How Hackers Extracted the ‘Keys to the Kingdom’ to Clone HID Keycards
HID Global’s keycards—the company’s radio-frequency-enabled plastic rectangles that are inside hundreds of millions of pockets and purses—serve as the front line of physical security for hundreds of companies and government agencies. They can also be spoofed, it turns out, by any hacker clever enough to read one of those cards with a hidden device that brushes within about a foot of it, obtain an HID encoder device, and use it to write the stolen data to a new card.
Now a team of security researchers is about to reveal how one of HID’s crucial protections against that cloning technique—secret cryptographic keys stored inside its encoders—has been defeated, significantly lowering the barrier to copying credentials that let intruders impersonate staff and unlock secure areas worldwide.
At the Defcon hacker conference later today, those researchers plan to present a technique that allowed them to pull authentication keys out of the most protected portion of the memory of HID encoders, the company’s devices used for programming the keycards used in customer installations. Instead of requiring that an intruder get access to an HID encoder, whose sale the company attempts to restrict to known customers, the method the researchers plan to show on the Defcon stage now potentially allows HID’s secret keys to be pulled out of any encoder, shared among hackers, and even sold or leaked over the internet, then used to clone devices with any off-the-shelf RFID encoder tool.
“Once the chain of custody is broken, the vendor no longer has control over who has the keys and how they’re used,” says Babak Javadi, cofounder of the security firm the CORE Group and one of the four independent researchers who found the new HID hacking technique. “And that control is what all the security depends on.”
The team of security researchers presenting HID’s vulnerabilities at Defcon: (from left) Kate Gray, Babak Javadi, Aaron Levy and Nick Draffen.Photograph: Roger Kisby
The researchers’ method, presented publicly for the first time at Defcon, mostly affects the majority of HID’s customers with lower-security installations of its products, and it isn’t exactly easy to pull off. HID also says it’s been aware of the technique since sometime last year and that it’s quietly worked with many of its customers to help them protect themselves against the cloning technique over the last seven months. But the possibility of extracting and leaking HID’s keys considerably raises the risk that hackers—now even those without HID encoders—will be able to surreptitiously scan and copy keycards, says Adam Laurie, a longtime physical security researcher and head of product security at electric-vehicle-charging firm Alpitronic, whom the Defcon speakers briefed on their research ahead of their talk. “If you get that crypto key out of the encoder, then you can derive any component of the system from it,” Laurie says. “It is literally the keys to the kingdom.”
The researchers’ technique extracts HID’s crucial authentication key out of an HID encoder’s Secure Application Module—the most protected element of the encoder’s memory—by reverse engineering the software that controls how an encoder interacts with a so-called “configuration” keycard. Those configuration cards are how HID and its customers move authentication keys between elements of the system, such as from encoders to the readers on doors and gates. Javadi uses the analogy of an armored car designated to pick up bags of cash from a bank’s vault. “As it turns out, we found a way to fool the bank manager and fabricate the transfer orders that would allow that key transfer to take place,” says Javadi, “We basically took our own armored car—our own configuration card—to the vault, and it gave us the keys.”
(From left) An HID keycard, reader, encoder and configuration card.Photograph: Roger Kisby
Compared with that key extraction, the earlier step in an HID cloning attack, in which a hacker covertly reads a target keycard to copy its data, isn’t particular challenging, Javadi says. Javadi, who often performs physical penetration testing for clients, says he’s cloned HID keycards to surreptitiously break into customers’ facilities, scanning the keycard of unsuspecting staffers with an HID reader hidden in a briefcase with the device’s audible beep switched off for added stealth. “It takes a fraction of a second,” Javadi says.
An HID reader capable of pulling data off a keycard from 6 to 12 inches away is relatively large: a 1-foot-square panel. But in addition to hiding it in a briefcase, Javadi has also tested out secreting the reader inside a backpack or a pizza box to silently read a target’s keycards. His team even hid one in a paper toilet seat cover dispenser to read the keycard of employees inside a bathroom stall. “We’ve gotten creative with it,” he says.
The researchers have demonstrated it’s possible to extract HID’s sensitive keys by plugging an encoder into a PC running their software that instructs the encoder to transfer the authentication keys from the encoder to a configuration card without encrypting them. A “sniffer” device that sits between the encoder and configuration card reads the keys, as shown here.Photograph: Roger Kisby
A Complex Fix in Progress
When WIRED reached out to HID, the company responded in a statement that it’s actually known about the vulnerabilities Javadi’s team plans to present since sometime in 2023, when it was first informed about the technique by another security researcher whom HID declines to name. While details of the researchers’ key extraction technique will be presented publicly for the first time at Defcon, HID warned customers about the existence of a vulnerability that would allow hackers to clone keycards in an advisory in January, which includes recommendations about how customers can protect themselves—but it offered no software update at that time.
HID has since developed and released software patches for its systems that fix the problem, it says, including a new one that it intends to release “very soon” following the Defcon presentation. The company declined to detail what exactly this latest patch is for or why it was necessary after its previously released software updates, but stated that its timing is unrelated to the researchers’ Defcon talk. “Once available, we recommend that customers implement these new steps as soon as they are able,” HID’s statement reads.
HID and the team researchers who found its vulnerabilities both say that the cloning technique works most practically against the majority of HID’s customers who use so-called “standard” or “shared key” implementations of systems. In those installations, a single set of keys extracted from an encoder could be used to clone keycards for hundreds of customers. So-called “elite” or “custom key” customers, on the other hand, use a unique key for their installation, so it would require hackers to obtain an encoder or extract an encoder’s keys for that specific customer, a far more difficult prospect.
A trash bin of all the HID readers the researchers destroyed in the process of developing their technique.Photograph: Roger Kisby
The team presenting at Defcon say that they also found a method to convert an HID reader taken from a customer into an encoder, which would allow cloning of keycards that use those custom keys, too. But that method requires removing the reader from the wall of a customer’s building, vastly raising any intruder’s risk of being caught or foiled. As such, HID recommends that customers switch to that higher security—and more expensive—custom key implementation.
HID also points out that for many customers, stolen keycard data would only allow cloning if it’s written to valid HID keycards. (“HID keycards are not hard to come by,” Javadi notes.) But that safeguard doesn’t apply to a common situation in which HID customers’ readers are configured to allow for the use of older keycard technologies. So HID recommends that customers also update their cards and disallow the use of older card types in their facilities.
Finally, HID says that “to its knowledge,” none of its encoder keys have leaked or been distributed publicly, and “none of these issues have been exploited at customer locations and the security of our customers has not been compromised.”
Javadi counters that there’s no real way to know who might have secretly extracted HID’s keys, now that their method is known to be possible. “There are a lot of smart people in the world,” Javadi says. “It’s unrealistic to think we’re the only people out there who could do this.”
Despite HID’s public advisory more than seven months ago and the software updates it released to fix the key-extraction problem, Javadi says most of the clients whose systems he’s tested in his work don’t appear to have implemented those fixes. In fact, the effects of the key extraction technique may persist until HID’s encoders, readers, and hundreds of millions of keycards are reprogrammed or replaced worldwide.
Time to Change the Locks
To develop their technique for extracting the HID encoders’ keys, the researchers began by deconstructing its hardware: They used an ultrasonic knife to cut away a layer of epoxy on the back of an HID reader, then heated the reader to desolder and pull off its protected SAM chip. Then they put that chip into their own socket to watch its communications with a reader. The SAM in HID’s readers and encoders are similar enough that this let them reverse engineer the SAM’s commands inside of encoders, too.
Ultimately, that hardware hacking allowed them to develop a much cleaner, wireless version of their attack: They wrote their own program to tell an encoder to send its SAM’s secrets to a configuration card without encrypting that sensitive data—while an RFID “sniffer” device sat between the encoder and the card, reading HID’s keys in transit.
HID systems and other forms of RFID keycard authentication have, in fact, been cracked repeatedly, in various ways, in recent decades. But vulnerabilities like the ones set to be presented at Defcon may be particularly tough to fully protect against. “We crack it, they fix it. We crack it, they fix it,” says Michael Glasser, a security researcher and the founder of Glasser Security Group, who has discovered vulnerabilities in access control systems since as early as 2003. “But if your fix requires you to replace or reprogram every reader and every card, that’s very different from a normal software patch.”
On the other hand, Glasser notes that preventing keycard cloning represents just one layer of security among many for any high-security facility—and practically speaking, most low-security facilities offer far easier ways to get in, such as asking an employee to hold a door open for you while you have your hands full. “Nobody says no to the guy holding two boxes of donuts and a box of coffee,” Glasser says.
Javadi says the goal of their Defcon talk wasn’t to suggest that HID’s systems are particular vulnerable—in fact, they say they focused their years of research on HID specifically because of the challenge of cracking its relatively secure products—but rather to emphasize that no one should depend on any single technology for their physical security.
Now that they have made clear that HID’s keys to the kingdom can be extracted, however, the company and its customers may nonetheless face a long and complicated process of securing those keys again. “Now customers and HID have to claw back control—and change the locks, so to speak,” Javadi says. “Changing the locks is possible. But it’s going to be a lot of work.”
