A recently published (Dec. 4) Customer Advisory on Unauthorized Use of Third-party Devices with HID Readers, asserted that third-party parasitic security devices were being designed and implemented in conjunction with host HID readers to illegally harvest power and communications for unauthorized retrofit mobile credentials.
The statement said: “We became aware of the unauthorized use of third-party parasitic devices designed to harvest power or communication from a host HID reader (“unauthorized devices”). The use of an unauthorized device with an HID reader is an improper modification and misuse of the HID reader and the HID products used in conjunction with the reader.”
HID added that any use or installation of the unauthorized devices that are considered parasitic in nature, which includes specific products from Safetrust Inc., Proxy Inc., Suprema Inc., and Zerv, would “void the lifetime warranty on those readers, and void the warranty on all other HID products (e.g., credentials, controllers, etc.) used in conjunction with those readers.” HID continued that it does not accept liability for any potential risk or damage these unauthorized devices may pose.
Stephen Carney, HID Global’s Vice President of Product Marketing for Physical Access Control clarified the issued statement by saying, “This advisory clarifies the HID policy regarding a concerning trend that negatively impacts HID solution performance. HID partners and customers assume risk, including the loss of HID warranty and technical support, when using the stated unauthorized products.”
Carney continued that due to the unknown technical features of these unauthorized devices, HID does not provide technical support for any readers (or associated HID products) that use such unauthorized devices.
“The unauthorized products contain RF radios and have been designed to adhere to, connect to, or otherwise interact with HID readers in a manner not intended or incorporated into HID’s solution design. Among other issues, they have a negative impact on HID reader RF performance and may increase the power draw of the readers and controllers beyond the specified and tested limits,” Carney said.
Carney also explained that HID received a number of inquiries and technical support requests from HID customers. He emphasized that the advisory communication was issued to ensure that clients understood the risks associated with the use of these particular unauthorized devices with genuine HID products so they can make informed decisions.
Response From The Other Side
In a statement just released by Safetrust CEO Jason Hart, he contends that his company is “unaware of any technical foundation” for the position HID has taken in its published customer advisory. Safetrust’s counter statement read:
“In February 2020, Safetrust announced that it would honor a like-for-like warranty replacement of any reader used with Safetrust, especially when HID Global refuses to honor its own lifetime warranty. The industry is evolving, and customers are demanding upgradability, interoperability and choice — the strength of the Safetrust solutions.
The Safetrust Module has disrupted the HID iCLASS reader marketplace by providing many iCLASS customers with a choice to leverage their existing reader investment while migrating to new secure DESFire and mobile credential technology. An upgrade avoids the time and cost of installing expensive new readers — that often have less functionality — and at a fraction of the time ,it takes to deploy any other solution.
The Safetrust Module is a simple, FCC-approved plug-in that was independently developed to upgrade HID iCLASS readers. The module adds powerful features such as customer-owned DESFire EV3 and mobile credentials, contact tracing and WiFi configuration management — eliminating the need to revisit the readers onsite.
Safetrust extends a customer’s investment of their HID iCLASS readers and eliminates the need to replace them when migrating from insecure proprietary credentials like prox and iCLASS to the lower-cost and common criteria-certified DESFire credentials.”
According to Hart, customers are demanding supplier choice and are moving away from proprietary or insecure card products, citing HID Global’s prox, iCLASS and Seos cards. He contends that the Safetrust Module has provided migration choices for many global iClass customers, allowing them to use and self-manage secure and lower-cost DESFire credentials from vendors other than HID.
“Customers want to eliminate the costs associated with onsite configuration management of their iCLASS readers. The Safetrust Module delivers that, using WiFi to allow the iCLASS reader to be configured, operationally monitored and even power reset from a browser-based central portal,” said Hart.
He added that Safetrust will honor the original HID Global lifetime warranty for any product used in conjunction with a Safetrust technology when HID Global refuses to do so.
Proxy was the only other named offender that provided a response to SIW, saying that the “Proxy Nano readers are designed to work standalone or in parallel with any existing reader using standard power and wiring from controllers. This is common practice in the industry and is a configuration widely used in turnstiles, elevators, and doors where multiple credential readers (QR, RFID, Mobile, Biometrics, etc.) all work in parallel and sit behind glass panels/covers that are administered by system integrators and customers (end-users) who want to have choice and options.”
Brandon Cook, Director of Product Marketing at Proxy minced few words when addressing the HID advisory statement.
“HID’s threat to void the warranty on its products is an attempt to continue to unfairly leverage its position in the industry and to discourage innovation. Recent guidelines from the Federal Trade Commission (FTC) have warned companies against threatening to void warranties under similar circumstances. In an effort to protect its customers, Proxy has notified the Federal Trade Commission of HID’s threat to void its warranties. Proxy will continue to ensure its customers are free to make informed choices about their security products and are able to choose between different companies’ products without voiding warranties on their existing infrastructure,” said Cook. “At the end of the day, it’s the customer that matters most, and customers are clearly saying they want choices, and they want performance and innovation to flourish. Proxy will stand by its customers in light of the threats by HID.”
In response to HID, Proxy announced that it will provide a replacement Proxy reader for any HID reader that has had its warranty voided as a result of the customer using Proxy hardware or software.
“We stand by our products and their performance, follow industry standards and best practices, and test our products on all access systems to deliver high quality and performance. Indeed, we are also announcing that, as of today, Proxy will provide a free Proxy reader to replace any currently installed and operational HID reader. That’s our commitment to the customer and industry,” added Cook.
HID's closing statement in its advisory puts the final punctuation on its position: “As always, our customers’ security and system performance are HID’s highest priority. HID cannot stress enough the importance of procuring genuine accessories and peripherals for HID products solely from HID through HID authorized channels. Our ability to provide customers with safe and secure solutions relies on ensuring that only tested and authorized devices are supported.”
About the Author:
Steve Lasky is the Editorial Director of the Endeavor Media Security Group and is a 34-year veteran of the security industry. He can be reached at [email protected].