RFID Security risks: How to avoid holes in door access control systems


 Camilla Ashdow, 30. 06. 2023 | 5 min read

RFID (Radio Frequency Identification) technology is still the most prevalent technology in IP door access control systems. While RFID cards offer convenience and ease of use, a vast number of organizations are still relying on outdated 125 kHz technology from the 1990s. Given the frequency of security breaches nowadays, that’s worrying: these old cards are not secured and are very easy to clone. Read on to avoid holes in your access control!

door access control system


How RFID cards work

RFID cards, also known as proximity cards (125kHz) or contactless smart cards (13.56MHz), use electromagnetic fields to identify and track objects or people. RFID, or Radio Frequency Identification, is a technology that uses electromagnetic fields to automatically identify and track objects or people. RFID cards contain a small chip and an antenna, which communicate with RFID readers using radio waves. These cards work by using a process called electromagnetic induction. When the card is within range of an RFID reader, the reader sends out a radio frequency signal that is picked up by the antenna in the card. This signal provides the energy needed to power the chip on the card, which then sends back a response signal to the reader. This signal contains the information stored on the card, such as a unique identification number or account information.

There are two main types of RFID cards: passive and active. Passive RFID cards rely solely on the energy transmitted by the reader to power the chip and send the response signal. Active RFID cards, on the other hand, have their own power source and can communicate with the reader over longer distances. These cards are often used for tracking and monitoring applications.

RFID technology offers several advantages for IP door access control systems over traditional magnetic stripe cards. For one, RFID cards do not require physical contact with the reader, which makes them more convenient and faster to use. They are also more durable than magnetic stripe cards and can hold more data.

However, as previously mentioned, RFID cards also pose security risks. They can be vulnerable to unauthorized access, cloning, and interception. To address these risks, various security measures can be implemented, such as using RFID blocking sleeves or wallets, implementing encrypted RFID technology, and using strict access controls and monitoring.

 Security risks associated with RFID cards: is your door access control system secure enough?

One of the main security risks associated with RFID cards is unauthorized access. RFID technology is designed to make access easier and more convenient, but it also means that someone with an RFID reader can potentially access sensitive information without even physically touching the card. This is known as "skimming" or "scanning." Criminals can use small, portable RFID readers to capture information from RFID cards without the cardholder even realizing it.

Another security risk is cloning. Criminals can use an RFID reader to copy the information from an unencrypted RFID card and create a duplicate card in a few seconds. This creates a security hole in the door access control system: it allows them to gain access to secure areas or make purchases using someone else's account information.

Finally, unsecured RFID cards are vulnerable to interception. Hackers can use sophisticated equipment to intercept and decode the signals being transmitted between the RFID card and the reader, allowing them to access sensitive information.

Stay up-to-date with the latest news. Subscribe to our newsletter.

Solutions for making RFID cards, and thus IP door access control systems, more secure

Fortunately, there are several solutions that can make RFID cards, and therefore the IP door access control systems they operate as part of, more secure. One solution is to use RFID-blocking sleeves or wallets. These sleeves and wallets contain a material that blocks radio signals, preventing unauthorized access to the RFID card. They are an affordable and convenient way to protect RFID cards from skimming, scanning, and cloning.

In addition, organizations can implement strict access controls and monitoring to prevent unauthorized access to secure areas. This includes using security cameras, requiring multiple forms of identification, and implementing audit trails to track who has accessed secure areas and when.

It’s also important for individuals and organizations to stay informed about the latest security risks and technologies related to RFID cards. As criminals continue to develop new methods of accessing sensitive information, it is important to stay vigilant and proactive in protecting sensitive information.

The last solution is to use encrypted RFID technology. Encrypted RFID cards use advanced encryption algorithms to protect the data transmitted between the card and the reader. This makes it much more difficult for hackers to intercept and decode the signals, providing IP door access control systems with an additional layer of security.

RFID card encryption technology

RFID card encryption technology is a security measure that can be implemented to protect sensitive information on 13.56MHz RFID cards from unauthorized access. Encryption involves the use of complex algorithms to encode data, making it difficult or impossible for unauthorized parties to read or decode the information.

There are several types of RFID card encryption technology, each with its own strengths and weaknesses. Some of the most used forms of RFID encryption include:

  • Advanced Encryption Standard (AES): AES is a symmetric encryption algorithm that uses a key to encrypt and decrypt data. It is widely used in various applications, including RFID cards.
  • Data Encryption Standard (DES): DES is another symmetric encryption algorithm that was widely used in the past, but has since been replaced by more secure encryption methods.
  • Triple Data Encryption Standard (3DES): 3DES is a stronger version of DES that uses three keys instead of one, making it more difficult to crack.
  • Public Key Infrastructure (PKI): PKI is an asymmetric encryption method that uses a public key to encrypt data and a private key to decrypt it. It is often used in applications such as secure email and e-commerce transactions.

The way RFID card encryption technology works is by encrypting the data on the RFID card before it is transmitted to the RFID reader. The reader then uses a decryption key to decode the data and access the information. This means that even if an attacker intercepts the data being transmitted between the RFID card and the reader, they will not be able to read or decode the information without the decryption key.

Why should people use it?

There are several reasons why people should use RFID card encryption technology. First and foremost, it provides an additional layer of security in IP door access control systems that helps protect sensitive information from unauthorized access. This is particularly important for applications such as access control, where unauthorized access could lead to security breaches and compromised data.

In addition, the use of encryption can help organizations comply with regulations and standards related to data privacy and security, such as the Payment Card Industry Data Security Standard (PCI DSS).

2N® PICard: the best encryption technology on the market!

2N’s new solution for protecting against the RFID risks mentioned is built on MIFARE® DESFire® technology which was developed by NXP. This is the best in terms of speed, performance, and cost-efficiency, and allows you to provide the security you need in your IP door access control system with Protected Identity Credentials (PIC). 2N® PICard:

  • Delivers a completely secure door access control system
  • Combines a high level of security with a simple workflow
  • Offers flexibility for both facility managers and system integrators

Download our leaflet for more in-depth information about the technical specifications, how it works, and the many benefits it offers door access control systems

>>Download the leaflet

In conclusion, while RFID technology offers convenience and ease of use, it also poses significant security risks to IP door access control systems. Unauthorized access, cloning, and interception are just a few of the risks associated with RFID cards. Fortunately, there are several solutions available to make RFID cards more secure, including RFID blocking sleeves, encrypted RFID technology, strict access controls and monitoring, and staying informed about the latest security risks and technologies. By implementing these solutions, individuals and organizations can enjoy the benefits of RFID technology while also protecting sensitive information from unauthorized access.