Most businesses today use keycards or key fobs to control access to their facility. These items can be copied–some of them using only a smartphone.
These copies are known as clones because they function exactly like the original card, granting the same access and authorizations.
Today we’re going to show you how easy it is to make an RFID clone and an NFC clone, and talk about the best ways to thwart black hats that are after your cards, as well as touch on what you do when you legitimately need to copy your RFID card.
RFID Cloning: Digital Pickpocketing
All RFID cards contain a small chip that contains data about the holder of the card, such as their name, company role, and authorization to enter facilities. These cards use short-range radio waves to send this data to readers, which then use the card as a “key” to open doors.
RFID cloning takes advantage of the fact that these cards will communicate with any reader indiscriminately. Hackers of these cards simply need to have a card reader within reading distance of a card, and they can snag the data that is loaded on the chip remotely. Some hacking readers need to be within a few inches of a card; others work as far as three feet away.
This data can then be copied over to a blank card, and the hacker can essentially pose as a legitimate actor and use their RFID copy to go anywhere the real employee can.
Hackers can also plant a skimmer within the reader itself, which then steals the data from any card that is read, and transmits it to a hacker’s phone or other devices. But installing a reader-skimmer is a bit more difficult, as the hacker needs to crack open the casing of the reader itself.
How to Clone an NFC Card
NFC card is a “Near Field Communication” card, and communicates a small packet of data–like your employee status and access authorization–to an NFC reader. It’s very similar to an RFID card, except the range of radio waves is smaller–the card must be within centimeters of the reader–and the data chip can hold more information than an RFID card.
These cards can be cloned, but it is more difficult, since the card reader needs to essentially be right next to the card thanks to their short range. However, if you have an Android phone, you don’t even need a separate reader to do this, since Androids are equipped with an NFC reader. Yes, NFC cards can be cloned with a smartphone!
The Android app known as Mifare Classic Tool is able to read data from an NFC card, store it in a file, and then write it back onto a blank card or key fob
Addressing RFID Card Security
Leverage other forms of security hardware to fully protect your premises and maintain authorized access control. A CCTV camera pointed at your card reader, for example, can detect and record any tampering by a hacker trying to install a skimmer. Likewise, cameras that have a field of vision over the approach to your front door reader can pick up on suspicious behavior, like a person with a bag trying to get within RFID-reading distance of your employees and linger there.
Replace RFID cards with NFC cards. NFC tends to be more secure than RFID: because they operate at such a short range, they’re less practical to hack. But if you need the longer range that RFID cards provide, you can still select models that are more secure.
Use high-frequency cards, which require more powerful equipment to hack. The first generation of RFID cards used low-frequency 125KHz radio waves, which is part of why they are so easy to hack. There are still quite a few of these in use today, but for greater security, invest in RFID cards with a higher frequency of 13.56 MHz. High-frequency cards need more powerful card readers that must be built by hackers, not just purchased off Amazon. Adding this layer of difficulty makes them less attractive targets.
You can also use cards with data encryption. This is a program that “locks” the data on the card’s chip with what is essentially a codeword. Only another reader that also has the codeword can “unlock” the data and read the chip. This means that only authorized cards and readers will be able to transfer info, and unauthorized hacker readers without the codeword will be locked out.
Train employees to treat cards and key fobs with care. Cards that are kept in a secure spot on the employee’s person are less likely to be hacked by a card reader or Android phone.
Deactivate lost cards immediately. New access control systems allow you to deactivate cards remotely, which has obvious benefits if a card is lost or stolen.
Use software that disallows duplicate cards within the system. This means that a true card and its RFID clone cannot be used at the same time.
For more tips, check out our other post on RFID hacking.
Legitimate RFID Copying
Sometimes, you’ll need to create an RFID key copy to replace a worn-out card. If what you have is a low-frequency 125KHz, all you need is a handheld card reader, and the steps for this are very easy:
- Turn on the device and hold a compatible card or fob to the scanner. Click on “Read” button.
- The device will beep to indicate that the data is copied.
- Hold an empty card or fob up to the scanner, and click on “Write”.
- The information from the original tag or fob will then be copied onto the blank card of the fob.
To copy or clone high-frequency NFC or RFID cards, you’ll want to talk to your IT department or the maker of your security equipment. These cards are more secure, and need special equipment to copy properly.