Summary

Article Metadata

HID Keycard Spoofing Defeated

This is a Defcon news story, published by Wired, that relates primarily to Javadi news.

Defcon news

For more Defcon news, you can click here:

more Defcon news

Javadi news

For more Javadi news, you can click here:

more Javadi news

software applications news

For more software applications news, you can click here:

more software applications news

Wired news

For more news from Wired, you can click here:

more news from Wired

About the Otherweb

Otherweb, Inc is a public benefit corporation, dedicated to improving the quality of news people consume. We are non-partisan, junk-free, and ad-free. We use artificial intelligence (AI) to remove junk from your news feed, and allow you to select the best tech news, business news, entertainment news, and much more. If you like software applications news, you might also like this article about

HID keycards

. We are dedicated to bringing you the highest-quality news, junk-free and ad-free, about your favorite topics. Please come every day to read the latest new HID hacking technique news, valid HID keycards news, software applications news, and other high-quality news about any topic that interests you. We are working hard to create the best news aggregator on the web, and to put you in control of your news feed - whether you choose to read the latest news through our website, our news app, or our daily newsletter - all free!

HID keycard

Wired

•

How Hackers Extracted the ‘Keys to the Kingdom’ to Clone HID Keycards

Summary

Nutrition label

78% Informative

HID Global's keycards are the front line of physical security for hundreds of companies and government agencies.

They can also be spoofed, it turns out, by any hacker clever enough to read one of those cards with a hidden device that brushes within about a foot of it, obtain an HID encoder device, and use it to write the stolen data to a new card.

Now a team of security researchers is about to reveal how one of HID 's crucial protections against that cloning technique is defeated.

Researchers have demonstrated it's possible to extract HID ’s sensitive keys by plugging an encoder into a PC running their software that instructs the encoder to transfer the authentication keys to a configuration card without encrypting them.

HID has since developed and released software patches for its systems that fix the problem, including a new one that will be released "very soon".

HID systems and other forms of RFID keycard authentication have, in fact, been cracked repeatedly, in various ways in recent decades .

But vulnerabilities like the ones set to be presented at Defcon may be particularly tough to fully protect against.

“Now customers and HID have to claw back control—and change the locks, so to speak,” Javadi says.

VR Score

Informative language

Neutral language

Article tone

informal

Language

English

Language complexity

Offensive language

not offensive

Hate speech

not hateful

Attention-grabbing headline

not detected

Known propaganda techniques

not detected

Time-value

medium-lived

External references

https://www.youtube.com/watch?v=6i-84wqc_qU https://www.hidglobal.com/documents/secure-channel-downgrade-encodersreaders https://www.blackhat.com/html/bh-usa-03/bh-usa-03-speakers.html#Glasser https://www.blackhat.com/presentations/bh-dc-08/Franken/Presentation/bh-dc-08-franken.pdf https://get.meriac.com/docs/HID-iCLASS-security.pdf

Source diversity

www.youtube.com www.hidglobal.com www.blackhat.com get.meriac.com

Affiliate links

no affiliate links

Read full article