Disclaimer: We are looking to make the world a safer place by educating readers on security issues. Please do not exploit or misuse the below mentioned methods in any way.

When we first launched Kisi in 2012, we met a few people at a Chaos Computer Club event, Europe’s most recognized hacker organization. While there, we saw some club members using keycard duplicators (available on eBay for $50) to covertly add money onto a student ID card. This demonstration highlighted how easily accessible devices like this could be used to undermine established security methods.Those keycard duplicators launched in 2008 (check out RFIDOT) and have remained under the radar of people not familiar with security technology. In this article we look at why this device not posed a major threat or created a mainstream problem yet.

Technically speaking, manually copying and duplicating keycards is difficult. Without a programming backround, it's unlikely that someone could copy an HID keycard, which narrowed the risk down to a specific group of people before the invention of keycard duplicators.

But there are more reasons why these white plastic cards survived a little longer than they should have. One of the biggest reasons is that companies today mostly use more expensive HID keycards which are harder to copy, even for experienced security researchers. But again, inexpensive keycard duplicators won the day.

At Black Hat, the biggest security conference in the US, researchers presented a $10 device that was able to copy key cards used for access control systems in under 60 seconds!

Here is the open source data and the video of how it works. The article also uses pretty drastic language to describe the experience.

Pro Tip: HID proximity cards, popular access cards used by offices all over the world, and the protocol that underlies them, known as Wiegand, are inherently obsolete and should not be used anymore.

According to researchers, this means that 80% of all companies use vulnerable technology to secure their offices.