Knowing which access credentials are insecure can be unclear, especially because most look and feel the same. Even the most insecure 125 kHz types are still widely supported, and using 13.56 MHz smartcards is no sure guarantee the format has not been hacked.
In this report, we take a deeper look at:
- Why To Stop Using 125 kHz Formats
- Which 13.56 MHz Formats are Uncracked (So Far)
- The Cracked 13.56 Types Still Widely Used
- Why No Formats Are Uncrackable
- Thousands Are Working On Hacks
- High Technology Skills Needed
- Steps To Defend Against Hacks
We cover these points inside.
125 kHz Riskiest of All
While the vulnerability of specific 13.56 MHz formats is mixed, older 125 kHz are highly vulnerable to pragmatic copying with cheap and widely available components. We covered the risk in our Hack Your Access Control With This $30 HID 125kHz Card Copier test, and then how to address the vulnerability with the Hackable 125kHz Access Control Migration Guide.
Common 125 kHz Formats Are Insecure
The list of vulnerable, unencrypted 125 kHz formats used in access is substantial, easily reaching into millions of credentials still in use daily. The common formats include: