(587) 907-3064 info@fobstop.ca

Rita Roberson,
RFID Blog Researcher,
Kelowna, British Columbia, Canada

Ever wondered how secure that little piece of plastic you swipe at the office door or the gym really is? Well, we did too! In this article, we’ll take you along on a fascinating journey into the world of key fobs and keycards. The goal? To help you decrypt the vulnerabilities within, often hidden beneath layers of encryption.

Imagine this: Your all-access keycard, possibly the gateway to your office, your home, or your gym, replicated in minutes. Seem impossible? Think again! From using sophisticated cloning equipment, delving into radio frequency identification (RFID) complexities, to manipulating wireless signals, we’ve dug deep into the rabbit hole to unearth the not-so-obvious weaknesses of these everyday tools.


“Knowledge is power, and it’s your first line of defense against vulnerabilities that can compromise your security.”

Stay with us and we promise, by the end of this fascinating exploration, you’ll become more than just a user of key fobs and keycards — you’ll become a well-informed gatekeeper.

As the landscape of security evolves, we’re shifting from traditional padlocks to more advanced mechanisms such as RFID-enabled cards and fobs, and even mobile credentials. Isn’t technology simply remarkable? Yet, while the tech is undeniably fascinating, these advancements, like all forward steps, come with their own set of challenges. Did you know, for example, that nearly 80% of all keycards used within commercial facilities may be prone to hacking due to protocol vulnerabilities?

Fear not! Just as hackers evolve, so too do methods of defence. RFID blockers, for instance, can be used in badges and wallets to prevent both illegitimate scanners and legitimate readers alike from scanning your cards. This prevention dances the delicate line between access and security, providing a near-invisible shield to fortify your credentials where it matters.

But let’s dive a little deeper, shall we? Mobile’s NFC (Near Field Communication) has now taken center stage, functioning as a convenient and relatively secure HID proximity card replacement for office doors. Talk about bringing the office to your smartphone! And if we’re talking about enhancing physical security, pairing this technology with additional security measures like video surveillance, biometric readers, and PIN pads can create multiple layers of safeguard. It’s somewhat akin to locking the front door, setting the burglar alarm, and having a guard dog to boot.

And while we’re gazing into the future, consider proximity cards with extra security features, such as the HID Seos product line. Investing in such secure RFID cards with data encryption is like putting a lock on your digital vault, adding an extra layer of protection against the nefarious world of RFID hacking. You can also add an extra safety rope by disabling RFID-only purchases on your card through your credit card issuer.

Even our diligent attempts at protection can be ways to learn and improve. Just take security researcher Fran Brown’s Tastic RFID Thief development. This tool, initially created to extract information from an RFID card at long range using a high-powered reader, demonstrates how invaluable vigilance and exploration can be in the ongoing battle to challenge and bolster security standards.

To wrap things up, modern, next-gen technologies like mobile credentials and 128-bit AES-encrypted NFC cards present promising developments in the realm of security. Yet, as we’ve seen, they require us to continually reassess and reinforce our security measures – and together, that’s exactly what we’re going to do. 

  • Tim Theeuwes is a notable figure in the field of cybersecurity, known for his extensive research on electromagnetic and radio frequency identification (RFID) vulnerabilities.
  • Apple Pay uses a method called tokenization to secure your card information. Instead of sharing your actual card details, Apple Pay uses a device-specific number and a unique transaction code for purchases. Even if your phone is stolen, the thieves won’t have access to your actual credit or debit card info.
  • UID, also known as User Identification, is a unique number assigned to each user on a system. This number, often stored on RFID tags, is essential in secure access control systems, preventing unauthorized access.
  • EMV (Europay, MasterCard, and Visa) is a standard for smart payment cards and for payment terminals and automated teller machines that can accept them. These rely heavily on encrypted chips, making them resistant to duplication and thus safer.
  • RFID tags are a crucial component in access control and identification systems, containing unique identification data that can be read by an RFID scanner. These tags are commonly found in key fobs and access cards.
  • NFC NDEF, or Near Field Communication Data Exchange Format, is a standard that allows smartphones and other devices to establish radio communication with each other by touching them together or bringing them into close proximity, around 1.6 inches (4 cm) apart. This allows for the easy exchange of data between devices, but can also present security vulnerabilities.
  • Virtual cards, often associated with digital wallets, act in a similar way to physical cards but exist only digitally. The security for these relies heavily on encryption and tokenization, making them different to secure than physical cards.
  • The panic surrounding potential hacking of RFID cards is often bigger than the actual risk. While it is technically possible to copy a card using an RFID reader, the process is complex, and most criminals don’t possess the necessary equipment or skills.

Unveiling the Mystery of Duplicating Key Fobs

Key fobs, essentially a kind of RFID tag, have become an integral part of our daily lives. We rely on them for access to buildings, parking garages, and even our vehicles. But what if someone else could easily duplicate your key fob and gain unauthorized access to your personal spaces? We took a deep dive into discovering how simple—or complex—this process could be.

First, we used an RFID reader device to interface with the key fobs. This device communicates with the RFID chip in the fob, allowing us to read the unique UID that each fob transmits. It’s this unique identifier that grants us access when we wave our fob in front of a building’s RFID reader.

After successfully reading the UIDs from the fobs, we proceeded to the next stage—writing this data onto a new RFID tag. Our objective was to see if duplicating the UID on a new tag would give us the same access as the original. Of course, this isn’t something to experiment with, given the legal and ethical implications. In fact, doing so may not only be illegal but also violate your organization’s policies.

Finding Vulnerabilities in Keycard Systems

Keycards are another common tool for access control. Just like key fobs, they house an RFID tag with a unique UID.

Our investigation unveiled that keycard systems also have vulnerabilities. The primary one is that they rely on unencrypted transmissions. Without encryption, it’s reasonably straight-forward for anyone with the right knowledge and equipment to capture this unique UID, create a duplicate, and gain unauthorized access. In addition, an active jammer could even prevent your card from transmitting its signal at critical moments—locking you out of where you need to go.

This is not to demonize RFID technology—it’s an invaluable tool in many industries. However, it is a reminder of the importance of employing good cybersecurity practices. Encryption and safe handling of sensitive data are crucial in any tech applications, whether for personal use or in the business sector


Cracking RFID Tags

Let’s dive deeper into RFID tags, shall we? These ingenious devices store data within themselves and, when probed, can transmit that information wirelessly. They’re everywhere, from your passport to your pet’s microchip, and they play a pivotal role in secure access control. But everything that holds valuable information is inevitably a target. Just like every technology, RFID has its own set of vulnerabilities too.

What happens if someone manages to copy your key fob, your all-access pass to secure zones? It’s a chilling thought, isn’t it? The panic surrounding RFID card scanning, however, often overshadows the reality of attacks.

Demystifying RFID-based Attacks

Before you let panic set in, know this: attacking RFID-based systems requires specific knowledge, high-level equipment, and close proximity. It’s not an easy feat. Yet, it’s possible.

Our experiments showed that, using the UID of a card, a hacker can mimic the card’s identity. It’s akin to creating a clone of your card in the cyber world. This process, known as UID spoofing, exposes a serious vulnerability in RFID systems.

Exploring NFC NDEF

Let’s step into the realm of NFC NDEF for a moment, shall we? NFC, or Near Field Communication, is a communication protocol that enables two electronic devices to speak with each other when they’re within 4 cm of each other. NDEF, or NFC Data Exchange Format, is used to format the data that will be exchanged.

Their combined genius is what allows you to tap your phone onto a terminal and pay with Apple Pay or any other virtual cards. Convenience is synonymous with technology, but with it comes potential threats. EMV, standing for Europay, Mastercard, and Visa – the three companies that created this standard, has been monumental in making transactions secure, but flaws still remain.

The Keycard Vulnerability

Technologies like RFID, NFC NDEF, and EMV make our lives easier in many ways. Safety concerns, however, are paramount in the digital era. Ensuring your keycards and virtual cards are secure should be a priority, just as Tim Theeuwes has made it his mission to enhance cybersecurity in these domains.

Moving forward, it’s crucial to keep our eye on these vulnerabilities and to address any threat that may arise. After all, as the old secure access control quote goes: “Security is only as strong as its weakest link.”