In some facilities, all employees are required to wear a badge so that they can easily be identified. Some badges are simply plastic and have no embedded technology. However, some use a radio-frequency identification (RFID) badge system for physical security. These badges contain an employee’s authorization credentials and use a proximity reader that reads data from either an RFID or near-field communication (NFC) tag when in range.
RFID is a standard for identifying and keeping track of objects’ physical locations through the use of radio waves. RFID has many applications, but in the context of physical security, it is often used with identification badges and works in the following manner:
-
An RFID tag that contains an antenna and a microchip is attached to the badge.
-
A door lock that contains an RFID reader continuously sends a signal into the area surrounding the reader.
-
The RFID tag’s antenna picks up this signal when in close proximity and the microchip generates a return signal.
-
The RFID reader receives this signal and opens the lock if the signal is authenticated.
Unlike a card with a chip or magnetic stripe, an RFID badge does not need to be waved in front of the reader. It simply needs to be within a few feet of the reader and can be inside of a bag, affixed to someone’s shirt, or otherwise physically obstructed. RFID authentication systems can support granular access control with unique badges, allowing only certain badges to open certain locks. Although a badge is technically a “key” to the RFID lock, it helps to mitigate lock picking while still requiring that the user present a specific item for authentication.
If a facility is using a badge system to identify employees, an unauthorized person can either steal or clone a badge to circumvent physical security.
Badge cloning is the act of copying authentication data from an RFID badge’s microchip to another badge. This can be done through handheld RFID writers, which are inexpensive and easy to use. To clone a badge, complete the following:
-
Hold the badge up to the RFID writer device and press a button to copy the data.
-
Hold a blank badge up to the device and write the copied data to create a cloned badge.
Some badge cloning tools can read the data like any normal RFID reader, that is, the reader can be several feet away and concealed inside a bag.
Keep in mind that badge cloning is most effective on badges that use 125kHz EM4100 technology. This type of badge does not support encryption and will begin transmitting data to any receivers that are nearby.
Newer RFID badge technology uses higher frequencies that increase the rate at which data can be sent, and most support the use of encryption. These badges broadcast only certain identifying attributes rather than all authentication data on the badge.
Despite the advances in security, these encryption-based badges can still be cloned with the right tools, such as an Android device with NFC capabilities and a cloning app. In addition, certain apps will contain the default encryption keys that are issued by the badge’s manufacturer. Many organizations fail to change these keys; as a result, the badge’s data can be easily copied to a new badge through NFC.