A demonstration shows how exactly this could happen.
It looks like it is quite easy and cheap for hackers to break into a company. In a demonstration to Tech Insider, hackers showed how exactly this could happen. A team of hackers managed to fully compromise a company with the help of some electronic parts worth just $ 700.
With the help of an outside sensor, a hacker managed to pull out data from an employee’s electronic badge and unlock the target company’s access control system with a fake badge using the same stolen data.
Such devices are sold on Amazon or eBay for just about $350 according to the researchers. With them, hackers can easily bypass access control systems which are based on employee ID badges and create fake company access cards.
For the demonstration, a hacker pretended he would visit the target company as a student on a requested tour. He carried the card reading device in a laptop bag and was able to capture the unencrypted data transfer between an employee security access card and the access control systems which open and close the doors. Such RFID or radio-frequency identification devices could easily be found for sale on Amazon and eBay. They can detect access card data transfers up to three feet away and write it down on an SD memory card.
This means that while using the RFID badge reader, any attacker who wants to compromise the security access needs just to get close to an employee’s badge without even physically touching it. The captured data then can be written on a fake badge with the help of another cheap device that costs about $300. This way such duplicated access cards can be easily used by criminals or hackers to get access to buildings or private offices.
It is common that the signals sent between the security access cards and the access control systems are not protected with any type of encryption. RFID-blocking sleeves are also not widely used. This vulnerability is an opportunity that hackers may take advantage of and gain access to offices, private properties, and sensitive information. The demonstration naturally raises the question – are we really more protected now with the new digital security systems?