- This topic has 6 replies, 4 voices, and was last updated 9 years ago by .
-
Topic
-
Several locksmiths in Melbourne CBD – and I guess other cities – are now offering to clone RFID fobs to allow multiple people to access what were previously relatively secure buildings. One of these locksmiths told me that the only cards that he cannot clone are called iClass and he believes that these will be secure for 2 to 5 years as the equipment to crack them costs too much to make it economic to purchase.
As an OC we are now actively looking at changing our 15 year old system to something more secure.
A quick eBay search has found multiple RFID cloning machines from around $25.00 each, and fobs/cards around 30cents each in bulk. This makes our current system useless.
Google also confirms that high security iClass has been hacked. This seems to leave biometric access control as the only practical long term option. Biometrics would also help to dissuade short term rental, as all “guests” would need to register, rather than being given a fob or card.
Does anyone have an answer to this problem in their building??
-
Replies
-
Personally, I wouldn’t be advocating for biometric security as I see two major issues with it…
1) It’s nowhere near as secure as people think
2) You can’t change a compromised “key” (eg, if someone has a record of your finger prints, you can’t just go and change your ifngers!)
See the article at https://www.theregister.co.uk/2002/05/16/gummi_bears_defeat_fingerprint_sensors/
@Article said:
he took latent fingerprints from a glass, which he enhanced with a cyanoacrylate adhesive (super-glue fumes) and photographed with a digital camera. Using PhotoShop, he improved the contrast of the image and printed the fingerprint onto a transparency sheet.Matsumoto took a photo-sensitive printed-circuit board (which can be found in many electronic hobby shops) and used the fingerprint transparency to etch the fingerprint into the copper.
From this he made a gelatine finger using the print on the PCB
Matsumoto tried these attacks against eleven commercially available fingerprint biometric systems, and was able to reliably fool all of them.
Although elsewhere in the article it only gives an 80% success rate.
So, as long as you make sure that you don’t leave your fingerprints anywhere, and you don’t use any other system which records a fingerprint scan, then you should be OK using them for security.
However, if there are RFID tags that can have their codes changed (which is what these cloned tags would be) then there shouldn’t be any reason why you can’t just write your own unique codes onto RFID tags and get people to change them periodically. (eg, when a unit changes owners or tenants you delete the old tags from the system, put new unique ID numbers into the tags, and then re-add them to the building’s system. This would stop any previous clones from working).
Other options would be some of the more obscure key shapes (preferably ones that are under patent protection) or, depending on how far you want to go, multiple security devices (such as a tag and a fingerprint).
You will never find a perfect solution, you’ll have to strike a balance between cost, security and convenience.
Of course, the easiest thing to do would be to ban cloning of key fobs without a signed and sealed letter from the strata manager.But then people would start whining about the “Nanny State”…The opinions offered in these Forum posts and replies are not intended to be taken as legal advice. Readers with serious issues should consult experienced strata lawyers.
Hi all,
In relation to cloned access cards.
The main reason for cloning cards is overcrowding.
I manage a large strata plan in Sydney & without being to confusing I will give a point form run down of what I do.
* I will search the suspected cloned cards history on the security system. All cards have individual & identifiable numbers.
* I will then view on CCTV whom is using the card & when.
* If the same card has been used, within say an hour or two, by 2 different people, I will immediately void the card. Voiding the original will void the cloned ones too.
* When the voided card does to work, the person will come to me saying “my card is not working.”
* I will issue a new card without telling the person & tell them I have just re-set the old one.
* The suspected cloned card is now on my desk.
* Should this, now voided card, be attempted to be used again we know it has been cloned.
* If so, an email will go to the owner & most will terminate the lease agreement.
Hope this helps
Brilliant! I never fail to be amazed at how clever, resourceful and helpful the readers of this website are.
The opinions offered in these Forum posts and replies are not intended to be taken as legal advice. Readers with serious issues should consult experienced strata lawyers.
- You must be logged in to reply to this topic.