Contact Us Today 01642 716680

Are Smart Cards Secure?

What is Near Field Communication(NFC)?

NFC as a technology works in a very similar way to Crystal Radio. It is a method of receiving and processing radio signals. NFC adds another level to this which transmits from point to point using the power gained from these signals. This allows for two devices to communicate completely wirelessly without requiring any power source attached. This type of software is available to use all over the world as secure “smart-cards”. However, if the card has no internal power source it almost always uses this kind of technology. Are smart cards secure?

So, what’s the big hubbub over the years? We have found that NFC although extremely useful and effective has a bad track record with security. MIFARE classic cards, (a form of door access control system) hold renown in the security world for being trivial to crack. They also have the ability to be stolen by wireless pickpocket from a surprisingly large distance. Every office we have seen uses some variant of these vulnerable MIFARE cards because they are cheap to buy and easy to produce.

Access Security and Door access control are some of the most important parts of any business. Not just as part of a cyber security strategy to protect data but also to protect IP (Intellectual Property) as well as staff members.

Why are smart cards important for physical security?

Physical Access to a site spells doom for any company. Even if they have the greatest wireless or network security in the world. However, if someone can walk into a server room or steal a CEO’s computer, there is nothing that will stop them from retrieving the data from that computer or server.

Attacks like this have been publicly available since 2008, and you can be sure they are used to compromise companies all the time. One read of a card can give an attacker full access to your building without your knowledge.

So, what can be done?

If your company is using cards such as this or even if you don’t know and want to be safe you should:

  • Keep cards inside an NFC blocking sleeve when not in use.
  • Have a Red Team assessment to highlight vulnerabilities?
  • Check receivers for skimmers or changes.
  • Implement a form of more active security card.
  • Get an assessment from us by contacting us.

Frequently Asked Questions

How do smart cards work?

NFC as a technology works in a very similar way to Crystal Radio. It is a method of receiving and processing radio signals. NFC adds another level to this which transmits from point to point using the power gained from these signals. This allows for two devices to communicate completely wirelessly without requiring any power source attached. This type of software is available to use all over the world as secure “smart-cards”. However, if the card has no internal power source it almost always uses this kind of technology. These cards gain their power from the radio waves emitted by Access control system and transmits their door code.

Can smart cards be cloned?

Early smart card technology such as MIFARE classic cards, (a form of door access control system) hold renown in the security world for being trivial to crack. They also can be stolen by wireless pickpocket from a surprisingly large distance. Other types of smart cards are vulnerable to this type of attack and are very commonly seen in door access controls. Modern smart cards have managed to mitigate the ability for an attacker to clone cards but due to the widespread use of cloneable cards these modern cards are rarely seen.

What are smart cards used for?

Smart cards are used all over the place from door access controls in offices to tags on goods and clothing in order to track some data. These types of cards almost all use the same type of technology a form of RFID. Because they do not require any power source they’re useful for long-term storage and re-use of pieces of data that people require quick access to. They often contain some kind of user ID that can be used to direct a system to more information stored within a central database. this can then be used for some functionality such as opening a door or marking a piece of clothing as sold.