HID Offers Year Of Free Elite Keys Responding To HID Standard Key Vulnerability
An HID vulnerability exposed iCLASS SE and Seos standard keys, increasing risks for HID users. Now, HID has responded to IPVM, saying they are offering a year of free Elite keys.
This report examines HID's response to IPVM, how this offering addresses the vulnerability, and what issues remain.
"Elite" *** ***
*** ****** **** ** ***** *** "***** ********** ********," ***** **** *********** ************** ** what ** ********* ** "****** ************** keys *** **** ********."
Positives *** *****
****** ******** ****, ***** *** ****** across ******** *************, ***** **** *** specific ** ************* ** ****** ****** a *** ************* ** *********** ** an **********. ***** **** ********* *** vulnerability (***** *** ***** ** ***** a ***) ** *** ******** *** configuration ***** **** *** **** ****, requiring ********* ** **** ******** ****** to ***** ******* ** ******* *** keys.
HID ********
*** ********* ** ***'* **** ******** to ****, ************ *** ********** ** Elite **** *** *** **** *****:
*** ** ********* ** ************, *** to *** ******** ** *** ******** and *********, ***** ** *** ** published ******* ******** ********** *** ******** contacted ********* ** **** **** ** January. ** **** **** ** ********** that *** ** *** ******** **** have **** ******** ******, *** ** have **** ******* **** *** *********** that ********** *** ******** ****** ** responsibly ******** *** ********* *** ********* security ********. **** ** *** ******** keys **** ******** ******, ***** *** a ****** ** *******, *********** ***** a *** ***** ***** **** ** take ** ******* ********* ******, *** the ***** ***** **** ** **** intricate ********* ** *** ************ *** custom *****.
** ** ********** *******,Elite **** and Custom Keys greatly ****** *** **** of the potential issues by using customer-specific keys. Provided Elite Key and Custom Key customers secure their configuration cards and CP1000 encoders from unauthorized access, they are not exposed to this threat, as an attacker cannot obtain these customer-specific keys even with access to a credential.
** ****** **** * ****** ********* away **** ******** ****,we *** ******* ***** *** **** *** *** ***** ** ****** *** *** ******** *** ****** ** **********. We also created a new tool and process for customers to roll to new Elite keys by updating their existing cards. We are also offering customer support to assist our customers with the upgrade process. We continue to further improve our products in light of the reported issues by providing additional remediation steps to customers. These additional remediation ******* **** ** ********* **** ****. Information regarding these remediation options will be shared in our updated PSAs. Once available, we recommend that customers implement these new steps as soon as they are able. [emphasis added]
***'* ********** ********:
** ****** **** * ****** ********* away **** ******** ****, ** *** waiving ***** *** **** *** *** first ** ****** *** *** ******** who ****** ** **********. *** *** Elite ******* ******** ***-**** ********* **** a ****** ************** *** ** ******** their ******** ********. ** ****** ** the *** ***** *******, ***** *** first ***** ** ******** * ******* form *** *** **** ********* ** an ********** ************** ** **** **** through *** ******* ** ****** ***** unique *** ******** *********. *** ******* utilizes ********** *** **********, ********* ****** control ****, ************, ** ***********/******* *** place ***** ****** ******** **** ***. This ******* ******* **** *** *** user *** ******* **** ***** ****** control ********* **** ****** ** ***** keys. *** **** *** **** * size ********** ** *********** ** *** HID ***** ******* *** *** ******* any ******** **** ********* *** ***** through *** ********** ********. *** ******* based ** ******* **** ***** ** an ********* ** ******** *********. ** such, ** ********* *** *** **** interested ** *** ******* ** ******* their *** ************** *** * ************ consultation.
Constraints ** *****
*** ********* ******* ************ *** **** that ***** **** **** ******* ********** by *** (*** ***** ******* ****). *** *******, **** ************ *** use ** ***** **** ******* **** year *** ***** **** *** ******* requires ********* **** ******** ****** ** HID **********, ** **** ** *** use ** ********** ***********. **** ***** HID ** ******* ** ***** **** and *** **** *** ****** *** too ***** *** ***** *** **************.
Costs *** *********
*** **** *** *** ***** *** is ***** ***** ******** ** *** cost ** ************* ******** ******* *** credentials ********* ***** ***'* ******** ****.
*** **** **** ** ** ****** HID ******* ********* *** ** ***, physically ***** ** **** ****. *** example, ******* ****** * "*****, ********* *******" for "****** ********* *******"******* **** ****, * ****** ********* was *** **** ** ********** ** this. *******, ** **** ****, *** knew *** *** *** ******** **** Seos ******** **** **** ********.
********, **** **** ** ****** ***** existing *********** ***** ** *******, **** a*********** ** **** ** ~$*,***, *** purchase *********** ******* *** ***** ***********. Users **** **** ** ****** ***** readers *** ** *** **** ***** keys.
***'* ******* ***** ***** *** ***** ID ******** *** ******** ****:
Question ** ***** ******** ** ***
***** **** **** ** ***'* ******* offering, ***** **** **** ** ***** "next-generation," ** ********* ******** ** ******* HID ****** **** ***** ******** **** going *******. ***'* ********** **** **** repeatedly **** *******, ******* *** **** that **** **** ****** *** *****.
******!
** *** *** **** **** **** of *** *******, *** ***** **** to **** ***** **** ** *** card *********** *** ***** *******.
** ****'* *** ******** *** ******* systems ********** *** ***'* ***** ********** Programs?
**** *** **** ****** ** ***** key? * ****'* ******* **** ***** discriminate *** ***** ***********.
* **** *** *** **** * applied. *** **** ******* **** *** HID *********** ******** ** **** ************* is *** ******* **** ******* ** HID ** ************ ***** **** *** smaller ******* *** **********. ***** **** a ***** **** ** ** **.
**** **** *** ******* **** *** en *****? ** ***** * **** of **** ********* **** ******* ******* PKI?
**#*, **** **** ********* ******* *** for *** ************ (**********), **** **,***,*********, **********.
*******, ** **** *** **** * widespread ************** *** ********** ***. ***** are *********** ********, **** *** ***, *** **** are *** ** ** ***** *********** in ******** *******.
** *** **** ******** ***** *********** for *** *** **** ***** **** as **** ****** ******.
****'* *** ******** ***-**********, ******** ************** for *** ************ ******** ** ****? Is ***** * *** *********** ********* equivalent? **** **** *** ********** (****** or *******) ** *** ****** ***; who *********, ***** *** *********** *** private ***? **** ********* ** *****? What ***** ******* ***********?
*** ***, *** *********** **** **** *** public *** ******* ****. ****** **** are ********* ** ** ******** ********, and ******* **** *** **** *** access.
*** ******-******* *** ***** *** ************ by *** ******** ********. *** **** requires *-***** ** **, ***** *** be *** **** ********** *** ***/***********/**** etc.
*** ** *** ****** **** *** PACS *** **** *** ***** ******, like *********, ***, ***.
** **** ** ** **-***** ****** on ***.
****** **** *** *** ********* ******** mention, ** ** **** ** ***** credentials *** ******** ******** *** ******* that *** ** * ***** ******** but ********* *** ****** ** ************** for ***** ** ****** ********** **** wanting ******** ****** *******. ** *******, they **** ******* ****** ***** *** same **********, **** ** ** ****** much *** **** ********.
*********** ***** ** ********* ****, ***** every ****** (*** **** ********* **** is **'* *********) *** ** **** that **** *** ********** * ******** risk ** ***** ***** ** ** some **** ** ********* *** *** loading ********* *** ******* ***** ****. So ***** ** ****** ** *********** for * ******** ************* ** **** up ** **** *******. **** **** gets ** ** * ***** ***** all *** *********, *** **** *** paid *** *****, ***** *** **** default *** ** ** ******* **'* of *******'* ******* ****** *** **** with ***** **** ** ****.
**** ** **** **** ** ******* our "****** *******" ********** (******** ** 2016) ** ******* **** * ****** Key ***** ********** *** *** **** for ********, ** ******** *** ********* authentication ************ *** **** *** *** punt ** * ******** **** *** going ****** *** *** ************** *** could ** **** *** ******** ****** with ****** *******. **** **** * certification ******* ** ** *** **** our ********* **** ********* **** *** authenticators **** * ********.
*****, ** **** **** **** *** have * *** *** **** *****, part ** *** *** **** ****** be ** ****** *** **** ** all *** ******* *** *****, ** their ****** * *** * ******* of * **** ** **** ****** all *** *****. *** *** **** HID ***** *** ********* ** ** these ******** ***** **** ******** **** not ******. ** **** ********* ******** made * "******* *********" **** *** the ******** *** ******** ** *** system **** ** **** ** ** pushed *** **** *** ******, ** with *** ********* *************** (***** *** CVE ****) *** *** *** **** to *** ***********, ******* *** */* boards *** ** ***** *** **** can ** ******* *********.
**** *** * ******* ** ***** pretty ******** ***** "*********" *******, *** we ** *** *** ** **** any ******** ***** **** ****** **** our *********, *** * ** **** that ***** *** *** ********* ******* are ******* ** *** **** *** getting * **** *****'* *****.
** **#*,
** ******* *** ** *** ***** clarifications ** *** ***** *** ******* and ***********. ** **** ****** **/**** we ******* * ********.
****'* * **** **** ********. *'** reached *** ** ** ***** ******** at *** ** *** ** **** if ***** ** * *****, *** am ******* **** ****. *'** **** some ****** ***** ******* **** *********, and ***'* **** ** *****'* ********** a ******* **** ** ***.
*** ** *******, * ********* ****** put **** ***** ** *** (** they ***** ** *** ** **** them **), ** ****** *** ****. Custom **** *** **** ** **** I *** ******* **** ** *** customer, *** ***** *********** **** ******** can ******* ****. **'* ******** *** of *** **** ********* ******* *** the ****** ** *****.
** ** **** *** **** **** format, ** ***** **** **** **** that ** ***** ** **** **** standard ****?
***#*,*** ****** **** **** ***************** ** ***** ******* ********* ***** in *** **** *** ******* *** facility **** *** **** *** ****.
*** ********* **** ******* ****** *** to ******* ***-**** ********* **** * card ****** **** ** ********* ************ for **** ********** ***-**** ********. ****** this *******, *** *** ******* *** end-user **** **** *,***,*** ********** **** numbers ****** *** ******** ******. **** numbers *** ******* ** *** ************* process ** ****** **** **** ******* are *** **********.
*******, *** ***** **** ** *** Elite **** ** *** ** ****, if *** ***’* ******* **** ****.
*** ***’* **** ** ***** *** Corp ****:
*** ******* **** ****** (**** ********* 1000 ******) ** **** * ********, and ********* ******** * ******* **** + **** ******, ** ******** **** plus **** ******.
**** **** *** ** *********** (**** it ** **** ****), ** ********* (SIO) **** ** ** **** *** SE ***********.
*** **** ** **** *** *** do ********* **** **** ********* **** Prox ** **** *** **** *** data ******* *** **** *** ***** reprogramming *** *****.
** *** *** ********** ** *** wiegand ****, *** *** ** ******** Key, ** *** *** ** ****** Key, ** *** *** ** ***** (customer-specific *** *******).
********* **** ** ********* * ***** on *** *** ******* ***** **** that ******/******** ** ***** ******. *** won't ********* **** ****** ** ***** people ** ******.
**** ** ***** ********** ***** ** long ** *** **** *** ******, in **** **** *** ********** *********** not ************* ***********. ******* *** ******** the **** *** ************* **** ***** own ***** *** ****** ***** *****.
***** ** * *********** ** * technical *** ********** *******. *** **** are **** *** ***, *** *** won't **** ******** **** **** ** other ****** ******* **** *******.
***** ****** ********** *** ***** ** a ********** ******, ******* *****'* *** many ********** ***** ******* ***** ********** elite **** (*** ** ******** **** encoder **** **** ********), *** *** make *** ** ***** ***** (***** your ******* ***** ******** ** ********** for ********* **** ******). **** ** you **** **** ** - **** and ******* ***** ** ****** ** far ** *** **** **** ****, but ******* ***** **** ****** *** Prox **** **** ******, ******* *** Prox ****** ** ********** ******** ****** the ****** ***** ******* **** ** the ****.
** ******** **** ***. ** **** uses *** *****/ *** *** *** my ******* **** *********** ****** ** my ***** *** *** **** ** replicate ** **** ** ********. *** told ** **** ** *** *** it *****, *** **** ** ** experience **** **.
******** & ********:
** ***** *** **** ***********/********** *** amount ** ****** *****, ****, ********* etc ******* ** ******* ******* *** duplicating * ****?
***** * ********** ********** *** *********** the **** ** ** ***** ** this ************* (***** *** ****), ** would ** ******* ** ********* *** technical ******* **** **** ********** *** degree ** ********** * ****** *** actually ****** * ****** ** *) the ******* *** *) **** ** real ******** ** ************ ********.
** ***** **** ********** ** * far ****** *** ** *** **** a ******** ** ******* ****** ***** to.
** * ****** **** **** ***** card ****** ******** ** *** **** level, * ***** ******* **** * reader/keypad ** *** **** **** ********** step ** ******** ******* ********* *** of *** ***** ********** *** ********** access (********* *** ****, ********* *** know, *** ********* **********).
****** ******* *** ******* ************ **** hacking ***'* **** ** ****, **** become **** ******* ** *** ***** available ******** ** *******, *** ***** will ****** ** ***-***-**** **** ***** who **** "**** * ***" ** defeat **** *** **** ****** *** massively *********** *********** ** ********** *** reader.
***** *******: **** *** ******* ** Ai ** *** **** ***** ******** with ****** *********** **********, ******* *****-*** solution *** ********** ******* ** ** activated ****** ** **** "********" ****** location ** *******/****** **** *** ***** is ****** *** ***** **** ** swipes * **** ** * ******. If ***, ***** ********** *** *** points ********.
******** *****.........
*******, ****** *** *** *******.
** ***** **** ********** ** * far ****** *** ** *** **** a ******** ** ******* ****** ***** to.
* ***** **** ********** ** *** easier **** ******* ***** ** ***** attacks. *******, ***** *** ********** ***** that ** ******** ****** ******** ***** way ****. ***** ******* **** ****** server *****, ******** ****, ***.
**** *** *********, ******* ***** ********* methods *****, **** ********-****** ************ (***, biometric, ***.), ***** **********, ******* ****** and ****** *********, ***.
*******, ** ******** *************, ** **** to ******** *** ******* *** *** any ***************, ******* *********/*** ****** **** need ** ******* **** ** ***** through *** ********.
* **** ***** **** ** ** hard ** *** **** ** ****** numbers ** ****** ***** *** *****. I *** ***** * *** ******* for * ******** **** **** ******** card ****** ** *** *** **** swipes **** **** ** ******* **** were *** *** ***** *** *** person ** **** ********** **** *** journey ** *******. * ***** ***** a *** ** ****** ***** *** it *** * ********** ***** ****** cards, ** ******* **** **** * had ********.
** ***** ** ** **** **** you *****.
* **** ********** ** **** ****** getting ****** *** ***** ****** ** their ******* **** ***** ** **** video ** **** ***** ** ***** houses ** **** **** **** ***** security **** ***** ****** ***** ****.
** *** *** ******** *****....
*******, * *********** ******* ** *** hard ** ** ** ****** ***** systems. ** ***** ** ******* *** find * ************* ** * ***, they *** ******* **** ** ****** to *** ** ***** *******. **** conventional ******** ****** ******* ***********, *** cannot, ***** ** **** ***** ***** problems ** **** **** ** * significant ****-**** ****.
**** * *** *** ** *** we **** *** ***** ******** ****** in *** ****'* ***** ***** **** out '***' ******* ** *** ******** releases , ************* *** ****** ******** has **** **** ** ***** ***** intelligent ******* ** *** ****.
********* **** ****** *********** *** ******* can ***** * *** ** ******, and *** ** ****** * **** more ********* ******.
>>>****** ******* *** ******* ************ **** hacking ***'* **** ** ****, **** become **** ******* ** *** ***** available ******** ** *******, *** ***** will ****** ** ***-***-**** **** ***** who **** "**** * ***" ** defeat **** *** **** ****** *** massively *********** *********** ** ********** *** reader.
****,
* ***** **** ***** ******** ********* a ****-**** ****. *** * *********** and ********* ****some ********* **** * **** ** ****** that ***** ******** ** ** ****** as ******** ** *** *****. *** as * ****** *****, ** **** in * ***** ***** ***** ** a *****-****** ****** ** **** *****-*** and *****-*** ******* ** ***** **********.....*** that ** *** *** ****** ***** of *******.
** ***** **** **** **** ******* who ** *** **** ***** *** risk *********** ** *** **** ***** and *******, ***** ***** ******* ****, want *** *** ******* ** *** for *** **** ****** ******** ********** *** ****. ******** ** ***, ***** *** more ** *** ****** ******** **** the ******.
** * *******, ** ****** *** clients ** *** ******* ********* ********* (excluding ****, ***, ***...) *** ******* with **** ** ****** ** *** level ** ******** **** **** ***** need ***** **** ***** ******. * suspect **** **** ********* *** **** integrators ****** *** **** ********.
***, ** *** *** * ******* that **** "****" ** *** ***** tactics. ** ****** ** ***** ** have *** **** **** ***** ** a ****** ******** ** ***** ***** hacked/duplicated. ****** **** *** ** ********** an ******** ***** ** *** ****'* card ****** ** ******* ****'* ********, and **** *** ******* ** *** literally * ********* **** **** ***. That's * ********* *******, ****** ** the ******* *****.
***** **** *** ******* ********** **** race **** *** **** ******** *** years, *** ***** **** *** *&* effort ******* ** **** ****** ******* in *** "***********" **********?
** *** ***** ******* * ****** card ** * ******, **** ** verified *** ************** ***** * ********** new ****** ****# ** *** **** it ** *********, *** ***** **** have * ******** ****** **** #..........*******, which ***** ********* ** ***** ** hack..... **** * *******.........
** **** ***** ***'* ********** ******** on ***** *** *******:
***'* ********** ********:
** ****** **** * ****** ********* away **** ******** ****, ** *** waiving ***** *** **** *** *** first ** ****** *** *** ******** who ****** ** **********. *** *** Elite ******* ******** ***-**** ********* **** a ****** ************** *** ** ******** their ******** ********. ** ****** ** the *** ***** *******, ***** *** first ***** ** ******** * ******* form *** *** **** ********* ** an ********** ************** ** **** **** through *** ******* ** ****** ***** unique *** ******** *********. *** ******* utilizes ********** *** **********, ********* ****** control ****, ************, ** ***********/******* *** place ***** ****** ******** **** ***. This ******* ******* **** *** *** user *** ******* **** ***** ****** control ********* **** ****** ** ***** keys. *** **** *** **** * size ********** ** *********** ** *** HID ***** ******* *** *** ******* any ******** **** ********* *** ***** through *** ********** ********. *** ******* based ** ******* **** ***** ** an ********* ** ******** *********. ** such, ** ********* *** *** **** interested ** *** ******* ** ******* their *** ************** *** * ************ consultation.
**** ***** *** ** ******* ** Elite **** *** *** **** *** system *** *** ***** *** ***** key **************.
********* ** **** *** ****, *** might **** ** ******** *** **** (mobile) ******* ** *** (*****).
*** **** ***** ***** ********** *** keys ** **** *** *** ** them ********, ******. *** ******* **** through *** ***, ** *** ***'* need ** ** ******* * ***-******** process. ** *** **** ** *** the *****, *** *** **** ******** a ****** *** **********.
*** **** ****** **** ***** ********* Guide
*** **** ******* ***** ******, *** and ***** *** *** *** **** that *** *** ********* ***** * reader ** **** *** ****** **** reconfiguring **** *******. ****** ******* *** only ** ************ ** ********** *****, which ***** ** *** **** *** certain ************ ***** ****** ***'* **** turn **** **** **, **** ** they *** ****** *** ******.
*** ****, **** *****, *** ********** customer-specific. **** ***** *** ****** ** be ******* ******* * ****** ** well *** ********** *****.
*********: *****'* * ***. **'* * couple ***** * **** * **** for ***-******, *** **** ** * significant **** *** ******* *************. **'* presently ****** ****.
** ***** ** **** **** ** HID ******* ********* ** ***** ***** with ***** *** **** ** ******** form. ** ***** *********** ***** *** barrier ** ********* ******** ********-******** ****, while *** *********** *** ********** *********** Elite ***. * **** ****** ****** as ** ****.