Gallagher Security’s strong commitment to cyber security sees them frequently communicate best practice recommendations to ensure that customers have the knowledge and tools necessary to keep their sites secure and protected against cyber-attacks and malware threats.
Gallagher security advisory
The global security manufacturer this week promptly released a security advisory, following the public exposure of the Default Gallagher MIFARE DESFire and MIFARE Plus keys.
This act means cards using the default keys could be cloned or emulated, resulting in a site’s security becoming compromised. Customers who have followed Gallagher’s long-standing hardening guide, which recommends the use of site-specific keys, are not affected by this disclosure.
Ensuring the continued security of our customers’ sites is our top priority"
“Ensuring the continued security of our customers’ sites is our top priority,” said Mark Junge, Gallagher’s Global General Manager for Security, adding “Following the discovery of this exposure, we immediately began communicating with our global team, our network of Channel Partners, and our customers regarding the mitigation options available to them, including our key migration feature released in Command Centre v8.30 earlier this year.”
Communicating information on security risks
Mark further stated, “Communicating information about any security risks, as well as providing timely advice and recommendations is of vital importance to us. Our published hardening guide has for many years provided in-depth advice of defensive measures for customers to aid in mitigating possible risk.”
The vulnerability only affects sites using a default MIFARE DESFire or MIFARE Plus key. It does not affect Gallagher MIFARE DESFire with a site-specific key, Gallagher Mobile Connect credentials, US Government FIPS201 PIV cards, GovPass, or MIFARE Plus with a site-specific key.
Concerned customers should contact their Channel Partner or local Gallagher representative for further support and advice.