November 08 2023 0Comment

The Vulnerability of Legacy Access Control Systems: Is Your Business at Risk?

Article by Steve Noseworthy – Security Integration Specialist

Many organizations rely on access control systems that are more than 15 years old, featuring outdated technology and practices. While these systems may seem to fulfill their basic purpose of providing employees with access to facilities, they come with hidden risks that often go unnoticed. In today’s fast-paced digital world, corporations heavily depend on cybersecurity to safeguard their sensitive data and assets. However, as technology evolves rapidly, businesses must continue to conduct risk assessments and adapt as necessary, as the security of these assets is only as strong as the weakest link. Below, we will explore some of the potential vulnerabilities within legacy access control systems.

Credential Level Vulnerabilities

One glaring issue lies in the vulnerability of access control credentials (such as fobs or access cards). Many organizations still use outdated 125 KHz Proximity technology, which has been in use for over 40 years and is susceptible to skimming attacks. During such attacks, assailants use inexpensive devices to copy the code transmitted from the credential to the card reader because there is no encryption in place. In contrast, more secure modern credentials, like “smart cards” or mobile credentials, employ encryption and mutual authentication processes to enhance security. These devices are shockingly easy to acquire.

Outdated Card Readers

The card readers that communicate with the door controller and grant access to doors may use outdated Wiegand communication protocols, which were invented in 1974. This protocol makes it relatively easy for tampering with the card reader to retrieve sensitive information. Weigand relies on one-way unencrypted communication, leaving no way for the controller to notify the appropriate staff if tampering occurs. Modern OSDP card readers, on the other hand, use encrypted bi-directional communication and can send notifications when tampering is detected.

Firmware Updates

Access control systems require regular firmware updates to ensure that security remains up to date. Modern systems typically receive these updates through software maintenance agreements or via cloud-based mechanisms. Unfortunately, many legacy systems are no longer supported by their manufacturers and have not received updates in years, making them vulnerable to security breaches.

Unsupported Legacy Systems

Legacy systems pose a risk of unplanned, expensive, and time-consuming repairs or replacements. If hardware fails and cannot be troubleshooted, it can be challenging to find compatible modern hardware components, potentially necessitating the replacement of the entire system, including the server, door controllers, card readers, and credentials. This situation can also lead to indirect losses in facility productivity while the system is being repaired.

Compliance Challenges

Legacy access control systems may also face compliance challenges. In recent years, regulatory requirements concerning data security and privacy have become more stringent. Organizations using legacy systems could face hefty fines for non-compliance.

Modern access control systems provide businesses with the capability to adapt to the continuously evolving physical and cybersecurity threats. They offer far more than the traditional lock/unlock door systems, featuring a range of features that can be customized to enhance organizational efficiency and productivity. Being proactive is key to securing your business in the present and the future. Contact Oliver Security today to discover how we can help protect your business.

Dale Grant