How Hackers are Remotely Scanning and Copying Security Badges

  • Security

Imagine working your tail off until the Noon hour, walking down to the local pizzeria and passing by a man with a backpack. You nod your head in his direction and proceed to enjoy a tasty lunch. By the time you return to your cubicle, your security badge has been scanned and copied. The man with the backpack has cloned a replica of your security badge and is poised to walk right into your office without hindrance. This nightmare scenario is now a possibility due to advancements in hacking.

Identity Theft in the Workplace is on the Upswing
Hackers have developed custom systems to copy and replicate RFID tags in a remote manner. Though few understand what a RFID tag is, most people have used one. It is a radio-frequency identification that makes use of electromagnetic waves to monitor and pinpoint tags. Such tags are commonly embedded in ID cards used at offices and other places of employment. They are ubiquitous throughout the tech industry. Think of all those times you have tapped your ID card against a reader in order to gain entry to your office or another portion of the building in which you work. The form of security is no longer foolproof. It is now quite easy to copy ID badges even from several feet away.

How the Hack Works
Hackers remotely scan employee cards by walking past them or standing in an area where employees pass by. The data is transmitted to a cloning machine that can be upwards of 30 feet away. This machine generates a replica of the ID card. Hackers have even gone as far as developing Android apps that sync up with digital watches to provide notifications via chimes if their ID card scans proved effective.
This new hack is particularly concerning as most office workers stand near complete strangers when heading outdoors for breaks, lunch and business trips. They also interact with other individuals within the building in which they work. Any one of these individuals has the potential to be a hacker who is loitering in an attempt to steal employee credentials and gain access to his office. There is no need to physically touch the victim or his ID card to create a replica.

A Hack Within Everyone's Reach
Most people assume high-tech equipment that costs thousands of dollars is required to perform a hack like the one outlined above. The chilling truth is that this form of identity theft makes use of fairly basic technology that can be purchased on eBay. One can even pilfer the necessary equipment from parking garages and other spaces that use RFID-scanning technology.

The Only Constant is Change
Companies should re-think their security policy in light of this development. Scanning a security badge to access the facility is no longer an effective means of safeguarding information, equipment and personnel. A second line of defense such as a key code or a retinal scanner is necessary to prevent improper access by wrongdoers.