Farpointe advises on how to protect the Wiegand protocol from attack
Sunnyvale, Calif., USA - October 8, 2015 - Farpointe Data, a DORMA Group Company, the access control industry's trusted global partner for RFID solutions, today announced that since Wiegand is no longer considered inherently secure due to its obscure and non-standard nature, users, integrators and manufacturers need to be on-guard. Wiegand is the industry standard protocol commonly used to communicate credential data from a card reader to an electronic access controller. In these attacks, a credential's identifier is cloned, or captured, and is then retransmitted via a small electronic device to grant unauthorized access to an office or other facility.
"Instead of skimming, eavesdropping and relay attacks on the card itself, more sophisticated hackers are attacking the Wiegand system," explains Scott Lindley, Farpointe Data president. "For those that consider this a problem - and many should - the good news is that there are a series of remedies that can be taken by users themselves, integrators and manufacturers of access control systems. We'll be discussing these in depth with attendees at the ISC East Show at the Javits Center North in New York City November 18-19 in our booth #533."
According to Lindley, card holders should avoid presenting access control credentials to any access readers that appear to have been tampered with. Secondly, these same card holders should be encouraged to quickly report any suspicions of access control system tampering, including instances involving either the access control readers or access credentials to the facility's security and management teams.
Among a series of antidotes, integrators should install only readers that are fully potted - and immediately suggest an upgrade to those that are not - to stop any access to the internal electronics from the unsecured side of the building. Mounting screws should be hidden from normal view. Security screws should be considered. Using a continuous overall foil shield tied to a solid earth ground will help block signals. Perhaps the easiest solution is to deploy access control readers with an output alternative to the industry-standard Wiegand output, provided they are supported by the electronic access control system. Alternatives can include ABA Track II, OSDP, RS485 and TCP/IP.
Access control system manufacturers can provide credentials other than those formatted in the open, industry standard 26-bit Wiegand. Not only is the 26-bit Wiegand format available for open use but many of the codes have been duplicated multiple times. They can also offer a custom format with controls in-place to govern duplication and avoid multi-technology readers as duplication risks increase. Credentials that include anti-tamper technology, such as Valid ID, indicate to the system when it detects tampering. Credentials with an anti-playback routine, such as transmitters as used in Farpointe's Ranger Series instead of cards also provide additional safety. Among still other remedies, they can also provide a smart card solution that employs sophisticated cryptographic security techniques. An example is a MIFARE® DESFire™ EV1 card making use of AES 128-bit encryption.
"We must always stay one step ahead of the bad guys," adds Lindley. "There are many ways to obviate card system security, whether via the card itself or via the Wiegand communication protocol. We will be highlighting how any of these assaults can be defended at ISC East."