Farpointe Data, the access control industry's trusted OEM partner for RFID solutions, alerted its access control manufacturer, distributor, integrator, dealer, and specifier partners about the potential impact on their businesses of the settlement of Edenborough v. ADT LLC, Case No. 3:16-cv-02233, in the U.S. District Court for the Northern District of California. Referred to as the ADT Hacking Vulnerability Class Action Lawsuit, ADT will pay $16 million to settle five hacking vulnerability class actions because of claims that ADT's wireless security systems were vulnerable to hacking because ADT failed to include any encryption within them.

Failing to implement good cybersecurity practices

"This settlement comes on top of the U.S. Federal Trade Commission, through court actions, holding Wyndham Worldwide, a hotel chain, and D-Link, a wireless router and IP camera manufacturer, responsible for failing to implement good cybersecurity practices," emphasises Scott Lindley, Farpointe Data president. "It's become very clear. If you are involved in any type of security, including electronic access control equipment, you can be liable if you don't provide adequate cybersecurity safeguards. That includes encryption which is readily available."

According to Lindley, "All modern contactless smart card credentials support cryptography but legacy credential technology may not. Look for terms such as 3DES, AES (which the government uses to protect classified information), TEA and RSA."

Secure smart credentials

Security professionals should always consider more secure 13.56 MHz smart credentials over 125 KHz proximity cards. "Mifare," a technology from NXP Semiconductors, is a leading brand of contactless smart IC. The newest Mifare standard, DESFire EV1, includes a cryptographic module on the card, adding an additional layer of encryption to the card/reader transaction. DESFire EV1 protection is especially important for customers wanting to use secure multi-application cards for access management, public transportation, or closed-loop e-payment.

Another valuable option is Valid ID, an anti-tamper feature for contactless smartcard readers, cards, and tags. Embedded, it adds yet an additional layer of authentication and integrity assurance to traditional Mifare smartcards. Valid ID helps verify that sensitive access data programmed to a card or tag is indeed genuine and not counterfeit.

"Whether you need to guard against state sponsored terrorists or the neighbourhood teen from hacking the electronic access control systems that you implement and use, security today starts with encryption," warns Lindley. "But, that's just a beginning. To take steps that will further hinder hackers, ask for your manufacturer's Cybersecurity Vulnerability Checklist."

Download PDF version Download PDF version

In case you missed it

Anviz Global expands palm vein tech for security
Anviz Global expands palm vein tech for security

The pattern of veins in the hand contains unique information that can be used for identity. Blood flowing through veins in the human body can absorb light waves of specific wavelen...

Bosch sells security unit to Triton for growth
Bosch sells security unit to Triton for growth

Bosch is selling its Building Technologies division’s product business for security and communications technology to the European investment firm Triton. The transaction enc...

In age of misinformation, SWEAR embeds proof of authenticity into video data
In age of misinformation, SWEAR embeds proof of authenticity into video data

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of thi...

Quick poll
What is the most significant challenge facing smart building security today?