Fob clones key to overcrowded flats

Fob clones key to overcrowded flats

When new technology replaced old-fashioned cut keys with electronic readers there was one aspect of apartment living that took a step back – security.

It was actually quite difficult to get locksmiths to cut copies of high-security keys.  And that made it hard to allow free access to overcrowded apartments – elaborate key drop plans had to be organised, like spies in a John Le Carre novel.

But then there was the intercom – wire up a mobile phone to trigger the entry button and all you had to do was give your 36 tenants the phone number and they could get access to your three-bedroom flat (that’s counting the laundry cupboard as a room).

Then along came electronic key fobs and security went out the window with anyone and everyone able to copy fobs for as many people as they wanted.

Have a look at this video from a Current Affair to get an idea of the extent of the problem.

httpv://aca.nine.com.au/article/9148223/swipe-key-scam

The Owners Corporation Network internal mail has been running hot with this all week:

“Two important things coming out of this,” says Franck the French.

“1: There is no current definition of what is an RFID security access card/fob. thus not subject to security laws and legally possible to be duplicated regardless our building by-laws!”

“2: Over 95% of residential buildings are equipped with unsecured access control system, access cards/fobs that can be duplicated. (it’s accurate as i walked myself all the streets of Sydney/Melbourne/Gold coast, to create my own security map)
“I’m happy to finally hear that the regulation is going to be reviewed after asking for it since years! Between 2014 and today, I managed to stop over 20 illegal key dealers between Sydney and Melbourne, today one more is almost out even if his websites are still running right now!
“Knowing how easy it is to duplicate a key, there is no doubt that slumlords overcrowding our residential buildings are using key cloner machines without the help of any illegal key dealers.
Conclusion, this problem will keep growing up like i predicted years ago and the only way to stop it, is to review current access control systems that are for most of them hackable.”

Hear-hear, Frank. You derive a medal for services to security.  If anyon is interested in joining OCN – the only independent voice for apartment owners, go to ocn.org.au

(Visited 370 times, 1 visits today)
Facebooktwittergoogle_plusredditpinterestmailby feather

1 Comment

  1. Hi,
    To follow up on this, the Locksmith association actually didn’t improve the legislation as they simply totally removed the definition of a restricted key in the legislation.
    Absolutely non sense but it did happen and now even duplication a metal key “DO NOT COPY” is actually totally legal.
    We were asking them for years to add to the definition of a restricted key, the SECURITY ELECTRONIC KEY FOBS, but i guess some people at the Master Locksmiths Association aren’t very smart…

    However most of Locksmiths will no duplicate your DO NOT COPY KEY because they still respect their competitors who supplied and installed the locks but we already found 2 locksmiths down Melbourne that have no issue doing it! both are a franchise called Mister Minit and they also now advertise for key fob duplication.

    Since i wrote the post on OCN, no improvements happened in the security industry of Australia as HID GLOBAL the leader in security technologies still lobbying the industry and teacher bad security practices to security installers and consultants as well as their distributors.

    So now you have what we call HID iClass SE, readers of the 4th generation that are still based on a bad security designed, cracked in 2010 and that has been repetitively cracked till now.

    Security installers still listen to their distributors and still don’t try to learn or test by themselves the security they installed because they have actually for a majority of them, no knowledge at all in RFID systems and because they are simply to lazy to run a quick search on google to find out about crackability of the readers they advise to install and supply…

    It’s very sad and disturbing to see a whole industry totally uncontrolled, the only thing needed to become a security installer is a security licence, you simply buy it, no need to learn anything about security, no need to have even a bit of knowledge with RFID systems, you can rely on the security distributors who will brainwashed you with HID iClass making sure that you believe it’s secured and they will give you all the datasheets to connect the readers to an existing installation or a new building.
    They will also keep selling readers for a very cheap price ($90 inc GST) and will keep the end users (residential building Owners) under control as the building become dependent of the security installers when they need extra key fobs. (not so much anymore with security companies that can crack iClass and thus program the key fob themselves) however HID Global is the only manufacturer of the iClass chips so end of the day we all depend of them, if they want to increase the price of the fobs, we all have to follow.
    If the distributors don’t want to sell anymore iClass readers knowing that it’s already cracked, then HID Global will stop selling them Fobs, that isn’t a good deal for them because it’s a big part of their incomes so they keep selling again and again and lying to everyone, be reassured the distributors themselves for most of them, have no ideas that iClass is cracked, of course HID tell them the opposite.

    HID is making proprietary systems using their own encryption (cracked), only open security system can warranty the security of the end users and if you want to know more about it, i recommend you to read “Kerckhoffs’s principle”,
    “Auguste Kerckhoffs six design principles for military ciphers”
    “Security through obscurity”

    HID GLOBAL is into the Security through obscurity and nothing is open source, which should be enough to start considering better technologies, open source based.
    If not simply remember that HID proximity readers were cracked in 2005, HID iClass 2010 – HID iClass 2nd edition and gold-class in 2012 then ER then SR then SE…
    This is enough proof and facts to stop using them for good.

    To finish, the government is also responsible and guilty of not impossible better legislation and control over who can become a security installer or not and what studies should be enrolled.
    The government should look at the french CNIL, which will also stop the proliferation of BIOmetric Fingerprints readers where your fingerprints are saved into the readers! which makes your fingerprints hackable directly from the BIOmetric reader, in Europe such devices are prohibited and you can only save BIOmetric fingerprints into a KEy fobs with a minimum of AES256BITS encryption. After all the fingerprints are parts of your body so they should stay with you at all the time…
    In Australia you can buy multiple bad BIOmetric devices from TW and Korea, we are far to be secured in this country and we keep going lower…

    Note that now multiple key fobs dealers are now holding a security licence and think it’s all normal and legal to duplicate access keys regardless their utilization. Thanks to the SLED and Master Locksmiths association…

    Good Day to everyone and hopefully you won’t ever again install an HID Global system in your building.

Leave a Reply

Your email address will not be published. Required fields are marked *