Just reading a murder mystery novel where the plot revolves a laboratory & animal rights protesters.
Entry is via a swipe card system that records who go's in & out and a at what time.
As people sometimes forget their cards, a helpful receptionist 'programs' things like Tesco club cards to work on the entry system.
Is this actually possible?
I'd have thought it was a bit more secure than that?
David Lang scribbled
Blank cards are easily reprogrammable. That's why we got chip & pin. Although, allegedly, they can also be reprogrammed.
Lot of ATM machines couldn`t read chip and pin when it came out,still relied on the mag stripe. Apparently PAYG phone top up cards were a favourite for cloning cards on to...
If it is just a magnetic stripe system then probably yes, but if would no longer work as a swipe at Tescos. Chip & PIN replaced swipe anyway.
Most secure passes these days are proximity read RFI tags.
One of mine used to set off certain department store alarms.
If it's a mag stripe system, it could happen, but most swipe cards are RFID, with those there's usually a fixed number "in" the card or token. It's possible to enrol those into different systems, e.g. the fob issued by a customer to give me access to their datacentre can also be enrolled to my house alarm, but there are different types of RFID and not all are compatible.
No, not one ancient system I know, you just have to write an unencrypted number to the right track of the magnetic stripe. It's over 20 yrs old though.
Plain blank mag stripe cards are easy enough to come by. The marginally harder bit is getting a card writer that can write all three tracks.
As for swipe access, if true swipe (as in place long edge of card in slot and "swipe" it) rather than just plonk card close to the reader then any mag swipe card could conceivably be re-purposed.
It shouldn't work.. In theory the encrypted PIN should be sent to the bank and verified as a part of the system. You can't program a new card and expect it to work without the PIN (the new wireless cards might for a few transactions as they don't ask for the PIN every time).
That's why the con men go to so much trouble to get the PIN. If you are silly enough to give out the PIN then yes they can clone the card if they have access to it.
As for the novel any system that just uses a swipe card is minimal security and is no better than fitting a lock with a key. The next step up is two factor.. you need the card and a PIN to get in, each on its own is useless.
No place subject to animal rights is going to not have PIN and card so the plot is dumbed down a lot as are most of them.
It is as secure as any of the new ones where single factor authentication is being used. The same level as having a key. They are just more convenient than issuing loads of keys and can track which card is using the system, but not which person.
Anyone using such a system would fail the protection of data required by the data protection act if it were to secure a computer system. The NHS, etc. use them but you need the PIN/password as well before you can access the system. They may well operate low security doors, etc. without the PIN but that's up to the management to decide.
Even I use two factor authentication on most of my online accounts.
Or perhaps, just possibly, written some time ago in safer days before animal rights activists were so commonly inclined to "direct action"? After all, some of us can remember when Downing Street was a useful shortcut to Horseguards Parade ;)
+1
I remember doing that on a coach trip in teh 70s (not on the coach...) We were going to an IEE meeting but I think it must have been held at the Royal Society). The coach had dropped us off in Whitehall for some reason.
Depends on what technology it is based I suppose, if its the near field thing like oyster and credit contactless, then yes, if its old school magnetic, then probably not. Brian
They installed a magnetic card lock where I worked but decided they wouldn't need a card each.
I made my own using a needle on cotton to find the magnets in a card and pieces of magnetic strip from white board shapes and a piece of cardboard. It worked fine but security weren't very happy that I had made one.
In theory.
In practice the PIN is sent to the card, and it asserts a "good" signal. This can be spoofed...
Andy
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.