January 19, 2022
By Todd Burner
The days of tumbler locks and keys are fading, especially in high-traffic areas. Proximity cards – credit-card-sized, contactless devices that grant users access to a variety of areas – have largely taken their place. But for too many multifamily facilities, such as apartment complexes and condo buildings, that card represents one of its biggest security gaps.
Proximity cards (also known as keycards) are incredibly convenient – and certainly have some security and financial benefits. When a resident leaves the building, there’s no need to physically rekey the building or change the locks. That can all be handled electronically without replacing the hardware. The problem is: Security protocols in many of those cards are nowhere near as secure as many property managers believe them to be.
Instructional videos on how to clone the technology are easily found online – and the equipment to do so can be found on popular major online shopping or auction sites. And if that’s too complicated for the would-be cloner, the cards can be duplicated at many neighborhood hardware or convenience stores.
That can be especially problematic for property managers as it presents not only a trespassing risk, but also a liability one. While you might believe one resident is taking regular advantage of certain amenities, it could easily be multiple people, using cards the resident has handed out to their friends. And if one gets hurt while on property, you could be facing legal headaches.
Put another way: In a world where people can copy those cards, you don’t have the control you thought you did.
The good news is there are several different encryption technologies to choose from with these sorts of credentials. Prox, the most open of those, has become the most vulnerable, but it’s still widely employed. Millions of readers and cards are still in use today, thanks to the technology’s low cost and high convenience.
It’s not just prox cards at risk, either. Several other credentials that have come out since that technology’s debut have subsequently been broken by hackers since their release.
Encryption is a never-ending game. As long as there are good people trying to protect things, there are going to be bad people trying to break it. It will never be perfect.
The current gold standard of encryption on fob keys and key cards these days is DESFire EV3. That’s a mouthful, yes, but the critical thing to know is it can’t, at present, be cloned – and that keeps apartment and condo buildings safe, while still offering the convenience that residents and staff have become used to.
DESFire EV3 is a technology that offers enhanced performance and provides improved transaction speed. It’s highly secure and non-cloneable – and because it’s not a closed system, you’re able to use the cards with a variety of readers. It’s what we use at Kastle, part of our continuing commitment to offer the latest technological upgrade when it becomes available.
Unfortunately, when many property managers begin thinking about access control for their buildings, they don’t consider the credential that will be used. And that’s where security gaps happen.
Even the newest, most “secure” system will have a significant security flaw if it defaults to using the radio frequency-based prox card. You can have top-of-the-line hardware and software, but if you’re using technology that can be cloned, your security is compromised.
Too often, the use of that vulnerable tech happens simply because it’s easy and well-known. The property manager might not realize the severity of the decision they’re being asked to make, because there’s no user education on encryption tech. And that can have a real impact on their building, regardless of who they choose to work with.
There are several areas that can be affected by fob or keycard cloning. Aside from the aforementioned unauthorized use of pools, gyms and other amenities, people with a cloned keycard could be legal bad actors putting the property, safety and security of authorized residents at risk. And that could raise additional liability issues.
The big fear, though, is someone with access to all of a building’s keys can take advantage of gaps in unsecure credential technology to create an all-access fob, which is a tremendous security and liability threat.
This can all be solved by adopting smartphone-based access credentials (like those offered by Kastle). These send individually encrypted Bluetooth signals with every entry, making them impossible to copy and virtually impossible to share with others, short of the user giving up their smartphone and their phone’s passcode.
Knowledge is power in this situation. Property managers who know to ask about the type of encryption technology that’s powering a system can protect their building and limit their risk by avoiding insecure systems. And they can simultaneously make things easier for their residents by finding an entry system that’s both convenient and secure – without having to worry about unauthorized visitors using the amenities or wandering the premises.