Farpointe Data is notifying its access control manufacturers, distributors, integrators and dealers that hacking of access control systems has become a threat “far bigger than most think”. Protecting their end-users from hackers is imperative for channel partners, the company says.
“The U.S. federal government suffered a staggering 61,000 cyber-security breaches, that it knows of, last year alone,” reports Farpointe Data president Scott Lindley. “Several recent events highlight the importance of why the access control channel must work with their customers to deal with accelerating hacking attacks.”
According to Lindley, the most important is that the U.S. Federal Trade Commission (FTC) has decided that it will hold the business community responsible for failing to implement good cyber security practices and is now filing lawsuits against those that don’t.
“Prospective penalties go beyond FTC threats, though,” Lindley warns. “A luxury hotel in Austria, the Romantik Seehotel Jaegerwirt, recently had to pay hackers a ransom after they managed to access its electronic key system and lock all the hotel guests in their rooms. Approximately 180 people were staying at the hotel on that day. Many were locked in their rooms, while others were locked out of theirs. The hackers demanded €1,500, about $1,600. The hotel decided to pay, explaining that they felt that they had no other choice, especially because neither police nor insurance could help them.”
Adding to the problem, states Lindley, is that Wiegand, the industry standard over-the-air protocol commonly used to communicate credential data from a card to an electronic access reader, is no longer inherently secure due to its original obscure and non-standard nature.
For this reason, Farpointe has introduced features such as potting all readers and options that can be added to the readers. The first is MAXSecure, which provides a higher-security handshake, or code, between the proximity or smart card, tag and reader to help ensure that readers will only accept information from specially coded credentials. The second is Valid ID, a new anti-tamper feature available with contactless smartcard readers, cards and tags.