Recently, hackers have shown tech insider how to successfully break into the office by buying $700 worth of electronic parts on Amazon and ebay to clone access cards.
For hackers, unauthorized entry into a company is simple and does not cost a lot of money, it may only cost $700 to buy some parts from Amazon and ebay.
Tech Insider The net wrote:
"We've seen a hacker team break up a power company in less than 24 hours," he said. The power company is located in the middle west of the United States, known as "Metrofader" hackers from the pocket out of the electronic Chest card, waving on the external sensor, the door opened, but, it must be explained that the electronic badge is in its earlier stolen data based on the production of fake cards. ”
Hackers can buy $350 worth of equipment from Amazon or ebay stores and bypass access control systems based on employee ID badges by forging access cards, according to researchers at the Redteam security company.
Security experts further explained to Tech insider that hackers cloning any employee's access card is also easy to achieve without stealing personal information from employees.
Redteam Security's Mattgrandy explains that hackers use specific devices when they visit a target company, which costs only $350.
Redteam's security advisor, Mattgrandy, said:
"(We) have access to large-scale, long-distance readers from the Amazon Marketplace, and they can also be bought from ebay. ”
The hacker pretends to be a student visiting the company, placing the device in a laptop bag that intercepts the encrypted communication between the employee access card and the system that controls the open/closed door.
RFID tag readers on Amazon and ebay can capture access card data three of feet away and write it on a microSD card.
An attacker would only need to approach him within the range of validity when an employee uses an RFID badge. The attacker could then use the captured employee badge data to make a fake badge, which would require a second device--proxmark, worth $300, simple operation and low cost.
Tech Insider says:
"Redteam Security has revealed to us a well-known problem with RFID or radio frequency identification, and is also the most commonly used method for many enterprise certified employees to access devices. Employees verify their identities through the RFID badge and gain access to a door. However, the problem is that in many cases, the data is sent in clear text, and there is no encryption processing, which makes it easy for hackers to steal employee data information, and then clone fake card intrusion device, realize its unknown purpose. ”
Of course, in order to improve physical security, it is possible to encrypt data, another good thing is to use RFID barrier to protect the access card to prevent data theft.
Fake: $700 to break access