In 2013, Francis Brown, a partner at Bishop Fox, a security consulting firm focusing on foreign governments and financial matters, created a device powerful enough to duplicate 125KHz RFID proximity badges and cards from less than a foot away.
The device, which is known as the RFID Thief, was created to steal badge information so Bishop Fox associates could gain physical access to restricted networks and devices for penetration testing. The firm shares how to create similar devices on their website. Their goal is to make it easy for security professionals to recreate their own RFID readers so they can perform physical penetration tests and better demonstrate the risks posed by these technologies to their management (Bishop Fox).
Since it’s 2013 creation, the device has been improved to now read proximity cards from up to 3 feet away, which makes stealing badge credentials even easier for criminals. Bishop Fox explains that a typical attack scheme would include simply placing the reader in a messenger bag or purse and walking by someone in line at the local coffee shop. The device is completely silent, and even stores all badge information to a text file on a microSD card for future reference.
The best way to avoid someone using a RFID reader against you or one of your colleagues is to switch over from old proximity technology to the latest smart card technology.
Smart cards use an encrypted computer chip loaded with cardholder information; including employee credentials and access points. Smart cards can also be easily integrated with different technologies and can be used in various locations as well.
A smart card is extremely flexible when it comes to growing organizations. The proprietary sequence control mechanism with smart cards will eliminate redundancies or duplication errors and protect your organization from the RFID Thief!
If your organization already has multi-technology card readers the change is relatively easy. Contact your Access Security representative or email firstname.lastname@example.org to see what is needed to upgrade your security today.