While 13.56 MHz HID SE and Seos are marketed as high security and used in critical infrastructure, they are just as vulnerable as long-cracked 125 kHz credentials in a downgrade attack on most HID readers.
HID has never officially disclosed this, despite at least three offerings over the past 18 months that IPVM found, including a mail-in service that exploits this.
HID did respond to IPVM's inquiry, emphasizing that they know of "no security incidents" exploiting this and that they "recommend disabling unused, legacy credential technologies," failing to acknowledge their central role in literally enabling this.
This attack is far more serious and a practical risk than the recent OSDP "Badge of Shame" vulnerability. And this is different, and in addition, to the long-known risk of copying 125 kHz cards.
We urge HID users to assess and mitigate these risks immediately.
In this note, we explain:
Risks ************* ******
***** **** ****** *** **** ***** amongst **** ******* *** ************* *********** for **** *****, **** *** ************* increased ** * ********* *******, ** the **** ** ******, ** *** attack *** *********** ****** ***********, **** the ******* **** ***** ********* ***, ********-****** ** *** *******, *** ** ******/**** ***** *******, MrKeyFob, ****** **** **** ** ** even *** ***-********* *****.
******* ****, ***'* ****-********* "******** *******" defaults ** ******** **** ****** ** be ******** **** ******* ** *** Seos ***********.
How *** ****** *****
**** ******** ***** ***** ** ******* the ******:
*** ***** ***** ***** *** **** physical ***** ** *** ******:
*** ********* ******* **** ** ******* "high ********" **** ******* **** *** reader *** ******* ** ** * 125 *** **** ** ** ******** by *** ******'* ******* *** *** channel, ********** **-******* ** *** **** reader ** ****-******** **.** *** *******. The ****** ********* ******* ***** *** "********" ********* *******, ***** ****-******** **.** *** and *** *** ******** *** ******* simultaneously.
**** ******* ******* **** *** *** "standard *******" *** ** ** *** first ****** ** ***'* ******** *******:
Readers ********
*** ******* ******* **** **** "********" support **** ** * "**********" *******. Previous ****** ****** ***** ***** ******* branding ** *** ****** ** **** multiclass / *****-****** *******.
***** ***** ******* ** *** **** outward ********, *** *** **** ****** version ** ***** *******, *** "******** Profile" ******, ******** **** ** ***** frequencies. *** *** ********** *** ***** readers **** **** **** *********** ******* by ******* *** ******* ***** ** disable *** *** ********.
Technical ********
* ****-***** ******** ** *** ********* elements ****** **** ****** ********:
3 **** ** *******
***** *** ***** **** ** ******* HID ** / **** *****:
*** ******* ****** ** *********** *********** is ** **** **** ****** ** a *** ***** ******. *** ******* is '********' ***** *** * '****-*-******' program *** $**, ***** *** *** sent * *** ** *******, ***** reads *** ** / **** **** onsite *** ******* *** *********** *** cloning. **** ******** **** ****, ******** * ****** ** / **** card ** *** *** $**.
******** ******* ** **** **** **** do *** ********* *** **** ** 125 ***, ********* ******** *** ******* to **** **** **** **.** *** enabled ** / **** *******. *******, we *******, *** ******** ** ******** or ********* ***** ** ***** ********* for ******* ** / **** ***** exists. ******, ******** ** **** ****** using **** ********* ******, ************* **** most *** ******* ******* **** **** and *** *********, ******* **** *** the ***-********* ********, ** **** **** the ****.
***** ***** ***** *** ******* ** having ** ****** ** ********** ******:
*************, *** ********* ****** *** ** performed ***** ********* *** ********** ****, ** *********** ********* ******** *** ********** ** *** *** *** ** / **** *****. ******* **** *** the ********* ***** **** ~$*** ** total.
*** ******* **** ********* ****** ******* the ***** ******** *****: ******* *** credentials **** *** ** / **** card, ******* ** **** * *** kHz ****, *** ******* ****** ******* readers ** "******** *******".***** **** ******************* *** ********* ****** **** ******* Zero.
*****-*** * *********-***** ****** ******** ** 2021 ******** *********** ********, **** *** **** / ***** access ******* ***** ***** *** ******* reader, *** *** ****** ** / Seos ********** ** *** *******.
*** *** ********* ***** ** ** *** ****** SE ******, **** *** ****** ************ modifying *** **** ** ******** ********** data **** *** * ** *** iCopyX **** ****.
*** *****-* ****** **** *** *** decoder ***** ~$***, ****** ** ** expensive ****** *** *** ********* ******.
Response **** ***
***** ** ***'* ******** ** ****'* questions ***** ****, ****** ** ****:
** *** ***** ** *** *****-* and ******* **** *******, ***** *** be **** ** ******* *** *************** of ****** ************. *** *****-* ****** reads ********** **** ***** *** ******** standard ******* ****** ** * ******, while ******* **** **** ******** ********** to **** ********** ****. **** *** credential **** *** **** ****, ** can **** ** ****** ** * legacy ********** **********. ** *** *********, there **** **** ** ******** ********* for *** ********* ******* ** ***** devices. ** **** ********* ********* ***** access ******* ******* **** ********* ******** related ** ***** *******, ** ********* disabling ******, ****** ********** ************ ** access ******* *******, ** **** ** leveraging ****** ******/***** ************* **** ********** through *** *** ** * ************* protocol, **** **** **.
** ******** **** ***'* ******* ** "legacy ************" ***** *** ********* ******* credentials *** ******* **** ***** ************ today. ******, ** ** ***'* ****** to ******* ** ********** ***** "****** technologies" **** **** **** **** * particular ********* ****.
*** ******* ** ****** ***, ******* them ***** ***** ** **** *** easily * ****, **** ********* ** formal *******. ******, ** ********** ** this ****** *****'* ******** ******, ***** ******** ******** *** ***************.
HID ********* *******
** ******* ***** **** ***** ******** **** **** ** *** UK *********** ************ ** *** ********* ** minimize ** ** ****** ** ******* "legacy ************":
*****, *** **** "****** ************" **** HID ********* ** *** **** ******* but ** ******* *******.
*** ** **** ***** ** *** risk ** ******* ***********, ********* ** / ****, ***** **** ** ******. For *******, ***'* **** ********* ******** poster**** *******, *** **** ****** ******* ** these *****:
How ** ******** ******* / ******* *************
**** ***** *** *** *** *********** (which ****** **** **** **** **** years ***) *** ****** *** ******* have ** / *** ********* / 125 *** ******* ********. *** ***** below ***** ***** ** **** ***** settings ** *** ******* *************:
********, *** ****** ****** *********** ********** 125 *** ******** **, *********, ******* all ** / *** *** ********** support, ** *******.
Mert, Brian, nice reporting!
HID should do better in responding and dealing with this. For example, here is how they market Signo:
At the same time, Signo's "standard profile" is to enable cracked 125 kHz, which, for at least the last year, also allows "secure" SE / Seos credentials to be copied and exploited by this downgrade attack.
For what it's worth, the Signo readers ARE materially superior in many ways, including some under the hood stuff that no one outside of HID Engineering or a handful of security researchers can appreciate.
If someone knows what they are doing, they can build a great system using Signo readers. Unfortunately, much many stakeholders don't care if someone knows what they're doing. They just want "easy" and "good enough" at the "best price".
HID is responding to market demand just as much as they are creating it. Until there is a reason the company won't make money hand over fist by marketing the way they do, there is no business case for HID to change anything.
If we want to effect change, we need the help of all other manufacturers, integrators, and informed customers. Even then, you're still going to have to justify the extra cost to the bean counters.
P.S. Just to be clear, this isn't an HID love-story here. I am simply offering the most pragmatic advice for 99% of businesses.
My official stance on HID's current product portfolio is this: I do not recommend any of HID's current non-PIV offerings for any high security installation that requires resistance to advanced threats.
So it's only multi-technology credentials on a multi-technology enabled reader? Cloning a prox credential isn't really new.
What is new is reading and then converting SE / SEOS credentials into Prox / 125 kHz, leveraging that to get access even if users have SE / SEOS cards. While cloning Prox / 125 kHz is many years old, this technique is new in the last 1 year or so.
Well, this is not really new. I used this method about 6 years ago to convince a customer to get rid of their Multiclass readers. Read one of their credentials using a USB reader attached to my laptop and produced a Corp1000 125kHz card a few days later from an online source allowing me to badge in as the director of security. Readers got upgraded.
In addition, while in my customer's office, I was able to see a box of cards behind the receptionist showing the Format, FC and card range. With this information, I don't even need the card. I cannot tell you how many times I see this.
Bottom line, having a SEOS or iClass SE with 125kHz readers is pretty much useless.
As a standard, we insist our customers use High Frequency readers only. If they are in transition, and depending on the number of readers and cardholders involved, we may recommend a dual tech card for the transition period, moving to single tech once all readers are replaced. We try to use dual tech readers as the last resort. Keep in mind, the MultiClass readers have the low frequency antenna in them. Even if you disable 125kHz, re-enable it may be a simple as a configuration card or using the HID reader manager app for the Signo readers if they are not locked by a Elite or MOB key.
From an objective perspective, the technique is not new at all, even in regards to Seos, DESFire, or any other "secure" credential technology.
That said, I think technical topics like this will always be new for some people. There are always going to be new opportunities to share industry knowledge.
This potential security issue is present in a lot of multi class card readers. We have begun working with the manufactures to disable all unused formats in the field to safeguard against this. We have noted that HID will not allow you to field disable the Bluetooth component in the field and quite a few high security installations will not allow any type of Bluetooth or NFC to be present at the card reader, not just disabled, but physically present.
Keep in mind that unless Elite keys are used, standard configuration cards or mobile apps can still be used to re-enable the legacy technologies or even enable technologies that weren't enabled in the first place.
There are some undocumented methods for disabling BLE administration reconfiguring the readers over OSDP or UART. I have a few clients that have done this and the main issue is that once this is done the reader can only be reset by OSDP command or by configuration card.
One of the supported features in Asure ID and an encoder is loading custom admin keys to a reader.
This disables reader manager and config cards, and is reversible. Just remember to back up your custom keys!
There is nothing revolutionary here. This has been a known issue. HID has always told us to turn off unused technologies to decrease the attack area.
to decrease the attack area
Decreasing the attack area is a general cybersecurity principle.
The question is, why does HID default to this being enabled in the standard profile? This makes it far more risky since they default to an increased attack area.
They probably leave 125kHz and all of the other technologies enabled by default because they would have a lot of unknowing installers complaining that 'the reader doesn't work' when they don't know what HID Reader Manager is. Manufacturing products for the masses unfortunately forces you to lower the defaults so anyone with a screwdriver can install it.
unfortunately forces you
They are a billion-dollar-plus division of the world's largest access control company. They are not "forced". They do this to make money at the expense of security. Corporations have free will.
Good point John. what I meant by 'forced' was that they would be inundated with tech support calls and RMAs for perfectly working products, in effect making 'best practice' defaults difficult to feasibly sell.
Corporations have free will, but they also have a legally binding fiduciary duty to their shareholders.
I've spent many years directly interfacing with a diverse variety of end-users, integrators, and manufacturers. When you're a company deploying 20K plus readers globally and working with hundreds of different integrators worldwide, the small "inconviences" add up shockingly fast.
They may make money at the expense of security, but client are also saving money at the expense of lesser security.
The more we can speak openly and honestly about these challenges, the more market pressure will be applied on companies to so they can justify more secure default configurations.
The more we can speak openly and honestly about these challenges, the more market pressure will be applied on companies to so they can justify more secure default configurations.
Very strongly agree! Thanks for you comments Babak!
They don’t default to anything. They ship what we order.
You go to the “how to order guide”, it shows you what is enabled, you order it.
If you want legacy, pay more and order legacy.
The only “default” is when you do things like buy a promo bundle with one of each reader for demos. The demo readers support everything, because they are for demos.
#14, thanks, by default, I mean its literally called "standard" and its the first option on the list of the How to Order Guide, screencapped below for others reference:
By calling something "standard" and listing it first, it's a clear sign that this is an acceptable and recommended offering.
If HID is genuine in discouraging people from choosing this, they may consider calling it "Insecure Legacy Profile" instead of "Standard."
That’s descriptive, not prescriptive.
That is the standard profile that installers order.
It’s not a recommended offering, as they charge you more and the configurator tells you it’s more expensive and less secure. There are multiple white papers and partner resources saying not to do it.
Changing the name might clarify it, but they can’t tell installers they won’t support Prox. We would install something else. Nobody wants to keep 10 reader SKUs on the truck.
So, I have a binder of config cards to quickly disable the configs I don’t need. Like HID recommends.
NOTICE: This comment has been moved to its own discussion: Does HID Including Prox Support In Its Standard Profile Descriptive Of Proscriptive?
Um, duh... I wouldn't even call this an attack. I am more shocked that you are presenting this as "new," and isn't common knowledge. This has been an issue or a vulnerability since 13.56 was introduced. I wouldn't even blame HID since they tell you to turn off what you aren't using. I agree they should turn it off by default, but I am sure they don't want the million tech support phone calls. I would blame the integrator for being too lazy and always selecting a multiclass reader because it's convenient and the techs and engineers for not knowing or being taught.
you are presenting this as "new," and isn't common knowledge
Louis, with real respect for your knowledge, I think you are conflating what you know versus what is commonly known.
HID has never publicly disclosed this. There are no mainstream nor specialist publication articles that we can find referencing this.
would blame the integrator for being too lazy and always selecting a multiclass reader because it's convenient
HID encourages this as the "standard profile." Manufacturers have the most knowledge and power over these things, especially someone as gigantic and dominant as HID. Blaming the integrator absolves the manufacturer from their own real responsibility.
John,
I remember this being a popular conversation around 2016 in cybersecurity circles with iClass SE. There are YouTube videos, and I know of one with Kevin Mitnick(the most famous hacker) mentions this in 2017. The recent all-in-one pentest Flipper tool that incorporated this method into the tool is coming back around, and I am glad it is. I just assumed more people were aware of this.
I wouldn't use the word "encourage." HID has encouraged people to move off prox and other 125k credentials for years. Their Howto order guide has a flow chart on what reader to select and directs you to Seos only first, with the standard profile as a last resort. Standard is the most versatile reader, but there will be issues if you hang it on the wall and walk away just because it is the easiest solution. HID said turn of legacy credentials / get off prox, there is more than one reason to do this, and I don't expect them to detail every one.
I am not trying to defend HID, but I don't consider this a manufacture vulnerability. This is a lack of proper programming/configuration vulnerability. As mentioned in another comment, physical security can learn much from cyber security. One of the most basic concepts is the Principle of least privilege. Turn off everything you don't need because giving someone too many rights or leaving things you don't need is considered a vulnerability. It's up there with changing the default password.
I agree it would be much better if HID shipped all readers with everything turned off.
Kevin Mitnick(the most famous hacker) mentions this in 2017.
Here is that video. He addresses HID SE in his comments, although he calls it 'hid', not "H.I.D'.
In his demo, Mitnick talks about stealing an SE card in the bathroom using an older version of Proxmark3 to steal a badge then emulating a 125 kHz card:
(11:41 timestamp if it doesn't embed right)
Also it's worth mentioning: RIP Kevin Mitnick (July 16, 2023)
I personally built a handful of Kevin's RFID tools, and can assure you he was not reading SE cards using a Proxmark3.
We were originally doing downgrade attacks using regular off-the-shelf readers.
Before the Proxmark3's iCLASS support was as stable as it is now, we used HID's old RWK400 readers to read-write iCLASS Standard credentials with greater reliability.
Me too and other tools. These methods for testing physical security and how to mitigate by turning off legacy credentials has been known for a decade, maybe more.
There are no mainstream nor specialist publication articles that we can find referencing this.
I agree that no everyone has been exposed to this problem, but I've been speaking fairly prolificly about this for some time in the professional hacker community, with a number of our Fortune 50 clients, manufacturers, and with integrators.
From my own experience it's sometimes hard to identify what topics are reasonable to be "louder" about, and which ones are not. All we can do as an industry is do our best to continue conversations and build alongside each other.
The main thing I strive for is avoiding hyperbolic statements that can somtimes undermine the validity of the rest of the topic.
IMO, the integrators are responsible for this problem. 9 out of 10 sales reps or sales engineers know one reader model number because it's easy. They stock multiclass readers for service because they can use them anywhere. It's the easy button and no one has to think about it or question if the credentials will work. The install techs hang the reader on the wall and walk away, leaving the site vulnerable.
Obviously, this is old news to most of us in the comments, a decade late to be reported on.
NOTICE: This comment has been moved to its own discussion: Integrators Are Responsible For HID 13.56 Mhz Downgrade Attack
Replying to “Undisclosed Manufacturer” with their name defeats the purpose of undisclosed posting, does it not?
This person posted with his full name and then, afterward, edited his comment to remove his name.
I did edit my post and removed my name. My name and LinkedIn >>> https://www.linkedin.com/in/louis-romano-cissp/ i
Are Seos Elite Keys vulnerable like Seos standard keys for this?
We reached out to HID to confirm if Seos elite keys are vulnerable like standard keys. Will update once we receive HID's comment.
I think it would be only if you also stole/"borrowed" a reader with that elite key and used that to read the elite keyed credential to obtain the facility code and credential number.
This is correct.
The nature of the vulnerability has to do with how credential authentication is layered in modern access control systems.
99% of door controllers have no ability to discriminate between different credential technologies because all the controller receives is Wiegand data bits either via Wiegand or via OSDP.
You only need two things to "clone" a card.
1. A way to "read" the Wiegand data. Any reader with the approprite keys can do this.
2. A way to get the Wiegand data to the door controller. This can be done by encoding the data onto a compatible credential, replacing the reader with another one, or by attaching to the Wiegand wires directly using an ESPKey or similar tool and injecting the data.
The issue discussed here is not SEOS keys being vulnerable. The exploit is using the 125kHz side of a multiclass reader to gain entry using a 125kHz card that has the same encoded information as a SEOS card.
For example, you have a site that is using SEOS cards but their readers not only read SEOS but also read 125kHz "Prox" cards. You read the SEOS card (very easily done with any HID reader) and you find out they have 37bit, Facility Code 100 and the Card number is 500.
You now encode a 125kHz Card with exactly the same bit format, Facility Code and Card number. This is very easily done with Off The Shelf equipment.
Because their readers read 125kHz "Prox" cards, you will be able to gain access, not "cloning" the SEOS card, but using a low security Prox card to carry the same Access Control information the SEOS card has.
It’s not a vulnerability. It’s a config option.
To answer your question more usefully, elite is a set of keys, and they change them all. Other readers can’t read your cards, which makes it hard to clone.
If someone gets the information some other way (like reading a box in your office, or you have prox cards, or an espkey sniffing the wire, or you have a number with no facility code they take a picture of, or they brute force a facility code), that’s part one of the attack.
If you also leave prox enabled, or legacy iClass elite, then it’s possible to write that card with no security, or attack the readers to get the key.
Same old problem : compatibility with unsecured credentials is a security threat.
That's why we use SEOS only readers. And why HID has SEOS class readers. Old news.
How do you handle facilities/enterprises transitioning from 125 kHz? Do you replace all readers and credentials at once with Seos? What if the customer requires a slow roll-out, how do you deal with that?
Use a multi tech then turn off the 125kHz when transition is complete is how we are doing it.
If you are using Signo Readers, make sure you add a Mobile ID to it (MOB) even if you are not using Mobile ID. Otherwise, anyone with the HID app can enable 125kHz again.
So that's another valid point. How do you configure the reader and lock programming. Someone with a config card or app in some cases can reprogram it?
On the iClass SE series, it is a little more cumbersome. It needs to have the Mobile BT module installed for the App to work on that reader. However, a configuration card can re-enable the 125kHz. Config cards are hard to come by but not impossible. On the Signo line, Config cards don't work but as far as I know, unless the reader is locked with a MOB key, anyone can access it. It requires cycling the power to the reader but unless you are using OSDP or wiring the Tamper switch (On Wiegand mode) to the PACS, nobody will know the power was cycled on the reader and therefore compromised.
What we have done in the past for customers in transition is we offered dual tech Cards with SEOS and 125kHz and installed SEOS only readers. Once all readers have been replaced, then they can migrate to SEOS only cards. Yes, on customers with large card populations, it can be a pain. However, a dual tech card is no as risky as dual tech readers. Remember, the reader is the one that lets the bad guy in.
This is the real pain with changing programming in the HID readers is having to power cycle. I understand the reason but unless you are using the terminal strip readers you have to redo the power connection and this becomes extremely time consuming unless I am missing something. I haven't had to do this in a while though.
The power cycle requirement is there so you can't just walk up to any reader and reprogram it to re-enable legacy technologies or break functionality.
Reprogramming the reader of OSDP does not require power cycling because the controller can authenticate using the official SNMP administrative keys and then issue configuration messages.
Users on Mercury-based hardware can request a software module that allows you to remotely enable and disable different card technologies from the panel.
I've heard that Lenel is working on remote reader programming for firmware updates etc. via OnGuard and Mercury boards, but my understanding is it's got a lot of work to do to make it user friendly and reliable.
Well if it's Lenell it'll never be user friendly or reliable.
Most manufacturers are working on this with OSDP protocol.
More specifically, HID / Mercury has to provide the underlying firmware modules and API first, and then Lenel and other Mercury partners have to provide a software front-end for it.
Yes, it is reportedly under development but it will likely be a while before most folks see it. To my understanding, that functionality will be only be available on OSDP-enabled readers running recent-ish versions of firwmare already, and only on Mercury's LP series, commonly referred to as their "red boards".
MOB keys (for mobile credentials) replace insecure power cycling with SEOS based configuration. No need to disconnect the reader, and no unauthorized tampering.
Non-technical rant ... I just don't understand why it is so hard for a human to carry 2 pieces of plastic instead of one!! Look at your car key and there will almost certainly be a house key and a locker key. I would never demand, or expect, that my same key start my 2023 F150 AND my 1966 Chev.
great info above by all. Thanks!
rbl
This is an extremely tricky problem.
I've seen end-users use multiple readers at once, and in specific cases I've also seen multi-tech credentials also be used. In the latter scenario, one has to take care to make sure the different card technologies are not encoded with identical card numbers or Wiegand data to maintain integrity of the high security credential.
My #1 recommendation for customers who want to benefit from HID's vast global supply chain is to use Elite-keyed readers in migration mode over OSDP. Once migration is complete, OSDP commands can be issued to the readers to disable legacy data models on the reader.
Non-Elite readers will have default SNMP administrative keys that could still allow a third party to re-enable those technologies.
Best approach is to enable legacy, but issue new cards with new numbers. They are downgradeable during this process, so you have to run reports, see who is using cards not yet upgraded, and set soft and hard cut off dates.
”On June 1st, Prox is getting turned off in these areas. On August 1, Prox is turned off everywhere “
Then you chase people down for a while and anyone left eventually complains their fob doesn’t work.
I completely disagree with the commentary that HID is "defaulting" to enabling legacy technologies.
For people who pay attention, HID literally sells SEOS-only or high-frequency-only readers for less money than they sell the LF-enabled readers. Their online configurator shows this, and they specify the SEOS-only readers as "best-in-class security and privacy protection." They've also made it substantially easier to properly select only the technologies that are needed with Reader Manager on the Signo readers.
There is only so much they can do to lead people to where they should go.
lead people to where they should go.
They could not sell it. It's a known vulnerability/ attack.
I would've lost so many sales over the last 5-6 years if MultiCLASS readers weren't an option. I started selling them for any new expansions to customers who had 125KHz infrastructure. That way when they were ready and had the budget to upgrade everything to HF, I'd only have to swap SOME readers and all of their credentials. As a part of that conversion, I disable LF on the Multiclass readers.
You run into scenarios where customers are head-strong about re-using their credentials, or have multiple locations with different systems and you're doing a takeover for their first location as a proof of concept. There's a dozen reasons why MultiCLASS readers are sold and I'm grateful that they're an option as an integrator.
Yes, this is a "vulnerability" but I think it's insincere to lambast HID for it. You could say the same about just about any multi-technology reader, HID just happens to be the biggest. But, this is also a "vulnerability" that is avoided by basic best practices by the integrator. The sky isn't falling here.
Literally right on the money here!
Everyone has to make a living.
I come from a world where most of my colleagues are get laser-focused on the specfic technical nature of a vulnerability and they lament how "no one understands security".
Nothing is ever so black and white. By understanding the nuanced diversity of market factors that continue to drive use of legacy technologies, we become better equipped to communicate with each stakeholder in a way that makes sense to THEM.
They didn't for a year when they couldn't get chips and went to the priority readers.... obviously the demand "encouraged" them to start producing HF/LF readers again. Let's blame the demand, not the supplier
Then they would be replaced with cheap prox readers instead, with even less security.
If you knew the bit structure of any credential format and the data, you could write it to the D1 and D0 using something like an Arduino/PI if using weigand. You could use an Arduino/pi and make a skimmer installed behind the reader or any place you could get access to the wiring skimming the DO, D1. All you would need to do is pop the reader off the wall and about 1 minute of time. This was added to the Social Engineering Toolkit as early as 2010 called teensy hid. We still haven't gotten everyone including integrators to OSDP, this is like trying to blame HID if you still use Wiegand. Or not telling you what could happen if you didn't use the tamper
Correct, but one minor clarification:
The Teensy HID functionality you refer to is actually for Human Interfaces Devices, not the "HID" from "HID Global". It allows the arduino to emulate a standard USB keyboard and inject keystrokes into a computer by plugging into its USB port.
Ah, you are right. I am thinking of something different.
There is an Arduino project that you can dump on a board to log wiegand data to an sd card. Basically a skimmer that wires in behind a wiegand reader. you could also connect to it and download the logs remotely over wifi.
Something like this but diy
Thanks for the feedback on Kevin Mitnick and other information about the history of this attack.
We've added the following section up top to contextualize the attack better:
Risks Significantly Rising
While this attack has been known amongst some hackers and cybersecurity specialists for many years, this has significantly increased as a practical problem, in the past 18 months, as the attack has essentially become productized, with the Flipper Zero using the Seader App, the iCopy-X using an ICS decoder, and an online/mail order service, MrKeyFob, making this easy to do even for non-technical users.
Despite this, HID's self-described "standard profile" defaults to allowing this attack to be executed even against SE and Seos credentials.
Why are manufacturers still supporting 125kHz Prox?
It should have been EoL DECADES AGO.
If the big players stop supporting it, we may be able to move on from a tech that was hacked in the 80s.
8-Track = Dead
VCR = Dead
Mullets = Comeback?
I sell high frequency on every new installation and on as many takeovers that I can. But there are MILLIONS of prox credentials distributed throughout companies. It's not a nominal expenditure to convert even a medium sized business from LF to HF.
The conversion of VCR was facilitated by devices that played tapes & DVD's on the same device.. just saying. You also had tangible benefits to the consumer. Easier to use, less storage space, more resilient technology. For most customers using prox, "more secure credentials" is an imaginary concept that they don't really understand. If I give an average customer a prox reader + credential and have them compare it to a HF reader + credential they'd call it the exact same thing. It's a harder sell.
This is why.
Migrating is a HUGE pain point for everyone from customers all the way up to manufacturers. Often times it just boils down to "what is the minimum level security we need to to run the business effictively and within the risk model that we believe is correct".
But not Vinyl LOL Sorry I could not resist.
Something that the industry needs to really pay attention when it comes to using 125kHz and unsecured 13.56MHz CSN card readers is the Flipper Zero device.
This device can not only read and store UIDs from several card technologies, it can replay them to a reader mimicking a valid credential.
We were able in our lab to successfully copy and replay all 125kHz formats we could get our hands on like HID Prox, AWID, Indala.
in addition, we were able to read and replay MIFARE Classic CSN, Desfire CSN and other 13.56MHz ISO/IEC 15693 credentials out of the box. We were not able to read SIO secure sectors on those cards. We were not able to read iClass or SEOS CSN or SIOs either.
Understanding they are scenarios where the customer faces a huge lift trying to replace legacy card technologies, it is my humble opinion that security integrators have the responsibility and is in their best interest to let customers know the risks associated with using these legacy technologies.
Have you tried the Seader app with the Nard Sam extension on the Flipper Zero to read Seos cards?
We purchased the Nard Sam extension for our Flipper and were able to successfully read our Seos and write to an iClass legacy card as well as a prox card.
Interesting. We were looking into it but haven't purchased it. Were you able to access the SIO where the actual card number information is?
No, not technically. The Nard module decodes the SIO and gives us the card number which we then write to a re-writable iClass card but it does not "crack" the SIO. We always use the iClass card to show our clients to drive home the point that simply turning off 125 KHz is not enough. We got everything off of redteamtools.com.
I am curious to see if it can play it back to a reader like the Flipper can others. By the way, just so you know, you have sent us shopping LOL.
Cheers!
The Flipper Zero can only emulate technologies that have been sufficiently reverse engineered, documented, and have code written for.
At the moment's that is most of the "popular" technologies also supported by the Proxmark3 in part because that's where a lot of the documentation comes from.
Many older 125kHz technologies and a handful of 13.56MHz technologies fall into this category.
iCLASS Standard is based on the PicoPass chip which is ancient, well-documented, nearly fully reverse-engineered, and all of those original diversification algorithims have long been reverse engineered and the authentication keys leaked. That's why the Flipper can emulate it.
iCLASS SE is still PicoPass, but using new keys and algorithms that are not publicly known. Flipper Zero cannot emualte it at this time.
iCLASS Seos is a JavaCard based technology and one of the first "virtual" credentials of its kind. It is also using keys and methods that are not publicly known yet. The Flipper Zero cannot emulate it at this time.
Sadly, this stuff isn't magic. Hobbyist-grade products like the Flipper Zero rely completely on the research of security academics and published vulnerabilities. Once something is found, then someone can write some code to actually implement it in a practical way. This is what many somewhat hyperbolically refer to as "weaponization".
Just a minor point of clarification on my own text:
Seos *was* a JavaCard-based technology. In recent years HID has released an optimized version of the credential that runs on a different NXP chip and allows them to sell Seos in a much more cost-effective way.
The NARD SAM device is simply an HID reader on a small PCB. Specifically, it is using the OEM chip that is used by third parties such as printer manufacturers and other reader manufacturers. These chips are used to enable those devices to read and interact with secure HID technologies without HID having to share or divulge sensitive cryptographic key material.
As the product page for the NARD SAM explains, this is technically no different from using a regular reader to read the data first.
The Flipper passes authentication challenges to the SAM, collects the response, and passes it back to the card. Once the card is unlocked, the encrypted SIO data is passed to the SAM, decrypted by the SAM, and then the result is displayed.
The read value is simply the raw Wiegand data that would normally be sent via D0/D1 or OSDP.
There are a few bugs in the app last I checked where it still mistakenly included the start sentinel bit that the reader is supposed to strip away, but now we're getting a bit too far into the weeds here.
still mistakenly included the start sentinel bit that the reader is supposed to strip away
Is this the 'parity bit' or is that different?
It's different. It has to do with solving for the technical issues surrounding the nature of Wiegand.
1. Wiegand bit formats are completely abitrary. There are thousands of formats.
2. A Wiegand binary string can start with either a 1 or a 0.
3. The number of bits in a Wiegand payload matter. Meaning as far as the door controller is concerned, 0011 is DIFFERENT from 000011 even though both of those nubmers are mathematically equal (3).
4. Digital memory is either 1 or 0. Blank memory is usually all 0's.
With the above in mind, how does the firmware in the reader know how many 0's are part of the credential that needs to be sent down the wire, and how many 0's are just representative of empty areas of memory?
That's where the start sentinel bit comes in. From an engineering perspective, the vendor chooses to always add an extra '1' in the very front of the Wiegand data no matter what, and they also program the reader to understand that the first '1' is always just an indicator that "the real data is about to start".
The start sentinel never gets transmitted.
The parity bits on the other hand, are different. The original purpose of the parity bits was to ensure that data in motion on the wire didn't get altered or dropped due to noise. These days, it's also used as a very poor and rudimentary way of obfuscating propriety bit formats from third parties. It doesn't work of course, because if you give me a large enough sample of cards from any bit format I can generally work out the parity rules.
It's turtles all the way down, friends.
MrKeyFob claimed to IPVM that they do not downgrade the card to 125 kHz, therefore allowing the exploit to work with only 13.56 MHz enabled SE / Seos readers. However, we believe, the MrKeyFob is mistaken or deceptive since no known technique for copying SE / Seos cards exists
If MrKeyFob has the HID encoder, which I suspect they do if they're claiming they don't downgrade credentials, they can easily make duplicate SE/Seos credentials, as long as the site is not using an Elite key.
This would have been good to mention in the article - this is not just a problem with downgrading to 125 kHz. For sure, downgrading to 125 kHz is the easiest method for script kiddies who are just doing this with a tutorial online - so disabling 125 kHz on your readers is a good idea to lock those people out.
But disabling 125 kHz on your reader, or buying readers without 125 kHz, does not make your site immune to credential duplication, even with SE/Seos. Regardless of how high security your credential technology is, your site will NEVER be resistant to credential duplication without an Elite/private key.
UI#12, thanks for the comment. Based on our conversation with MrKeyFob, we are confident they do not have an HID Seos encoder. Furthermore, we found blog posts mentioning that HID Seos encoders can only write cards within your system and not outside cards and that HID carefully vets their customers before selling these encoders.
While we did not verify if one can copy a Seos card with an encoder, it is a more difficult to obtain equipment for this attack compared to a downgrade attack.
MKF is motivated to hide what they are doing because their entire business model is based solely on encoding arbitrary Wiegand data to cards for ludicrous prices.
MKF is largely doing a modified downgrade attack, and often times the fob you get back is not actually a Seos fob but an iCLASS fob containing data from the Seos credential.
That said, if he's actually selling real Seos credentials now, they are 100% being encoded by a CP1000D.
Yeah I'm a bit confused - on their order page for iClass credentials, they are giving the option between "Aftermarket" and "Genuine HID" credentials (for $40 extra)!
Clone HID iCLASS Key Fob/Card – Mr. Key Fob
But as far as I know, unlike, say, a MIFARE "magic card", there is no such thing as a "generic Chinese iClass credential" - it's a proprietary technology that depends on HID's chip.
You are correct, I haven't publicly seen any "magic" iCLASS credentials. More specifically, there are no "magic" PicoPass chips at the moment.
HID does not make the underlying chip that is on an iCLASS credential. iCLASS was a logical implementation that ran on top of Insyde Secure's PicoPass chip that came out to compete with NXP's MIFARE in the 90's.
HID has a special "HID range" of reserved CSN's that iCLASS readers look for so you can't use just "any" PicoPass chip. It's a minimal layer of filtering.
These days, the PicoPass isn't even manufactured anymore. If you have any iCLASS or iCLASS SE cards that have a '+' on them, these are actually software-emulated PicoPass cards that are running an NXP chip underneath, and why they behave ever so slightly differently at the hardware level.
Strictly speaking there is nothing preventing someone from doing the same thing HID did other than straight cost.
Furthermore, we found blog posts mentioning that HID Seos encoders can only write cards within your system and not outside cards
That depends on your system. If you are just using the vanilla HID encryption key and card format, anyone with a CP1000 out of the box can copy your cards if they know the card numbers. I'm mainly thinking from the perspective of someone with a smaller access control system looking to upgrade from 125 kHz Prox to something a bit more secure, but who is unlikely to get a custom corporate card format or Elite key from HID.
Credits are just the way that HID charges for encodings - they aren't unique to any site. Of course if you do have an Elite key and/or custom card format - the files from HID would need to be loaded into the encoding software to make the cards.
and that HID carefully vets their customers before selling these encoders
This is an area I'm not so familiar with as I have not tried to buy one myself. I have no idea if Australia is any different, but in the US there appear lots of distributors selling these encoders openly online for listed prices without any mention of special approval needed, etc.
Sounds like would be a good topic for an IPVM investigation...
The encoders by default ship with the standard "open" 26-bit Wiegand format and standard authentication keys. If you use standard keys and a 26-bit format, that's enough for anyone to make a card.
What they "restrict" is what additional bit formats are supported by the encoder. This is where it can give you a light layer of additional security to be a Corproate 1000 customer because it means that they will need official sign-off from the customer before they issue the format files that allow encoding of credentials using that particular site code.
All other formats are fair game and can be requested without too much fanfare.
Interesting question:
What's stopping someone with ill intent from using the copied cred and pulling the HID Ghz reader off the wall and hooking up a 125mhz reader as a bypass? This assuming Wiegand is being used (which is still the dominant protocol in use even with 13.56Mhz readers) Yes, granted it's more work but in the scheme of things fairly easy. The false sense of security with high end locks on such doors is thought provoking...
Absolutely nothing. There are some flaws in OSDP, too. You could get in if you can access the wiring Wiegand or OSDP.
.
This is correct. If it's wired via Wiegand, nothing is preventing that. The only hope is that you have some sort of tamper detection mechanism that is working, monitored, responded to, and can't be easily manipulated.
Report from IPVM last month
Researchers Sensationalize OSDP "Badge of Shame" Risks
Researchers showed that OSDP's encryption could be defeated by (1) physically getting to the wires connecting the reader, (2) installing a device onto reader wires, (3) triggering a new handshake / installation mode allowing the attacker to intercept the key and finally (4) creating a credential based on the intercepted key to open the door of the facility that you are already inside.
However, the exploitation overestimates the risk. To take advantage of the vulnerabilities, additional devices must be installed, which will generate reader tamper warnings, and discovering/removing this when following up on these warnings would stop the exploit. The technical skill required to install and use the resulting data gained is relatively high and specialized and not typical of someone seeking to gain unauthorized entry.
Don't worry, my rebuttal to the "sky is falling" vibe of the presentation and the articles around it is coming.
TLDR: The researchers picked a product platform from a vendor that doesn't participate in the OSDP working group, doesn't have any products on the OSDP Verified list, and didn't follow any known best practices.
ODSP does have limitations, and it does have specific areas of concern that the working group is working on updating, but most of the scare-mongering around OSDP that you are currently reading about is much ado about nothing.
Note, I've updated the title to include 13.56 MHz.
The commenters here certainly understand the distinction between a 125 kHz only attack / cloning and what we are discussing here but I think some others are conflating it so I want us to be clearer about the relationship of the 2 frequencies involved here.
More specifically, what's being conflated is the nature of what the attack actually is.
It in fact has nothing to do with the brand of reader or specific frequency of the credential.
We are just taking advantage of the fact that most modern access control platforms are all built around the concept of validating a static binary string at the door controller without knowing what it came from.
Any reader that can read a secured credential technology while also supporting a broken or insecure one is at risk. Period.
Not all 125kHz credentials are broken (although all of the popular ones are).
Not all 13.56MHz credentials are secure.
Hello Brian and Mert!
I’m so happy to see more people in the industry talking about subjects I feel very passionate about. I know how much you folks have been striving to move the needle in the industry for what it’s worth, thank you!
I shared some thoughts on this already on LinkedIn but for the benefit of those who don’t time to look everywhere, I hope you’ll forgive me sharing it here as well.
As some others in the comments have pointed out, this is not a new issue, and many others before me have raised this as an issue.
I have been speaking about this issue publicly and privately with manufacturers, integrators, customers, and other professional hackers for about 10 years now. I would love to share some insights I have learned over the years to add to what you’ve shared and help close some gaps:
1. This is NOT an “HID problem.” It’s an EVERYONE problem.
Not only is this challenge not specific to HID, I feel it is disingenuous to label it as such.
It is the ugly combination of backwards compatibility, interoperability, and the cultural inertia of the Wiegand-based credential.
This is an industry problem, it’s an integrator problem, it’s a customer problem, it’s a culture problem, and above all else, it’s a business problem. Let me elaborate.
For about 40 years the security industry and its customers have been building a vast, sprawling catalog of security infrastructure built on top of John Wiegand’s very innovative but very limited foundation. Even when Wiegand swipe cards came out in the 80’s, they weren’t “secure” in any technical sense. They were simply convenient. Anyone who wanted to “clone” a Wiegand card could simply dissolve an existing card in acetone and tape the wires onto a piece of cardboard to make a clone of a card.
When 125kHz proximity-based technologies hit the scene, an important question was asked by each and every customer. A question that has been asked since the dawn of currency:
How much will this cost me?
Well, let’s see. First, we have the reader costs, the credential costs, the door controller or Access Control Unit (ACU) costs, the software licensing, the installation, post-migration reconfiguration, tech support…it goes on and on. Even if there was no additional cost to more “secure” parts, any iota of additional logistical complication will result additional business costs being borne by the customer.
More secure solutions have always been available, and always will be. However, until someone is willing and able to make a suitable product that ticks all the usability, interoperability, functionality, and financial tick boxes for a price and performance that customers are willing to pay for, this problem will remain.
Case in point: How many folks reading this right now know that locks can be picked, and that those ubiquitous 4-pin “Master Lock” brand locks offer somewhat limited security? My guess is that save for a minor rounding error, that’s going to be 100%. I’ve demonstrated my fair share of sub-1-second opens on stage a number of times over the years. What about the average lay-person on the street? I wager over 90% have heard of these locks being picked easily or watched it on YouTube. Has there been a massive recall or a huge scandal? Has Master Lock’s business tanked as a result?
Of course not. Those locks are selling like hotcakes at nearly every hardware outlet online and in-store. Not only that, but there are also even cheaper variants with even worse performance.
So let’s bring it back to the issue at hand. What does this have to do with PACS readers and migration modes?
Most businesses don’t exist for the sole purpose of building variants of Fort Knox. They exist to make money. To the select few vendors selling security equipment, security is a profit center. To almost everyone else in the world, security is a cost center. The business doesn’t exist to serve security. Security exits to serve the business.
As long as it costs more money in parts, labor, logistics, and upkeep to be “more secure”, we’re going to see customers choose “secure enough” time and time again. And why not? Why would anyone spend more than can be justified?
As HID Global President and Chief Executive Officer Björn Lidefelt famously never said, “It’s all about the Benjamins, baby!”
2. The HID SE and Seos credential containers are not being compromised here.
Within the scope of the topic being discussed here, the problem has nothing to do with iCLASS SE and Seos credentials. This problem exists with literally EVERY SINGLE READER that supports a migration mode of any kind. Credential technology is simply a container. This technology is simply a very small, sometimes very poor quality, memory device and container.
What are we storing inside those containers? 100% pure, uncut premium Wiegand, baby. As long as the ACU-side authentication is tied to the humble static binary string that is a Wiegand bit format, facility code, and card number, the problem will remain. Nearly every new technology we’ve seen gain traction thus far simply adds additional layers of tape and/or paint on top of that Wiegand data..
3. Migration readers and credentials employing “customer-specific” or private keys remain vulnerable.
Yes, that can include “Elite” keyed readers. Remember, this is NOT an attack against iCLASS SE or Seos specifically. This is an attack against the mere presence of migration mode. Even if you have a super-special-Secret-Squirrel authentication key for your credentials, in most cases that key has to be stored and used by every other reader in the system. So what’s preventing Johnny No-good from smashing a reader off an exterior wall with a hammer and using that to read Wiegand data off customer cards?
What about a more elegant attack? What if I replace a private-keyed reader with a stock one? How many VARs can honestly say they would actually inspect the reader to see if it had been swapped? How many VARs would quite reasonably assume the reader failed and simply replace it without a thought?
Once the Wiegand data is identified, the game is mostly over. All that remains is finding a way to re-encode that data into a fresh credential. Sometimes this can be done directly by the attacker. Other times it may be done by ordering matching credentials from the manufacturer.
4. The downgrade problem has nothing to do with 125kHz credentials.
The problem is what migration mode itself is. If your 13.56MHz-only reader reads any kind of credential technology that can be arbitrarily encoded by a third party for any reason, you are at risk. Simple as that.
It just so happens that 125kHz credentials are some of the oldest, fastest, cheapest, and most popular credentials out there.
5. There are well more than only 3 ways to exploit.
This is certainly a fine nit to pick, but I feel that the phrasing in the article seems to imply that there are primarily three ways to exploit this phenomenon. To me it feels not unlike saying there are three ways to drink water: Go to your nearest Aquafina vending machine, melt some ice, or for the easiest experience, order it on Amazon. Sounds silly, doesn’t it?
The tool to read the Wiegand data is ANY READER THAT READS THAT CARD. No third-party service, special tool, or knowledge is required. Hook it up to an Arduino, an ESPKey, or favorite PACS ACU and look at the data log. It doesn’t matter.
It’s really important to underscore here that none of the tools or materials needed to do this are new.
6. Mr. KeyFob is being deceptive, but not about HF vs. LF credentials.
Anyone who purchases an official HID CP1000D encoder can create their own SE, Seos, or DESFire credentials with no secret sauce required. I’ve got a bunch of these encoders here in our office, and so do a number of our clients. Even where an OEM encoder doesn’t exist, there is little stopping someone from just ordering a pack of 50 or 100 cards that contains the card numbers in question. The best one can hope for is that the vendor honors their promise not to sell your super-special-extra-corpratey-10000000 format to another client.
7. The “ICS Decoder” is a plain, no-frills HID R10 SE mullion style reader.
There are no modifications to the reader itself. The purple board you see on the back just takes the Wiegand output from D0/D1 and pipes it over to the iCopy-X. It doesn’t do anything you couldn’t already do with a keyboard wedge from RFIdeas. No magic.
8. I agree with HID’s response.
Those who know me or who have come to any of my trainings at Red Team Alliance or Black Hat know that I don’t pull punches when it comes to any vendor’s complacency. That includes HID Global.
These are legacy technologies. They sell them because customers want them and buy them, plain and simple. The why has already been belabored in point 1 above.
I want to be clear, I disagree with a great deal of the engineering, marketing, and business choices HID Global has made over the years. However, in this case it’s important not to conflate technical details and fact.
9. The “legacy technologies” are only default-enabled on specific SKU’s.
Vendors will always sell what people are willing to buy. As HID’s How-to-Order Guide has detailed for years, any Value-Added Reseller (VAR) or customer can simply order a part number that doesn’t have these technologies pre-enabled.
Why do most VARs still stock the catch-all SKU? In my own opinion the answers are obvious, but I’ll let folks respond in the comments.
I’ve been working as a professional researcher and technical adviser for years, and I’ve lost track of the number of times I’ve received pushback from an end-user’s VAR when I’ve specified non-standard SKU’s.
As such, I don’t find it fair or reasonable to put so much blame on HID, regardless of how big and easy of a target they may seem.
10. Disabling legacy credentials is not enough.
I know, I know…this last one sucks. It sucks especially hard because there is little you can do about it for most existing installations.
Why is disabling legacy not enough? Because I can use the same mechanism to re-enable it.
I too, can defeat tamper-detection mechanisms. I too, can power cycle-a reader to allow it to accept a configuration card. I too, can use a configuration card or app to re-enable those legacy technologies.
Heck, if the ACU isn’t running a well-configured iteration of OSDP v2 with SCP, I can also just swap in any reader of my choosing and roll with my own credentials. Beginning to see the problem?
For those who have some time to burn, here is an example of an old talk where I touch on this topic:
I touch on issues surrounding migration mode at time marker 34:50.
Bonus point:
11. The solution is true challenge-response based technologies such as PIV.
I know that last point is going to raise some eyebrows and ruffle some feathers, but I am confident I can make a believer out of you as well. I won’t take up more valuable screen space here, but come find me at ISC and we’ll chat. Solutions to a lot of your pain points are in the works.
Finally, if anyone has any specific questions, concerns, or comments, please don’t hesitate to reach out on LinkedIn.
Thank you again to the IPVM team for joining us in shedding light on this issue!
Thank you for the insightful response!
For all who might have not have made the connection, Babak is in the trenches doing talks and pentesting on these issues, such as this one at DefCon in 2020. (Video not embed enabled, but worth the watch.)
You are more than welcome Brian!
No one can know everything, and I understand how difficult it can be to cover such a vast and complex topic with extreme depth in all areas. That's why I do my best to share what I can, so that we can all learn at the same time.
We have updated the title to reflect better that HID's Standard Profile make credentials vulnerable to the downgrade attack.
HID Standard Profile Makes 13.56 MHz SE / Seos As Vulnerable As Cracked 125 kHz For Downgrade Attack
That is a better title. Compatibility generally means that you are only as secure as your weakest link.
When that link is Prox or HID legacy, that link is weak indeed. That’s true for 13.56 MHz only readers, and third party compatible ones.
