If you’re using regular access fobs, you likely don’t, security experts warn. That’s because malicious parties may be perfecting the process of duplicating security key fobs – for a price.

CBC Toronto has covered the rise of this threat recently, as stores offering cheap fob duplication with little to no verification have popped up on major corners throughout the city.

According to the article: “CBC Toronto producers Mike Smee and Nicole Brockbank were both able to get duplicates of fobs they borrowed from legal condo owners without providing any identification or proof they were the actual owners or residents.”

While this service is not illegal, it is clear that if the ability to duplicate key fobs and other security chip devices with little to no verification exists, then the opportunity to take advantage by those who aim to do harm also abounds.

Even though both the Association of Condominium Managers of Ontario (ACMO) and the Canadian Condominium Institute of Toronto (CCIT) have made statements warning of the risk, most condo managers and boards are still unaware of the problem, or that there is a solution (more on that later).

Meanwhile, technological and social trends are pushing the risk to a crisis point.

CBS News recently covered the rise of automated kiosks in the U.S. that allow anyone to create fob duplicates for even lower prices, and with less interference. The article warns that “in the eyes of security experts, the technology could unlock new threats to buildings across the country.” Expect these kiosks to expand to Canada very soon.

Adding fuel to the fire, Airbnb dominates the Toronto short term and vacation rental market, allowing total strangers unlimited access to these building fobs for days at a time.

Thorben Wieditz, a member of the Fairbnb.ca Coalition, told CBC Toronto that condo residents: “already feel uneasy about the rapid increase in short-term rental use. The fact that literally anyone, no questions asked, can reproduce these fobs raises a whole new level of concern around personal safety, theft and security. We just don’t know who comes and goes anymore.”​

Shockingly, the vast majority of condominiums in the Greater Toronto Area are still built using outdated 125kHz fob units, a technology that was popular in the 1990’s but has been woefully insecure for several decades. 

Although many enterprise solutions have moved on to non-vulnerable 13.56mHz fobs, most condos have not followed suit. This is often due to developers looking to save money during construction and/or lack of education by security trades working with these developers and property managers.

As mentioned, many condo managers are not even aware of the risks. This is despite the dangers being presented to people’s homes, where their families and most prized possessions are located.

According to Security Info Watch, the “inherent weaknesses of 125kHz based proximity cards have been susceptible to cloning for several years. Instructional videos abound, and equipment can easily be purchased on Amazon, eBay, or elsewhere. While this is old news for the hacker population, the word has apparently not reached many in the security community; in fact, getting a prox card or key fob cloned is easier and more convenient than ever.”

While an article in Popular Mechanics writes that “all that’s needed to copy your (125kHz) access card is a basic understanding of radio technology. Hackers need the card number to create a copy—and machines that can easily do that only cost about $10.”

Condominium boards and managers must begin to follow the lead of corporations and implement more modern and sophisticated forms of security fobs.

The Canadian Condominium Institute of Toronto even suggests that every condominium board immediately raise their budgets to account for this need.

High-security fobs operating at 13.56mHz like the ‘HID iClass Seos’ or ‘Mifare DesFire’ provide a level of encryption that makes it next to impossible for a common person to clone them.

The essential difference lies in the fact that low-security fobs like 125kHz proximity cards openly broadcast their unique number. This allows cheap cloning devices to read them and then transfer this information to a new blank fob. It’s as simple as that. Once the fob is cloned, it is impossible for the system or those monitoring it to tell the difference between it and the original.

 For higher security fobs, however, the unique number is encrypted. This means that off the shelf cloning devices will not be able to understand the unique fob number due to a lack of authentication. Fob copying and cloning operations do not have access to the equipment necessary to copy these high-security fobs.

Most condo buildings will only need to replace the fob keys and readers themselves (and have them main control panels reprogrammed by experts), while some legacy systems may need to have their control panels updated well. High-security fobs operate at a different frequency than low-security fobs, the fob and reader need to be compatible with each other.

The best thing to do if you are unsure, is to have an expert on the subject complete an evaluation or audit.

Square Security offers this type of security consultation free of charge. We will review your current fob format and determine how vulnerable your building is to fob cloning.

If it turns out that you are at risk, we can provide you with a detailed and easy migration proposal to move to a higher security card access format.

To get started book a free consultation here or call us 416-460-7218.