Access Card Penetration Test

RFID cards and key fobs are typically used today for access to office spaces. There are a wide variety of solutions on the market, differing significantly in terms of security capabilities. Many access cards can be cloned using readily available specialized hardware. In some cases, all necessary data can be read using a common mobile phone with NFC support. Some cards do support cryptographic protection of stored data, but they use weak algorithms that are vulnerable to known, practically feasible attacks. We have seen multiple cases where even the use of high-quality system components does not guarantee secure implementation.

We offer an audit of the access control system, including practical demonstrations of exploiting potential vulnerabilities.

We can handle all commonly used access systems that utilize LF, HF, and 1-wire chips.

• Low-Frequency (LF) Cards – LF cards operate at 125 kHz. They are typically simpler and more affordable, using EM410x or EM420x chips. A wide range of LF solutions is available on the market. The most notable providers include HID Prox, Indala, and Jablotron.

• High-Frequency (HF) Cards – HF cards operate at 13.56 MHz and utilize the NFC standard, often extended with proprietary enhancements from individual manufacturers. This is currently the most widely used variant and offers the best protection against cloning.

• However, there are also solutions that cannot ensure high security, or provide only weak cryptographic protection. Notable examples in this category include Mifare Classic, Mifare DESFire, HID iCLASS, and HID Seos. It is also possible to use any standard NFC tags. A special category is contact-based 1-wire chips, such as iButton, which are available in various models with differing levels of security.

Final Report

The test output is a final report containing details of the test process, description and classification of identified vulnerabilities, and recommendations for risk reduction. The report is structured into the following sections:

• Executive Summary – A concise overview of the test process and key findings.

• Test Description – A description of the testing methodology and an overview of all activities carried out.

• Findings – A detailed breakdown of the results from tests of individual devices.

• Summary of Recommendations – A clear table of recommendations to address weaknesses identified during the test.

Other Types of Testing

In addition to the tests described above, we also provide our clients with various other types of penetration testing – see Penetration Testing Overview.