Will Electronics

Why 125 kHz Prox Cards are Unsecure

The 125kHz radio frequency card is arguably still the most used electronic access control card in North America. However, it still seems that most are not aware of the more recent findings over the last few years that show how these cards may be compromised. Proximity cards are still considered an upgrade from mag stripes or Wiegand cards. Weigand and mag stripe cards are required to be swiped through a reader. The term “prox” is simply just an abbreviation for “proximity” which basically means “near by”. Prox cards require the user to hold the card near the reader to open a door.

The popularity of these cards has continued despite the known susceptibilities that can put any site at risk. For decades, the ability to clone or replicate an access card required large and expensive hardware. However, YouTube is littered with how-to videos that show how to quickly clone a card. The price for tools that are capable of cloning most 125 kHz cards have fallen dramatically which introduces a new threat level as these types of devices become more regularly available and inexpensive to the public. Breaking a window or hacking a password may have once been the easier option for bad actors but that is no longer the case now that online retailers sell effective tools for card cloning. What was once known as a “gatekeeper status” has now been lost due to there being such a wide understanding of prox reading technology in the public.

Companies should never assume that only people who can get in, will get in. It is important to review “access granted” activity with a fine tooth comb. Additional layers of security are put in place to help mitigate risks associated with prox-based access control systems. Video monitoring, physical human/guard patrols, and worker based programs are all ways to help reduce threat.

Data has always been transferred in an unencrypted form with the prox card credentials. Card readers were designed to communicate small sets of data typically in 8-16 digit card numbers. Ironically enough, security was a far less important consideration in the design over function and convenience. Manufacturers would eventually try to curb this vulnerability by implementing proprietary card number formats. As long as the manufacturers of readers and cards were able to control access to the technology, these methods would remain affective.

In most cases, legacy prox based cards and readers can be swapped with new technology that communicates using modern encryption. The access control and security industry have taken measures to help end users transition to compatible and more encrypted solutions with as few hiccups possible. Recently released access control communications standards from regulators like Security Industry Association (SIA) have been created to help enhance support and integrations that allow for higher security applications for smart cards. Newer versions have an enhanced file transfer method that can move large data sets for firmware upgrades.

Large system migrations often require a project to be completed in phases due to budget parameters. It’s important to understand your current system’s vulnerabilities and to plan accordingly, these steps will ensure the transition goes smoother. If you’re considering migrating from a legacy prox system to more secure cards and readers, please fill out the form below or reach out to your Account Manager directly.

Scroll to Top