It's a video that should give pause to any organization that uses radio-frequency identification (RFID) cards as employee badges.
TechInsider recently posted a video that the company shot with Redteam Security, an online security consulting group, that shows just how easy it is for hackers to not only copy the data on a smart card, but to also copy that data to a new card to create a fully functional clone.
If you're an employee whose company uses smart cards for access, the video is a bit troubling.
For security directors at government organizations, utility companies or organizations dealing in confidential matters, the video is chilling:
"That's how easy it is for someone to get access to our building, our computers and our data."
See the video that will keep security directors up at night
TechInsider gave us permission to embed their video in our post.
Scary, isn't it? In just seconds, Redteam Security's employees were able to make an exact copy of an employee's access card, essentially giving their team unfettered access to the office after business hours.
What implications does this have on users of smartcards?
It's not an exaggeration to say nearly all cards used for access at office buildings, data centers, factories, government buildings and more are susceptible to hacks like this. After all, the vast majority of cards used for access are RFID cards, namely smart cards.
When it comes to the impact a hack like this could have on a company, Tech Insider and Redteam Security showed just how far they were able to get in an article posted back in April.
In the article, Redteam employees detail how they're able to gain nearly unfettered access to the computers and offices of a small power company.
With this access, they postured that it may have been possible to get so far into the company's system that they may have been able to shut down the power grid.
Yes, all from an unsecured RFID card.
It's important to note that the above scenario represents an extreme case, and that large utility companies and organizations dealing in confidential information probably have multiple layers of back-up security.
However, the case above does illustrate just how vulnerable RFID cards are to cloning, and how delicate many security systems are. After all, how secure is your system if all it takes for it to be compromised is a man or woman standing near you with a small card reader?
With RFID cards becoming increasingly popular for use as dormitory access cards, apartment building access cards and even home access cards, it's important for users of these RFID cards to protect themselves from security breaches by protecting the cards that leave them vulnerable.
How can you protect yourself from RFID card cloning?
The easiest way to protect a card from being cloned or skimmed is actually something we've discussed in this blog before: shielded badge holders.
Shielded badge holders are card cases or sleeves that contain a thin layer of metal. This metal serves as a barrier between the enclosed card and an RFID reader, legitimate or malicious.
When the reader sends signals out to try to read the card, it's unable to get through the metal, rendering it unreadable.
Had the card in the Tech Insider video been inside of a shielded badge holder, Redteam Security wouldn't have been able to clone it due to the reader's signal being unable to pick up the card's information.
It's that simple. By using a shielded badge holder, you're taking important steps to decrease the vulnerability of your RFID cards, thereby increasing the overall security of your facility.
As we stated above, it's important to not get worked up into a hysteria over what Redteam Security was able to accomplish. However, the video does show just how easy it would be for a malicious hacker to gain access to a facility, if he or she had the right tools.
If your facility uses RFID smart cards and is worried about the breaches in security that could result from card cloning like the kind that occurred in the video, you can protect your facility with a shielded badge holder.