HID Confirms iClass SE Is Not Cracked
HID's "major, mandatory upgrade" added iClass SE to its list of "legacy credentials [that] can expose a security risk," prompting IPVM and PACS Researcher Iceman to question if iClass SE is cracked.
HID responded to IPVM uncategorically, saying iClass SE is not cracked.
In this report, we look at iClass SE technology and secure element compared to Seos and what this change entails for existing PACS.
HID ******** ** ****
**** ******* *** ** *** ************ ****** "*****, ********* *******" *** "Legacy ********* *******", ****** ** ****** ** ** cracked ** ***. *** *********, ****** iClass ** ** *** ******* *** "encourages ***** ** ******* ** **** modern ***********." **** ***** ****** *****:
** ******** ** **** ********, “*** HID ******* ** ****** ** ** cracked ** ***,”the ****** ** **** ** ** ***. iCLASS SE was introduced in 2011 and we encourage users to upgrade to more modern credentials, which is why we have listed iCLASS SE as a “legacy” credential technology. [emphasis added]
iClass ** ********** ** ****
*** ******** ****** ** ** ****** "** ********* ******** *****" *** their *** ***********, ********** ******** ****** (***) *****************. *** ******* ** ****** ** followed ***"***** ** ********" ******** ****** *****, ***** **** ****** (legacy) ***** ********** ** *********** **** with ******* ****,***** ******* ******.
****, ***'* "**** ****** **********,"*** ********* ** ********* *** ****** ** ********. *** main ********* ******* ****** ** *** Seos ** *** ********** ********** ************, where ****** ** ************, *** **** ******* ***************. *** ********* **** ** "* standards-based **** ****" **** "**** ******* support" ***** ************.
*** ****** ** ********* ******* *** iCLASS **** **********, ***** ********a *********-***** **** **** and is portable *** *** ** *** *********** so that customers can utilize smart cards, mobile devices, or both within their physical access control system. Additionally, iCLASS Seos delivers full ******* ******* for enterprise and government organizations whose identity management policies are driven by regulatory compliance requirements.[emphasis added]
**** **** ** ********* * ****** examining ***'* ********** ************, ********* ******, iClass **, *** ****.
IPVM *** ******'* ******** **** ****** **
**** *** "*****, ********* ******," **** **** ********* ************ ****** ** *** *******, ** it *** ***** ** *** **** of ****** ***********. ****** **** **** iClass ** ***** ********** ** ****** by *** ** ***********, ** **** technology *** *** ********** ****** ***** recently.
**** ** *** ************ **** **** now ******** ******... *** *** *** is ****** **. ** *** ********** state-of-art * ***** *** ** **, and *** ** ** ******.
****** ***** **** ****** ** ***** be ******* ** ** ** ***** on ****** ************ *** ******** ******.
*** ** ***** ******** *** ****** out ** * ****** ** **** strange ** **. *******, **'* ******* based ** ****** **'* ***** ** the ******** **********. *** ***** *** notoriously **** ** **** *** *** you *** ** ****** **** ****. So * ***** * *** ** us ******* *** ******** ** * can *** *** ****'** ********, *** it's *******.
Rumors ** ****** ** ***** *******
****** ****** ***** ******** **** ***** ****** ** *** configuration ***** **** ***** **** *** soon, ***** ***** **** ******** *** to ******** ****** ** ******. *******, Iceman ********, **** ***** ***** ** "just ******."
** *** *** ***** ****** ******** that ** ****** ***, **'* * mandatory ****** *** ********* ****** ******** out ** ***, ***** ** ********* going **. *** ****** *** **** there *** **** **** ****** ***. I ******** *** *** *** ******** on ******** *** * ****'* *** anything **** ****. ** ***** ** just * *****.
************, **** *************** **** **** **** quiet ******* * ******* ****** ** insiders, ********** ******* * ********* ******** (see**** ** *** ******** ********** *** Industry). *******, ***'* ************* ***** ** IPVM ***** ** ***** **** ****** SE ** *** *******, ********** *** rumors ***** * ************* ** * CVE.
Seos ********* ** ** *** ***** *******
** *** ********** ***** ** "** upgrade ** **** ****** ***********," ** is ********* ** ****** ** *** existing ******* ******* ****. *** ******* with ***, ******************* **,****** **, ***************, ******* ****. *** ******* **** do *** **** ***, **************(***-**, ************) *********(***-**, ************) *******, ** *** ******* Seos, *** ***** **** ** ******* their ******* ** *** **** ***********.
*** *** **** ********* ** *********** its ********** ******* ******* ***** ***** go ** ***-*********** ******* **** *******, leaving *** *** *********. **** ****** SE ***** ** ***'* ****** ************ list, ***** **** ** ****** * "more ****** **********," **** ****, ** Desfire ***, ** ***** ******** *****.