printer friendly version

Protecting the Wiegand protocol from attack

As Tony Diodato, founder and CTO of Cypress Computer Systems so succinctly states, “Gone are the days when Wiegand was considered inherently secure due to its obscure and non-standard nature. No one would accept usernames and passwords being sent in the clear, nor should they accept vulnerable credential data. ID harvesting has become one of the most lucrative hacking activities.”

Scott Lindley, president, Farpointe Data.

Wiegand is the industry standard protocol commonly used to communicate credential data from a card reader to an electronic access controller. In these attacks, a credential’s identifier is cloned, or captured, and is then retransmitted via a small electronic device to grant unauthorised access to an office or other facility. For those that consider this a problem – and many should – the good news is that there are a series of remedies.

First of all, when considering any security application, it is critical that the end user realistically assess the threat of a hack to their facilities. For example, if access control is being used merely as a convenience to the alternative of using physical keys, chances are the end user has a reduced risk of being hacked. However, if the end user is using their access system as an element to their overall security system because of a perceived or imminent threat due to the nature of what they do, produce or house at their facility, they may indeed be at higher risk and they should consider methods to mitigate the risk of a hack. Here are a few steps that may be considered in reducing that danger.

How end users can help reduce hacking

Just as we’ve become aware of criminal skimmers causing mischief with the ATM infrastructure, card holders should avoid presenting access control credentials to any access readers that appear to have been tampered with. Secondly, these same card holders should be encouraged to quickly report to the facility’s security and management teams any suspicions or access control system tampering, including instances involving either the access control readers or access credentials.

How integrators can reduce hacking

The integrator is the frontline defence for protecting a security system. Integrators need to understand what the customer’s needs are, what the customer can do, what the customer has to work with, what hackers can do, where the hacker is most likely attack and what can be done to thwart the hacker. In other words, the integrator needs to figure out how to apply the cliché: ‘a good offence is the best defence’. There are many things that can be done to reduce hacking of a Wiegand system.

• Install only readers that are fully potted and that do not allow access to the reader’s internal electronics from the unsecured side of the building. An immediate upgrading is recommended for readers that fail to meet this standard.

• Make certain the reader’s mounting screws are always hidden from normal view and make use of security screws whenever possible.

• Embed contactless readers inside the wall, not simply on the outside, effectively hiding them from view. Or, if that is not possible and physical tampering remains an issue, consider upgrading the site to readers that provide both ballistic and vandal resistance.

• Make use of reader cable with a continuous overall foil shield tied to a solid earth ground in a single location. This helps block signals from being induced onto the individual conductors making up the cable as well as those signals that may be gained from the reader cable.

• Deploy readers with a pig tail, not a connector. Use extended length pig tails to assure that connections are not made immediately behind the reader.

• Run reader cabling through a conduit, securing it from the outside world.

• Add a tamper feature, commonly available on many of today’s access control readers.

• Use the ‘card present’ line commonly available on many of today’s access control readers. This signal line lets the access control panel know when the reader is transmitting data.

• Use access control readers with an output alternative to the industry-standard Wiegand output, provided they are supported by the electronic access control system. Alternatives can include ABA Track II, OSDP, RS-485 and TCP/IP.

• Offer the customer cards that can be printed and used as photo badges, which are much less likely to be shared.

How electronic access control system manufacturers can reduce hacking

Here are some items that manufacturers could offer their integrators and ultimately end-users.

• Provide credentials other than those formatted in the open, industry standard 26-bit Wiegand. Not only is the 26-bit Wiegand format available for open use, but many of the codes have been duplicated multiple times.

• Offer a custom format with controls in-place to govern duplication.

• Avoid multi-technology readers as credential duplication risks increase.

• Promote a technology to limit the credentials a reader can read to a very specific population. Consider implementing a high-security handshake, or code, between the card or tag and reader to help prevent credential duplication and ensure that the customers’ readers will only collect data from these specially coded credentials.

• Offer a smart card solution that employs sophisticated cryptographic security techniques. An example is MIFARE DESFire EV1 cards making use of AES 128-bit encryption.

• Provide credentials that include anti-tamper technology, such as Valid ID, that indicate to the system when it detects tampering.

• Make available credentials with an anti-playback routine, such as transmitters instead of cards. Long range transmitters offer the additional benefit of not requiring a reader be installed on the unsecure side of the door. Instead they can be installed in a secure location, such as the security closet, perhaps up to 61 m away.

• Offer a highly proprietary contactless smartcard technology such as Legic.

• Provide 2-factor readers including contactless and PIN technologies. Alternatively, also offer a third factor, normally a biometric technology.

Assure additional security system components are available

Such systems can also play a significant role in reducing the likelihood of an attack as well as mitigating the impact of a hack attack should it occur.

• Intrusion: Should the access control system be hacked and grant entry to a wrong individual, have a burglar alarm system in place to detect and annunciate the intrusion.

• Video: If the access control system is hacked, granting entry to an unauthorised individual, have a video system in place to detect, record and annunciate the intrusion.

• Guards: If the system is hacked and intruders are let in, make sure that guards in the control room as well as those performing a regular tour receive an alert notifying them that someone has physically tampered with the access control system.

We must always stay one step in front of the bad guys. There are several ways to obviate card system security, whether via the card itself or, as we’ve covered here, via the Wiegand communication protocol. With the proper tools, any of these assaults can be defended.

Share this article:

Further reading: