The flaws of RFID badges in access control
RFID badges in access control
Radio-frequency identification (RFID) systems consist out of two components: a tag and a reader that use radio frequencies to communicate. In access control, the tag is typically an access badge. There are three categories of RFID tags, based on the frequencies they use to communicate:
- Low frequency (LF) - 30 KHz to 300 KHz - read range up to 10cm
- High frequency (HF) - 3 MHz to 30 MHz - read range 10cm up to 1m
- Ultra-high frequency (UHF) - 300 MHz to 3 GHz - read range up to 12m
In general, a higher frequency range has a higher read range and a faster data transfer. As a downside, higher frequencies suffer from more interference with electromagnetic applications, liquids and metals.
There are two common types of RFID tags: passive and active.
- Active tags have their own power supply, usually a battery, to enable the communication with the reader. These tags have a bigger range and are typically used to track larger assets, such as containers, vehicles and machines. There are two variations of active tags. Transponders wake up when they receive a signal from the reader. Beacons constantly send signals at a predefined interval.
- In a passive tag system, the reader sends a signal to the tag. That radio wave is used to power up the tag. Next, the tag reflects a signal back to the reader.
RFID badges in access control
Usually, passive tags are used in access control applications, since only small pieces of information need to be exchanged. Examples of data that can be transmitted are identification numbers, personal information and pictures. When the door reader detects an RFID badge via radio waves, that radio wave is used to power up the tag and reflect a data signal back to the reader. The reader decodes this information and sends it to the host software. Based on the information provided, the host software grants or denies the user access and sends this information to the access control panel hardware, which controls the door.
The drawbacks of RFID in access control
Even though the technology has been in use for more than 20 years, RFID systems face serious shortcomings:
- RFID cards can be easily exchanged or stolen.
- The system can be hacked. For example: by eavesdropping an unauthorized RFID reader can listen to conversations between a tag and reader to obtain important access data. D. Maldonado, a Security Researcher, has demonstrated that RFID cards can be remotely copied in a matter of seconds at DEF CON 25.
- By verifying RFID badges, you verify the badge and not the badge holder. There's simply no certainty about the identity of the person.
"In seconds you steal someone's badge, have a complete copy, and you walk into the building." - D. Maldonado (Security Researcher)
The evolution towards biometric access control
Near field communication (NFC) is a newer technology, comparable to RFID. Most modern smartphones are equipped with NFC tags. Consequently, smartphones can communicate with door readers, making RFID badges obsolete. NFC only works at a smaller distance, 10cm, which makes intercepting the signal a lot harder.
Although NFC is already a step closer to a more secure system, loss, theft and exchanges of smartphones still form potential security breaches. In order to safeguard an office building, an industrial site or a production facility, there needs to be 100% certainty about the identity of the visitor, employee or contractor. This can only be achieved by implementing a biometric layer to the access control solution.