Vulnerability Directory For Access Control Cards

Author: Brian Rhodes, Published on Aug 14, 2017

Knowing which access credentials are insecure can be unclear, especially because most look and feel the same. Even the most insecure 125 kHz types are still widely supported, and using 13.56 MHz smartcards is no sure guarantee the format has not been hacked.

In this report, we take a deeper look at:

  • Why To Stop Using 125 kHz Formats
  • Which 13.56 MHz Formats are Uncracked (So Far)
  • The Cracked 13.56 Types Still Widely Used
  • Why No Formats Are Uncrackable
  • Thousands Are Working On Hacks
  • High Technology Skills Needed
  • Steps To Defend Against Hacks

We cover these points inside.

125 kHz Riskiest of All

While the vulnerability of specific 13.56 MHz formats is mixed, older 125 kHz are highly vulnerable to pragmatic copying with cheap and widely available components. We covered the risk in our Hack Your Access Control With This $30 HID 125kHz Card Copier test, and then how to address the vulnerability with the Hackable 125kHz Access Control Migration Guide.

Common 125 kHz Formats Are Insecure

The list of vulnerable, unencrypted 125 kHz formats used in access is substantial, easily reaching into millions of credentials still in use daily. The common formats include:

******* ***** ****** *********** *** ******** *** ** *******, ********** because **** **** *** **** *** ****. **** *** **** insecure *** *** ***** *** ***** ****** *********, *** ***** 13.56 *** ********** ** ** **** ********* *** ****** *** not **** ******.

** **** ******, ** **** * ****** **** **:

  • *** ** **** ***** *** *** *******
  • ***** **.** *** ******* *** ********* (** ***)
  • *** ******* **.** ***** ***** ****** ****
  • *** ** ******* *** ***********
  • ********* *** ******* ** *****
  • **** ********** ****** ******
  • ***** ** ****** ******* *****

** ***** ***** ****** ******.

125 *** ******** ** ***

***** *** ************* ** ******** **.** *** ******* ** *****, older *** *** *** ****** ********** ** ********* ******* **** cheap *** ****** ********* **********. ** ******* *** **** ** our**** **** ****** ******* **** **** $** *** ****** **** Copier****, *** **** *** ** ******* *** ************* **** *********** ****** ****** ******* ********* *****.

Common *** *** ******* *** ********

*** **** ** **********, *********** *** *** ******* **** ** access ** ***********, ****** ******** **** ******** ** *********** ***** in *** *****. *** ****** ******* *******:

[***************]

Formats *** *** *******

*** **** ** ******* ****** ******* ********* *** ******* ** hacked ** ***** *** ******** ***** **** *****:

*** ****** ****

***'* ****** **.** *** ****** *** *** ** ** ****** and ********* ** ******* ***** ********** *****. *******,**** **** ******* ******* ******* '**** *************', *** ******** ******* [*,*,*] ***** '** ** *****' ** ********** ** ******** *****.

****** ******* ***(********* ****)

**** ******** *** **.** *** ****** *** **** ****** ******* outside ***** *******, ** ***-********** ****** ******* *******, *** **** less-expensive ****-************** ****** *********** *** *******, *** **** ***-*** *** encryption *** ******* **** *******.

****** ******* ***(********* ****)

**** '**** ***' *** ****** ****** ** ***** ******** ********** related ** *** *********** ** ********** ** *** **********, *** does *** *********** ******** ************. ** *******, ******* ******** ** use *** *** **** **** ***, ******** *** *** *********** is **** *** *** ********* ** ********* ** ****** *******.

Formats ************ *******

*** ******* ****** ** ******** ** *** ****** ******** ** integrators *** ********. *** ******* ***** **** ** **** ** systems **** **** ******, *** *********** **** ** '******' ** access *************:

****** ******* *******

********* ********* ****** ******* ******* *** *********** ****, **** *** *** **** ****** ********** ** *** PACS ******, **** **** ***** ******** *** **.** *** ********* format ** ****. *******, *** ****** ** ********** ******** ******** keys ******** *** ******* ** *********** **********. *** ****** ** still ********* **** *********** *******.

*** ****** ***** (*** **/**** *******)

*** ****** ** ********** '****' **** ***'* ******** **.** *** format ***** ******** ******* *** ***** *** *** ********** ******* in *** '***** ** ********' *****. **** ******** ********** ********** *********** *** ** ******* on *** *****. *** ***** ***** ***** ********** ***********, ******** the **** ****** **/**** ****** *** * ********* ****** *** multiple ****** ** ********** ** ******* ******* ********.

No ******* *** ***********

******* ** ****** ** '**********' ** '**********' ***** **** *** often ********* ***** **** *** ******** ** *** ******, ** credential ******* ****** ** ****** ** '***********'. ***** ***** ******** from ******* *** ********* ******* *** ********* ** ******** ******* essentially '******* *** ***** ******' ** ********* *****, ******* ** hack **** *** ******* *** **********.

** ****** ****, *********, ** ********** ****** ****** ******* *********** secure, *** ******** ********-****** ***************** ******** ********* ** *******.

Cracking ********* ******* ** ****** *********

*** ********* *** ****** ****** ** ***** ********* ******* ********* use ******** ***** *********** **** ******* ******** ***********, ********** ***********, and ********* ***** ** ****.

*** ** *** **** ******* ********** **** ******* *****, *** open-sourced*********,*** **** ********** ** *** ***** ****:

** ****** ** ******* *** ***** ***** **** *** ********* is *** ****** *** *********. ** *** *** *** ******* fairly ******** **** ***********, ******** ***********, **** ** ****** *** ISO *********, **** ****** **** ******** ***** *** **** *********** than ******** **** ! ***** **** ** *** ********** *** basic ********** ****** **** *** **** ********** ***** *** ******.

*** ***** ******* *** *** **** ******** *****, **** ****** not ****** * '***** *** *****' **** ******, *** ****** a *** ** ********** **** ******* **********, ********, *** ******** that **** ** ********** ******** *** ****** ********** *******:

**** *** ***** *********** *** *** *******, *** *****, *****-****, and **** ** *** ******* *********, **** ***$** **** *** *** ******** ****** **** ********* *******:

*******, *** *** '***** *** *****' ******* *** ***** ** access *******. *** *******, ** ****** ********** (**.*****) ********** *** *** **** **** ****** ****** *******, ******* *** claims ** ******* ********, ********* *******:

The ******* ********* ** *****

******* ** *** '*********' ********* ** ********* ********** ** ******* mechanical *****, ***** *** ********* ****** *** ******** *********** *** contribute ** ******* ****** ***********.

*** ** *** ****** ****** ***** ***** ***** ****** ** the******** ********** *********, **** ********* ** ***** *** ******** ** ***** ***** month, ***** ************* ******* ** ******* ******** *** ******* *** multiple ******* (********* ******, ******, *****, *** *** ***********) **** place.

***** ****** *********, **** ****** ********* *** **** ** ******. Multiple ******* ******** *** ** ***** ** ******, * ***** and ***** ****** ************* ****** ** ***** ************. ***** ***** are **** ******** ** ********** ********, ** ******* *** ***:

******* *******

Significant ****** *** ** ********

******* ********* *** ********* **** ** ******, ** **** ******** access *** ************ ** ********* ** ***** ******. *** *******, one ** *** **** ******** **** ******* ** ********** ******* keys **** ****** ******* ******** ********** ****** * ******* ** splicing *** ****** **********.

*** **** ****** *******, *** ********** *** **** ****** ** use **** ****** ** * **** ************* ********* *** ****, as *** ****** ***** ** ****** ******** ** ***********.

*** **** ******** *** **** ******* ***** ***** ***** ** processing. **** ******* *** **** ** *** ** * ******* (with *********** ***), ***** ****** **** ******** ***** ** **** **** (**** the***** ***** **** ******* ****).

High ***** **.** ****** **** ** ***** *******

*** *** *********** ** **** **** *** **** ***** *** devoted ****** **** ** ***** ********** *******, *** ******* **** to ********** ****** ******* ** ******** *** ******* ***** ***** takes ****.

*******, *** $** *** *** ****** *** ** **** ** seconds *** ****-********, ** ***** ******* ****** ** *******. *** for **.** *** *******, **** ***** ******* ******, ***** ** time, ******** ****, *** ******** ************ ** ******* ** ***** required.

*** **** ********* ******* ******* *******: ******** ***** ************** ******* of **** ****, '**** ***' **** **** ********, ** *** reissue ***********, *** **** ***** **** **** *** ********* ** installed ******* *** ***********.

Comments (22)

***** **** ******** **** ** ****** ***** :) ***** ** still *** ************* ** ****** ** ********** ***** **** ** also *** *****. ******* ************ *** *** ** ******* ********* a *** ... ** ***** ***** ** *** **** *** to *** **********.

*** ** ****** **** *** ****** ** * *** ** people (****** ********). ** ****** ***'* ******** *** ***** ******* to **** *************** *** *** "***** *** *****" **** ** that **** ** **********.

*** ***** **** ** ******** ** ********* ** ********* ***** day. ********* ******** **** *** ********** ** ** **** ****** peer ****** *** ******** ****** ****** *** ****.

***

***** *** *** ** *** ********** :

****://***.*************.***/****-***-***-********

*** ******** **** ******** ********* (************) *** *** *** ** sim **** **** "***" *******. ** **** *** ****, *** high ******** ***** ***** *******...

*****

*** ***** **** ** ******** ** ********* ** ********* ***** day. ********* ******** **** *** ********** ** ** **** ****** peer ****** *** ******** ****** ****** *** ****.

**** ** *** *** '*****' ********* ******'* '***** ** ********'****** *****. ** ******** **** **** ******* ****** ** * particular ***** ** **** ** * ***** ***********, ****** ******* used ** ***** ***** **** ************ (**: *** ****, ***/***** passes) ***/**** ** ******** ******* ******** ******.

***** *** *** ******* *** **** ** *** *******.

* ***** ** **** ****.

***** *******,

*. *****'* ****** *****. * **** ** ** **** ************ iClass *********** *** * ******** ******** *******. ** ***** * bit ** ****** *** *** *** **** *** **** ***** require ******** ******* ***** *******.

**** **** *******, * ****** ** ******* ******, ***** **** links ** *** ********* ***** ****** ** **** ** ******, ( * ***** *** ******** ***** ** **** **** *******) and ****** *** *********** ****** **** *** ****** ***** *** weak ** *** ** *** ******** ** *** ********** *******, which ** *** **** ***.

**** ******* ** ******** *** **** ** **** ******, *** cryptographic ****** *** ** ******, *** *** ******* *** ** do **** ** ** ****** *** ****.

*** **** ****** **** ** *** ********* ** ********* ***/*, a ****** ******** ** ** **** ** *** ***** ******* on *** ******** *****, *** ***** ** *** *********.

**** *** ******* ****** ******** ** ** **** **** *****, which *** ** ******** *** ****, *** **** ** * XP *******( **** ******** *** **). * **** ******** **** package ** **** ** **** **** ********, *.*. ** ********** site ***** ***, ******* ***********, *** ******.

****** *** *** ******** ****!

** *** **** * ***** ** *** ********* ********** ****** SE **** ***?

** ******** ******** ******, * ****** ******* ******** *** **** partially **********, *** ***** ** * **** '*****'.

** *** *** ****, ** ** *** ***** * ***** is ***** ******** *** ****?

****** ** ** ********* * ****** *********** ** ******** *******. In ****** *** ******** ********* *** *** ** ***** ***** similar ******* ** *** **** *** *** ********* *******, *** then ***** ** * ****** *********** *** *********, ***** ** currently **** *** ******* ** *** ******. ****** *** ******* utilise * ****** ************** ******, ***** ***** ** ********** ** Side ******* *******, ** ***** **** *** ****** ****. *** from ** ************* ***** ******* * ****** ********.

******* *** ****** *********** ** ***** ******** ** *** **** and *** ******* **** ******** **** **** ** *** **** for *** ** *********** ** ********, *** **** *** ** achieved **** *** ***** ****.

********, **** *** ********* *** ** ***** *** ****** *** be ******** ***** * ********, *** ****** **** *** *** contents, *** *** ***'* **** ** ** ******* **** **** you **** *** ****** ** **** ***** ******** ** *** back ** *** ****....

**** ** ******* ** *** ******, *** *********** ******* ******, except **** *** *********** ** *** ******* *** ********* *** CSN, ** ******* * ******* ** *** ******** ** ******* soft ******* *************** ** ********, *** ****** ***** ** ** focussed ** ******** ***/* **********. ** *** *********** **** *** likely ** ****** ******.

********** ****** ** ***** * *** ******* **** ******** *******, and **** ******** **** *** ****** ******** **** *** ************* have ******** **** *** **** ** ****** *** ******** ****** on.

* ***** ******* ***** ********** **** * *****'* *** ****** to **** ** *****, *** ***** * **** **** **** allowed ****** *********, ********* *** ****** *** *** **********.

** * ******** ****, **** **** * **** *** **** looks **** ****, *** * ** **** ********* **** *** won't **** *** ******* ** ******, ** **** **** *********** under ***, ** **-*** ***** **** ** ******** **.

**** * ***** **** ********* ** ** ******* ***, *** we **** ** ***** ** ********* ******** **** ** ***** counters **** ** ********* **** ** ****, *** ******* ***'* put **** ** *******.

***********. **** *** *******, ** ***** ** *** ********** ** divulging *******, *** ****** ********** ***** ** ** ******* *******. Even ***'* ** ****** **** ** ****** ***-********* ********* *** often ***** *** *********** ** *********.

****** *** *** ********!

* ***** ******, **** ********* ** ** ***** **** ******, is ******* ***** *** ** ***** ** ***** ****** *** i-Class ** ******. ***** ***** *** **** ** **** **** both *** ******** *-***** ******** (********* ******* **** * **** number ********* **** * *) *** *** ***** *-***** ** platform **** *** * **** ****** ********* **** * *. The **** ***** **** **** *** *** ***** ****** ******* are ******** *** ****** ******* ** *** ****** *** ** disabled ** ******. **** *** *** ****** **** **** ******* on *** ****** ** **********. ** ** ******** *********** **** any *** **** **** *** ** ******* *********** **** *-***** SE ******* **** *** ****** ****** ********.

* ***** ***** **** **** ** *** **** (** *****). But *** ******* **** ******** *************** ** ****** ** **** it ***** ** ** **** *******, ******** ** ******* ** Mifare *******, *** ****** *** ** *** ******* **** ********. Why ***** *** ******** ** *** * **** ** *** DES ************** ***** * ******* ** * **** ( ****** read & *****), **** * ****** *** *** *** ****** (EV1/2) ** ********* **** ******** ****, ***** *** ****** ****?

********** **** *** ************ ** **** ******* ******* **** ** Proxmark, ***** *** ******** * ****, ******** *** ********** ** a ****** *** *** ****.

**** ** *** *** ******** *** *******, *** ***** ** you *******, *** *** ******* **** ******* ***/* *** *** cards *** *******.

** *** *** ******** *** *******, **** **** ** ******* OSDP.

******, *** *** ****** *** ***** ***** ***/* ******* ** Seos? ** ** * ********.

** *** *** ** **** ******** ******* *** **** "*** would **** ************ ** ** ******* ***", ***** "**", * believe, *** *********** ****. * ***** ** ********. *** **** even ** ****? *'** *** **** ******** **** ****.

** ***** ** ** **** **** ** ****** ****** *** well ********. *'** **** ******** ***** ** **** ****** ** remain ****** **** ** ****** ******* *** *'** ***** * don't **** ****** ***** ****** ** **** **** ** ******** guess.

* ******* *** ********** ** *** ************* "****-*******" ** ******* which **** **** **** ***********. ** *** *** ***** "********-*******" SE ******* ***** *** **** ***** ** ****** *** ****** are *********. **** ******** * ****** ********* **** *** *********** to ****.

******* ***** * ******* ******* ***** ******* * ********** **** older ***********, ** ****** ******* *** **** ***** ******** ** used, *** **** *** ********* ** *** **.

*** **** ************ **** ** ***, ****** **** *** ******** (I ******* **** ** * ******** ***********) ** *** ****** to ***** **** *** *** *********, *** ***** ***** ********** is ******** **** ********* **** *** ************ ** ***** ** is *******.

********* ** ***** ** ***** ************, ** **** ** *** questions **** **:-

*** ***** ** ****?,

**** *** **** ******?,

** **** ***** ** ***** ******** ****?,

*** **** ** ******** *********?

*** *** * ****** **** ** * ******?,

*** *** *** ************* ******** *** ******** *** ******?.

*** **** ***** ** ********** ********* ** ** *** ** this *****, ** ***** *** ******** ** *********, ***** *********** to ******** *******, *** ******* ********* *** ***** **** **** their *********. ************ ** **** **** *** ********* ** ******, and *** ************* *******.

* ***'* ***** ** *** ** ****** ********* ***** ** "It ***** ** ** ****" **** *** ********* *** ******** that *** ***** ** ** * ******** ** *****?

*'* *** ****** *** ********* ** **** ** **** ****** pretending ** **** ** **** ** ******. **** **** ** cursory ******* ** ***** **** ******* ***. * ********** ****** **** ***** ******** ** ****. *** **** ******** translate ** ********* ****** ******. ** *** ** *** ** security ***** **** **** ****** *** *** "************ * ****** and ******** **********" *****'* **** ** *** "*********** *********". *'* certainly *** **** ********* *** ** *** *****. ************* *** is ****** ******** ** *** ** *** **** ******** ******** vendors *'** ****** ** ***'* **** **** ** ******** ***** NXP, *** ***** **** ** ************* ** *** *** ***** details ** *** **** ****.

** *** ** *** **** *** *********. ** ************* ** that **** *** **** *** ****** ******* *** (*** **** about ***) ********* ***** *** ** ******* **** *** **** if *** ** ******. * ******* **** *** **** ***** investing ** ********, ********, *** "*******". *** **** **** *** common ******** ** *** ****** ******.

* ******* **** *** *** ********* *** *****, ***** ***** keys *** ***** ** ** ****** ** ******* ** **** as ***********. *** ** *** ******* **** * ***'* **** of ******** **** *****'* ******* ****.

**** ******* *** "***********" *******. **** ************ ****** **'* *** master ***. *** **** * **** ****** ***. ******* ****** the **** ** **** **** **** *** ***. **** ***** it *** ***. ****, * *******, *** *** **** ******** encryption ********** (****, ***, ***).

*'* *** **** ***** "******** ********** ****". * ***** ******* both *** ******* ****.

*** *'* ****** ********* ******* *** *** **** ******* ******* review ********* *** ************** ** ******* ********. * ******* *** hasn't, ***** ******'* ** **** **********.

** ******* ** **** ** **** ** ********** ****. ******* 1) *'* **** ********** ** *** ***** *** *) *'* actually ******* ** * ******** *** ******* **** ** *** conclusion ** ***** ** **** ** *******. * **** ** hard ** *** * ***** ******* ** *** ***** ******* of **** ********* **** * ********* *****. *** *** ******* I ******** ***** ** ****** **** ** **** * ****** who *** ******* ** ***-**-*** ******** *** ******* ** ** me (*******, ***********, ********, ********, ***).

*****, ** ***** ** ***************, * ***** ********* ***** *** with * ***** **** ****** ***, **** ****** ******** ************ to ** ********* ** *** ****.

*********** * ********* * ***** ***** *********** ** **** ****** the *** ********* ****. **** *** ** ****, ******* ********** or *******.

******* ** ****** ***** ****** ******* ** * *********** ****, i.e. ** **** ** *** ******.

** *** **** *** *********, *** ****** ****** **** ***** for *** ********.

******** **** ** ********** *** ******* * ***, ***** **** be ******* ******* ** *** *** *** ****** ************.

** (***.*******.**.**) **** ******* ** *** ** *** *** *** credential ********** ****** ***** ** *******, *** * ** ***** of ** ***** *** ****** ***** ** *** **** * Platinum *******.

** ** ********** *** **** ********* ***** ***** ******** ** go "*****" **** ********** ** ********, *** **** ******* **** in ****-****** *****.

**** **** ** ********* (*.*. ** *** ***** *** ****) yet **** ** ******* ** ***** ********* ** *** ***** of *** ******* ** * ***, *** ** ********* ** suitable ********* *** ***** *** ***********.

****** *** *** ********! *** *** ******* ** * *** more **** ** *** **** *****

"******* ** ****** ***** ****** ******* ** * *********** ****, i.e. ** **** ** *** ******"

* **** ** **** **** ****** ***** ****. *** ** this ********? ** **** *********** * ****** ******* *** ****** and ***** **** ***** *** **** ** **** **** ****'* in ** ******* ****?

****** ** *** **** **** ********* ** *** *** **********. There *** * ********** *'* ***** **. ***** ** ** understanding *** ******* ** **** *'** ****/********* ********* *** ******.

******** ********. **** ** *** *** *** ***** ******* ***** the **** *** *** **** ****** *** ******* *** *********** regardless ** ****/*******.

*****/***** **. **** ** *** ******* ***** *** ******* * custom **** ******** **** ******** *** *** ***. **** ******* and ***** **** ** ******* ******* **** *** *** *** programmed **** *** *******. * ******* *** ** **** ******* your ********** *** *** *** ********** ** *** *****. ***** you're ** ****** ***** *** ******** ***, *** *** ***** trusting *** ** **** ****** *** *********** * ***** *** of **** **** *** *****.

****** **** ********. **** ** *** **** ** *** ***** except *** *** ** *** *** **** ******* *** ***. Obviously **** **** ******** *** *** ****. ***'** **** ********** hardware/software. *** *** *** ***'* **** ** ***** * *** party **** **** ****.

******* *** ** ********* ******* *** ******* ***** **** ******* configuration ***** ** *** ****.

*****/***** ** **** *** ** *** *** *** ***** ** the ********. ****** *** ******* *** ********** ** *** ******* as ****.

*** ****** **** ******** **** ******* ** *** ******** *** also ** ***. **** *** ******* **** * *** *** user ********* **** ***** **** ******** *** ***. ******* ** this, *** *** **** **** *** **** ********* ** *** actual ** *** ***, **** **** *****. * ******* *** Elite ******* ******** ******* ** ********* ** ****, **** ** the *** *******.

* ***** **** **** ****** ******** ** *** ********* ** who *** ** ****, *** **** ** ******** **-*******, *** how ** ****** ****.

****, *'* *** ******** **** ** **** ** ** ***, I ***** **** ***** ** ******.

*****, * ******* *** *** ********** *** ***** **** ******, which *** *** **** ******* ********** ** *** *** ***** which ** ***** ** *** *** ***.

** ** **** ** *** ******* *****, **** ******* ******** to *** **** ** ***** ******** ******* ** ***** * paraphrase, ***** *** **** ************ ** ****** * **** ******, which ** **** ** *** **** ** ****** * ****** random *** ** *** **** (** **** ** *****) ** control *** ***********. *** *** *** ** ****** ** * tightly ******* *******, ***** ******** * *** ***. *** **** client ******* ******* * ****** ******** *** ***, ***** **** control, *** *** ***** **** ****** ***** *** *** ****** set *** ****** *** *** ********** *********** ** *******, ********* the ****** *** ****** *****. **** ******* **** *** ******* is ********** *********. *** ****** *** *** ****** ***** *** be ********* **** *** **********, ***** ****** ** **** ***** and *** ** ****** ** * ******* ****, ** * controlled ****, **** ******* *** ** *** ***** **** *** key ****** ***** *** ****/******. * **** *** ** ** this *** ******* **** * *** ******.

** ** **** **** ** *** **** *****, ***** ** available ** ********** ***** *** *** ********, ** ** ** anonymous, *** *********** ** *** ****** *** **** *** **** approved ** *** **** ** *** ** (******** ********** ** NIST), *.*. **** ********** ******** ** * ***** *****. *********** can ****** **** *********** *** *** *****, ** ***** *** users *** ** ** **********.

** ** *********** *******, *** **** *.*.* ******** ****, *** I *****'* **** ** ********* ** ****** ** ******* (*** union ** ****/******* **** ******** ********** **** ***** ***********), *** Deister ********* **** * ****** ****** * ****** *** ***** can ******* *** ** ***** ******* ** *********** ******, ******* only ***** **** *** ******, *** ********** ** ****, ****** a ***-**** *** ** **** *** ****** *** *** * reader, **** ****** *** **** ****** ******* (** **** **** this ** ** ** *** ****** *** ** ********* ** the **** *******) ** * ****** *****, ** ****.

**** *** ****** ******* ** ******* ****** *******(***), ***** ** an ********* ***-*********, * **** ***** **** * * **** panel **** * ***, *** *** ****** ************ **** ******* on ****** ******** ** ***** ********* ******, ** **** **** news, ** **** ********** ******* ** *** ******** ****** **** security *** ** ******** ** ********.

*** ******* *** ********** ****** * *** **** **** *** does **** *** ***** ** ******** *** ****** *******. *** encoder *** * *** ******. **** ***** * ***** **** sounds ********* ** ** ** *** "******** *** ***". * think *** **** ***** **** **** *** ******** ******* **** they *******. *** **** *** ******* **** **** **** *** custom ****. ******* *.******** ******* *** **** **** **** *** ****** ******* ** the ********.

* ***** *** ****** **** ** *** **** ** *** list ** "*** *** *******".
** ** **** ***** **** ****** ******* (***** ** ********** with **** *** **** **** ********** *** *** ******** ** physical ****** *******) ** *** *** *******.

* ***** **** *** **** ****** **** ** **** **** open **** *** *********, ***** ******* ** *** ********* **** complete ******** *********** ***** ***** ****** *** ** *********. ***** is ** "******** ** *********" ***** ** ***, ** ** based ** ****** *** ******. ** *** **, ** ***** much **** ********** **** * **** **** ********** ****** *********** HID *********.

***, *'* ** ******, ** ***'* **** *** ********* ****, Mifare ****** ***** ** *********** ****, ** ******* ** *** own ******* *** **.

*********, ** ** *********** **** *** **** *** ********** ******* NXP *** ***, *** ** * ********, ************ *** ******** of ***** **** ********* **** ** ****** **** *** *******, whereas *** ******* *** ************ ***** *********. *** ****** ******** was ******** ** ****** ****** *** **** ********** ** ********. Therefore **** ** *** * ***** **********.

**** ********** ** *** ***** ** *** ******** *** ***** to, *.*. *** *** ******* ** ********** ******* *** ** selling ** *** ***** *** ***********.

* *** *** ****** ***** ** ***** ****** **** *** Access ******* ************, ** *** **** ********** ******* ****** **** and ******* ** ********** *****, ********* ** ********** ** *** cost ** *** **** *** * ********* ****, *** *** readers *** ** **** *********. *** **** ****** ** *** Mifare **** ** ** *** ********* **** *******, *** *** problem **** ******* **** ********* ******** ****** ******** ****** *******, providing * **** **** *** ************.

***** *** *** *** ******* ***** ***, **** *** *** for **.

** ** *** **** ***** ** *** **** **** ***** is ** ******* *************, ******* **** *** ** ********** ** be * "**** ****".
***-**** ******* (***** *** **** *****) ** **** ** ****** are ******** ** ****, *** ******* ** ****** ***** *** companies *** ********* **** *******, ** *** **** **** ********* cost ***********.

* **** **** ******* ** **** ******* ** ******** ****** control ** ******* ***** **** ****. **** *** ***** ***** DESFire ** ***** "*******" ****** *** * **** ** ***** that **** ** **** ** ****. * ***** ********** ***, is ***** ********* **** **** ********** *******?

** *** *** ** ***, ** *** *** ** *** day * ***** * ***** **** * ***** ** ******* NXP-based ***** **** *** ****** *****. ********* ******** - * never ******* ** ******* *** **** ********* ******* *** ** HID (*'** ***** * ****** ** *****), *'* ***** ** speak **** ****** ****** ** ****** **** *** **** ****** me **, *** **** ***'*, *** *'* *** **** ** works **** *** **** **** ** *********. * **** ** trust ****, **** ***'* ***** ** *** ***** ******. ** for ***-***** ******** *'* ***** *** * **** ************ ******, just * ***, *** ** ** ********* **** ********** *** me, ****'* *** ** ** **** *********** *** ** *** I *** ********* ** ** *********. ** *** *** ** the *** * **** *** *** * ****** ****** *** I ****** ******** ***** *** ** ***** ******* ** ******.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Startup SafePass Profile on Oct 19, 2018
A major problem with visitor management is that the systems mostly require adhesive printed paper labels and paper logs, creating waste and an...
Video Quality / Compression Tutorial on Oct 17, 2018
While CODECs, like H.264, H.265, and MJPEG, get a lot of attention, a camera's 'quality' or compression setting has a big impact on overall...
Integrator Laptop Guide on Oct 16, 2018
This 18-page guide provides guidance and statistics about integrator laptop use. 150 integrators explained to IPVM in detail about their laptops,...
Higher Power PoE 802.3bt Ratified, Impact on Security Products Examined on Oct 12, 2018
Power over Ethernet has become one of the most popular features of many video, access, and other security products. See our PoE for IP Video...
"New Zealand Govt Uses Chinese Cameras Banned In US", Considers Security Audit on Oct 12, 2018
Newsroom NZ has issued a report: "NZ Govt uses Chinese cameras banned in US": This comes after the US federal government banned purchases of...
Honeywell Hides Selling US Gov Banned Chinese Video Surveillance on Oct 10, 2018
Honeywell hides selling US government banned Chinese video surveillance as their own 'Honeywell' products, deceiving buyers and putting US security...
Door Hinges Guide on Oct 10, 2018
Some of the trickiest access control problems are caused by bad door hinges. From doors not closing right, to locks not locking, worn or warped...
Default Passwords Outlawed in California, US To Follow on Oct 09, 2018
UPDATES A new California bill aimed at improving security for connected devices has been signed into law. The law takes aim especially at...
Security System Health Monitoring Usage Statistics 2018 on Oct 09, 2018
How well and quickly do integrators know if devices are offline or broken? New IPVM statistics show that typically no health monitoring is...
IP Camera Installability Shootout - Avigilon, Axis, Bosch, Dahua, Hanwha, Hikvision, Uniview, Vivotek on Oct 08, 2018
What are the best and worst cameras from an installation standpoint? Which manufacturers make it harder or easier to install their cameras? We...

Most Recent Industry Reports

Hikvision Growth Declines Q3 2018 on Oct 22, 2018
Hikvision's growth continues to decline in 2018 going from: Q1 - 33% Q2 - 22% Q3 - 14.6% In this note, we examine Hikvision's newest Q3...
Geutebruck Company Profile on Oct 22, 2018
Geutebrück has been in business for nearly 50 years, but they are not well known within the US surveillance market. In this report, we profile...
Chinese Government Blocks IPVM on Oct 22, 2018
IPVM has been blocked by the Chinese government without any notice or explanation. This means IPVM.com is no longer officially accessible anywhere...
Startup SafePass Profile on Oct 19, 2018
A major problem with visitor management is that the systems mostly require adhesive printed paper labels and paper logs, creating waste and an...
China Is Not A Security Megatrend, Says SIA on Oct 19, 2018
The US Security Industry Association has released its 10 "Security Megatrends" for 2019. SIA declares that these megatrends, such as "Advanced...
Hanwha Dual Imager Dome Camera Tested (PNM-7000VD) on Oct 18, 2018
Hanwha has introduced their first dual-imager model, the PNM-7000VD, a twin 1080p model featuring independently positionable sensors and a snap-in...
Camera Height / Blind Spot Added to IPVM Camera Calculator on Oct 18, 2018
IPVM has added camera height and blind spot estimation to the Camera Calculator. This is especially helpful for those who need to mount cameras up...
Axis Strong US Growth, Flat EMEA - Q3 2018 Financials on Oct 18, 2018
This spring, Axis had its best financials in many years (see Axis Strong Q2 2018 Results). However, over the summer, Axis had many products sold...
Best Alternatives to Banned Dahua and Hikvision on Oct 17, 2018
With the US government ban and a growing number of users banning Dahua and Hikvision, one key question is what to use for low cost? While Dahua and...
Video Quality / Compression Tutorial on Oct 17, 2018
While CODECs, like H.264, H.265, and MJPEG, get a lot of attention, a camera's 'quality' or compression setting has a big impact on overall...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact