** *** *** formats.

******* ******* ** ****** ** *********, *** **** ** ******** MIFARE ******* *********** **** ** ************ *** **** ****** *****, who *** *** *** ****** ****** *** ****-***** ******* ******** to ***** **** * ******* ******* ******** ** **** ********* risks **** **********************, ****** **** ********.

Comments (7)

Undisclosed Manufacturer #1

11/02/16 08:51pm

"*** ** *** *** ***** ** * *** ****, *** rather *** **** ***** **** **** ****** ******* ******, ********** for ****** **********."

*** ***** ******* ****** *********** **** ***** **** ****** ******* easier? ** *** **** ** ****** ** ***** *** ***** is *** **** ******* ****** ****.

****** *********** **** ****** ********* ******** *** *****'* ** ***** in ******* ***** ***********.

***, **'* *** * **** ***** **** ** ****' ****.

Thumbnail pp 5

Brian Rhodes

IPVMU Certified | In reply to Undisclosed Manufacturer #1 | 11/02/16 09:08pm

*** ** **** *** '* ***** ****'?

**** ***-***** ** *** **** *** *********** ******* ****** ** iClass ** ******* ** ******, *** **** *** **** ********* the **** ** ******* *** *****'* **** **** ** **** for.

**** *** * ***** ********* ** *********** ** ***** ****** products; ********, *********, ******, ***. *** ***** *** '***** *****'?

Undisclosed Manufacturer #1

In reply to Brian Rhodes | 11/02/16 09:16pm

******** **** *** **** *** **** **** *** ********* ***** the ****. ****** ***** ***'* **** ** **** ******* *** Prox ***** ***'* **** ** ******/******* *******.

**'* ***** ** **** ******** ******* **** *** ************ ******** for **** ******* *** *** ******** ** ******* **** *******. Extenders, ****** *** *** ** ***** * **** ***** **** are ********* **** * ******** ** ***** *******. **'* *** to *** **** ** *****'* **** *****, * **** ******'* classify ** ** * "***** ****".

Thumbnail pp 5

Brian Rhodes

IPVMU Certified | In reply to Undisclosed Manufacturer #1 | 11/02/16 09:24pm

"******** **** *** **** *** **** **** *** ********* ***** the ****. ****** ***** ***'* **** ** **** ******* *** Prox ***** ***'* **** ** ******/******* *******."

**** ** *********** *** ******* *** '***-**-***' ****** ****. *** supply ***** ******* ** '**** ****** ****' *** ***** *** reorder ******* ****, ******** ******** ********* **** **** *****'* **** (but ***** *** ****) ** *******.

Undisclosed Manufacturer #1

In reply to Brian Rhodes | 11/02/16 10:04pm

**** **** ****'** ****** *** "****** ****" ** "**** ****" and **** **** ******, ******* ******* $*.** *****.

John Honovich

IPVM | In reply to Undisclosed Manufacturer #1 | 11/02/16 10:54pm

**** **** ****'** ****** *** "****** ****" ** "**** ****" and **** **** ******, ******* ******* $*.** *****.

*********** *** ***** ****** ******, ****** ******* *** ********* **** is ******* ** *** ****** *** *** ****** **** ******* for $*** - $*,*** **** **** ***** **** ******* ******** Amazon *** ******* ** *** $** - $** *******.

* ** *** ********* ****, * ***** *** ***** *** / **** / ******* ********* ** * ******* ** **** a **** ********, * ** **** ****** ***** *** ********** organizations *** ***** **** **** *** **** ** ***** ** cents *** **** **** ** *** ** **** ****.

Undisclosed Manufacturer #1

11/02/16 11:03pm

* ***** *** ******** **** *** ****. ****, ***** ***********/*******/*** users *** ****** **** *** ***** ********/******* **** ***** *** extra ******* *** *** ***** ********. **** ** ***** **** to ******** "***********", ***** ******** ****** *** ******** *** **** in *** **** *******. **** **** ***** ** ** *** hands ** *** ******** ******* ** *******. *** ***** **** care **** *** ***** **** *** ******** *** *** "****".

** ******** ** ********** ****** ** * **** **** *** Hotel *** ****** ** ******* ** ********* **** *** ****. When ** **** **** ** ********** ***** *** ***** ****** we **** *** ****** ***** ***** *** **** **** ****. They *** * ****** *** ***** ** $*.** *** ****.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Ambitious Mobile Access Startup: Openpath on May 24, 2018
This team sold their last startup for hundreds of millions of dollars, now they have started Openpath to become a rare access control small...
Cybersecurity for IP Video Surveillance Guide on May 18, 2018
Keeping surveillance networks secure can be a daunting task, but there are several methods that can greatly reduce risk, especially when used in...
Forced Entry / Duress Access Tutorial on May 17, 2018
Even though access control normally keeps people safe, tragedies have revealed a significant issue. If users are forced to unlock doors for...
Worst Manufacturer Technical Support 2018 on May 16, 2018
5 manufacturers stood out as providing the worst technical support to 190+ integrators in new IPVM results. These integrators answered: In the...
Access Visitor Management Systems Guide on May 11, 2018
"Who are you, and why are you here?" Facilities that implement Visitor Management Systems hope they never need to ask that question to anyone,...
S2 Access Control / 'Unified Security Management' Profile on May 08, 2018
In our 13th access control company profile, we examine S2 Security's Netbox platform: Unified Security Management Platform positioning Core...
Access Control Card Printers Guide on May 03, 2018
Card printers are a core component of professional access control systems, often used as photos IDs and prominently displayed. Modern badges put...
JCI / Tyco VideoEdge NVR Profile on May 03, 2018
JCI (formerly Tyco) is one of the largest players in the global security industry, both as a manufacturer and an integrator. The company's most...
Access Control Levels and Schedules Tutorial on May 01, 2018
Configuring access levels and setting up schedules is central to maintaining facility security. Many people may need to enter areas but most do not...
Anixter Acquires 'PSIM Platform Inner Range - "Heart of Our Technology Differentiation" on Apr 30, 2018
Anixter Security has made a bold move, acquiring what it calls a PSIM platform as part of a $150 million deal, with Anixter's CEO Bob...

Most Recent Industry Reports

VMS Server Sizing on May 25, 2018
Specifying the right sized PC/server for VMS software is one of the most important yet difficult decisions in IP video surveillance. In the past...
China: Foreign Video Surveillance Is Security Risk on May 25, 2018
The Chinese government has long acknowledged that foreign video surveillance is a 'risk to national security' and has increasingly and almost...
US House Passes Bill Banning Gov Use of Dahua and Hikvision on May 24, 2018
Today, the US House of Representatives passed H.R. 5515, a bill that includes a ban on the US government's use of Dahua and Hikvision. This follows...
Hanwha Wisenet X Analytics and VMD Test on May 24, 2018
Continuing our updated testing of camera analytics, we tested Hanwha's Wisenet X analytics for over two weeks in multiple scenes, indoors and out,...
Ambitious Mobile Access Startup: Openpath on May 24, 2018
This team sold their last startup for hundreds of millions of dollars, now they have started Openpath to become a rare access control small...
Amazon's "Dangerous New Face Recognition Technology" Says ACLU on May 23, 2018
The ACLU has caused a stir, with a new report Amazon Teams Up With Law Enforcement to Deploy Dangerous New Face Recognition Technology,...
Software Only VMS vs NVR Appliances on May 23, 2018
Should you buy your own PC/server and load VMS software on it or get a turnkey appliance (both hardware and software, e.g., NVR, Hybrid DVR) from a...
Buy Arecont: Top Bid $10 Million Cash on May 22, 2018
Last year, Arecont had a deal for a purchase price of $170 million (see Failed Arecont China Acquisition). This year, Arecont has a deal for a...
Installing Box Cameras Indoors Tutorial on May 22, 2018
This tutorial starts our physical installation for video surveillance series, starting with Box Cameras, one of the oldest and most basic types....
The Hikvision Smart Classroom Behavior Management System on May 22, 2018
Hikvision's rapidly growing offering of analytics, which we most recently examined with Hikvision's ethnic minority analytics, is now going into...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact