It’s not surprising that people are nervous about the security of newer technologies, many of which are part of the Internet of Things (IoT). While they offer greater efficiency and connectivity, some people still hesitate. After all, there seems to be a constant stream of news stories about multinational corporations being breached or hackers taking control of smart home devices.

Both of these scenarios can feel personal. No one likes the idea of their data falling into criminal hands. And we especially don’t like the thought that someone can, even virtually, come into our private spaces. The reality, though, is that, when you choose the right technology and undertake the proper procedures, IoT devices are incredibly secure.

That said, one of the spaces where we see continued confusion is around access control systems (ACS) that are deployed over networks, particularly in relation to mobile access, smartcards, and electronic locks. These technologies are often perceived as being less secure and therefore more vulnerable to attacks than older ACS systems or devices.

In the interest of clearing up any confusion, it is important to provide good, reliable information. With this in mind, there are some myths out there about the security of ACS that need to be debunked.

Bluetooth and NFC are simply channels over which information is transmitted
The fact that these devices communicate with an ACS via Bluetooth or Near Field Communication (NFC) leads to one of the main myths we encounter

Myth #1: Mobile credentials are not secure

The first myth we have to look at exists around mobile credentials. Mobile credentials allow cardholders to access secured doors and areas with their mobile devices. The fact that these devices communicate with an ACS via Bluetooth or Near Field Communication (NFC) leads to one of the main myths we encounter about the security of credentialed information.

There is a persistent belief that Bluetooth is not secure. In particular, people seem to be concerned that using mobile credentials makes your organisation more vulnerable to skimming attacks.

While focusing on the medium of communication is an important consideration when an organisation deploys a mobile credentialing system, the concerns about Bluetooth miss the mark. Bluetooth and NFC are simply channels over which information is transmitted.

Believing that Bluetooth is not secure would be the same as suggesting that the internet is not secure. In both cases, the security of your communication depends on the technology, protocols, and safeguards we all have in place.

So, instead of wondering about Bluetooth or NFC, users should be focused on the security of the devices themselves. Before deploying mobile credentials, ask your vendor (1) how the credential is generated, stored, and secured on the device, (2) how the device communicates with the reader, and (3) how the reader securely accesses the credential information.

It is also important to understand that not all smartcard readers are compatible with all smartcard types
When you deploy smartcard technology as part of your ACS, you should choose the latest generation, such as MiFARE DesFIRE EV1 or EV2 and HID iCLASS SEOS

Myth #2: All smartcards are equally secure

The question “how secure are my smartcards?” is a serious one. And the answer can depend on the generation of the cards themselves. For example, while older smartcards like MiFARE CLASSIC and HID iCLASS Classic offer better encryption than proxy cards and magstripe credentials, they have been compromised. Using these older technologies can make your organisation vulnerable.

As a result, when you deploy smartcard technology as part of your ACS, you should choose the latest generation, such as MiFARE DesFIRE EV1 or EV2 and HID iCLASS SEOS. In this way, you will be protecting your system as well as your buildings or facilities.

Some traditional readers and controllers can also pose a serious risk to your organisation if they use the Wiegand protocol, which offers no security. While you can upgrade to a more secure protocol like OSDP version 2, electronic locks are a very secure alternative worth considering.

It is also important to understand that not all smartcard readers are compatible with all smartcard types. When they are not compatible, the built-in security designed to keep your system safe will not match up and you will essentially forego security as your smartcard-reader will not read the credentials at all. Instead, it will simply read the non-secure portion—the Card Serial Number (CSN) —of the smartcard that is accessible to everyone.

While some manufacturers suggest that this is an advantage because their readers can work with any smartcard, the truth is that they are not reading from the secure part of the card, which can put your system and premises at risk.

Electronic locks provide real-time door monitoring
Using electronic locks can help protect facilities and networks through various security protocols, including encryption and authentication

Myth #3: Electronic locks are more vulnerable

These days, there are still many who believe that electronic locks, especially wireless locks, are more vulnerable to cybercriminal activity as compared to traditional readers and controllers. The concern here is that electronic locks can allow cybercriminals to both access your network to get data and intercept commands from the gateway or nodes over the air that would allow them access to your buildings or facilities.

The reality is that using electronic locks can help protect facilities and networks through various security protocols, including encryption and authentication. Additionally, because many of these locks remain operational regardless of network status, they provide real-time door monitoring. This means that many electronic locks not only prevent unauthorised access but also keep operators informed about their status at all times, even if a network goes down.

Outdated technology and old analogue systems are more vulnerable to attacks

When it comes to deploying electronic locks, it is important to remember that, like any device on your network, they must have built-in security features that will allow you to keep your information, people, and facilities safe.

Be prepared to unlock future benefits

Ultimately, the information in your IP-based ACS is at no greater risk than any other information being transmitted over the network. We just have to be smart about how we connect, transmit, and store our data. In the end, maintaining the status quo and refusing to move away from old technology is not a viable option.

Outdated technology and old analogue systems are more vulnerable to attacks. The reason it is so important to debunk myths around ACS and, at the same time, get people thinking about network security in the right way is that network-based systems can offer an ever-increasing number of benefits.

When we deploy new technology using industry best practices and purchase devices from trusted vendors, we put ourselves and our networks in the best possible position to take full advantage of all that our increasingly connected world has to offer.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

Author profile

Derek Arcuri Product Marketing Manager, Genetec, Inc.

In case you missed it

What’s the next big thing in video image quality?
What’s the next big thing in video image quality?

Superior image quality has been the “holy grail” of the video surveillance business for several years. A transition to 4K images and a race to ever-higher pixel counts have dominated product development conversations for a while now. However, it’s now possible that the tide has turned. These days, data is sometimes more important than image quality, and increasing use of smaller-format mobile devices has helped to make image quality variations moot. As the industry changes, we asked this week’s Expert Panel Roundtable: What’s the next big thing in video image quality (beyond 4K and megapixel)?

How do agricultural security systems measure up against livestock theft?
How do agricultural security systems measure up against livestock theft?

“Some embark on farmyard heists whilst others are devoted to back-bedroom chicken sanctuaries,” a quote taken from Channel 4’s new documentary ‘How to Steal Pigs and Influence People’. Whilst many think this is part of the positive vegan uprising, The National Pig Association have expressed grave concern of the glamorisation and condoning of livestock theft from farms. Wesley Omar, who was featured in the documentary, was found guilty of theft after he broke into a farm and stole a pig stating "he was saving it from slaughter." Due to this ‘humane reasoning,’ he received a 12 month community order and completed 100 hours of unpaid work. However, the farmer in question incurred huge losses as he could not reclaim the pig due to potential contamination and had a cost of £6,000 to upgrade his security. The cost of rural crime Opportunistic thieves have now turned into organised criminals According to NFU Mutual, the cost of rural crime has risen by 12% since 2017, and the Home Office statistics stated that 26% of rural businesses experienced at least one crime incident in 2018. However, the face of rural crime is changing, with M.O.’s shifting. What once were opportunistic thieves have now turned into organised criminals stealing heavy machinery and livestock. One example saw around 200 sheep stolen in the last three months within the Wiltshire area alone. Due to the volume of these incidents, police speculated only skilled sheep rustlers could conduct this crime so efficiently and undisturbed. The result of this crime has cost the agricultural industry £3m in 2019 alone. However, theft isn’t the only emerging rural crime trend hitting these farmers. Fly tipping on private land has risen considerably over the past few years with figures constantly rising. Once again, like the face of rural theft, criminals are evolving. The Environment Agency has stated that organised gangs are making high profits through ‘waste removal’, undercutting legitimate waste management sites through fly tipping. This crime is affecting 67% of farms and landowners as criminals try to evade landfill taxes. But what happens when you’re the victim of this crime? According to Countryside Alliance, it is the only rural offence where landowners are legally responsible for the disposal of said waste, costing them around £47m each year. So, how can farmers and agricultural landowners protect their premises and assets from both animal rights activists and organised criminals? A scheme has been introduced within specific areas in order to curb the increasing rates of rural crime across England and Wales. Dedicated police teams have been created to provide protection and support to rural areas, with specialist knowledge in dealing with cases. Agricultural physical security How does the farming industry's physical security measure up against these criminals? With this in mind, how does the farming industry's physical security measure up against these criminals? How can they prevent these targeted attacks on their livelihoods? One area that should be considered is a line of defence that deters, detects and delays these intruders - rather than allowing them onto the land - whilst waiting for police to respond. Security measures nowadays are able to delay intrusions, being the difference between criminals getting away and getting caught. A physical fencing system with anti-cut and anti-climb features would offer the first line of defence to farmers and landowners by restricting access onto their fields. Alongside effective high security fencing systems, used to prevent livestock trailers entering farmers fields, entry points need to be reviewed and addressed on whether they are effectively deterring criminals. Many successful livestock thefts are due to organised criminals and their vehicles being able to access fields undetected. Improving the security of field perimeters and entry points is the first step in protecting a farmer's livelihood against criminals. In turn, having a single entry point in and out of fields and premises is also an effective deterrent. Properties with various exit plans are more likely to be targeted as criminals have a higher percentage of escaping. Access point security Security measures such as CCTV cameras or motion sensor lighting have quick installation times In order to increase security at field access points, blocking off the gateways to these fields would act as an extra deterrent to those looking to steal livestock and fly-tip. With perimeter and access point security comes additional physical security measures that could help prevent the theft of livestock. Security measures such as CCTV cameras or motion sensor lighting have quick installation times that help detect an intruder rather than deter and delay like perimeter security. With rural crime on the rise, livestock theft and other criminal activity is becoming a common occurrence for farmers and agricultural landowners. Rural crime is not only having detrimental effects on the individuals but also communities across the UK. Many other industries such as the commercial industry and sports sectors utilise effective physical security within their premises in order to protect their assets. And so we are asking; why is the agricultural industry any different?

Face recognition: Privacy concerns and social benefits
Face recognition: Privacy concerns and social benefits

News reports and opinion columns about face recognition are appearing everyday. To some of us, the term sounds overly intrusive. It even makes people shrink back into their seats or shake their head in disgust, picturing a present-day dystopia. Yet to others, face recognition presents technology-enabled realistic opportunities to fight, and win, the battle against crime. What are the facts about face recognition? Which side is right? Well, there is no definitive answer because, as with all powerful tools, it all depends on who uses it. Face recognition can, in fact, be used in an immoral or controversial manner. But, it can also be immensely beneficial in providing a safe and secure atmosphere for those in its presence.  Concerns of facial recognition With the increased facial recognition applications, people’s concerns over the technology continuously appear throughout news channels and social media. Some of the concerns include: Privacy: Alex Perry of Mashable sums up his and most other peoples’ privacy concerns with face recognition technology when he wrote, “The first and most obvious reason why people are unhappy about facial recognition is that it's unpleasant by nature. Increasing government surveillance has been a hot-button issue for many, many years, and tech like Amazon's Rekognition software is only making the dystopian future feel even more real”. Accuracy: People are worried about the possibilities of inaccurate face detection, which could result in wrongful identification or criminalisation. Awareness: Face recognition software allows the user to upload a picture of anyone, regardless of whether that person knows of it. An article posted on The Conversation states, “There is a lack of detailed and specific information as to how facial recognition is actually used. This means that we are not given the opportunity to consent to the recording, analysing and storing of our images in databases. By denying us the opportunity to consent, we are denied choice and control over the use of our own images” Debunking concerns  The concerns with privacy, accuracy, and awareness are all legitimate and valid concerns. However, let us look at the facts and examine the reasons why face recognition, like any other technology, can be responsibly used: Privacy concerns: Unlike the fictional dystopian future where every action, even in one’s own home, is monitored by a centralised authority, the reality is that face recognition technology only helps the security guard monitoring public locations where security cameras are installed. There is fundamentally no difference between a human security guard at the door and an AI-based software in terms of recognising people on watchlist and not recognising those who are not. The only difference is that the AI-based face recognition software can do so at a higher speed and without fatigue. Face recognition software only recognises faces that the user has put in the system, which is not every person on the planet, nor could it ever be. Accuracy concerns: It is true that first-generation face recognition systems have a large margin for error according to studies in 2014. However, as of 2020, the best face recognition systems are now around 99.8% accurate. New AI models are continuously being trained with larger, more relevant, more diverse and less biased datasets. The error margin found in face recognition software today is comparable to that of a person, and it will continue to decrease as we better understand the limitations, train increasingly better AI and deploy AI in more suitable settings. Awareness concerns: While not entirely comforting, the fact is that we are often being watched one way or another on a security camera. Informa showed that in 2014, 245 million cameras were active worldwide, this number jumped to 656 million in 2018 and is projected to nearly double in 2021. Security camera systems, like security guards, are local business and government’s precaution measures to minimise incidents such as shoplifting, car thefts, vandalism and violence. In other words, visitors to locations with security systems have tacitly agreed to the monitoring in exchange for using the service provided by those locations in safety, and visitors are indeed aware of the existence of security cameras. Face recognition software is only another layer of security, and anyone who is not a security threat is unlikely to be registered in the system without explicit consent. The benefits In August 2019, the NYPD used face recognition software to catch a rapist within 24 hours after the incident occurred. In April 2019, the Sichuan Provincial Public Security Department in China, found a 13-year-old girl using face recognition technology. The girl had gone missing in 2009, persuading many people that she would never be found again. Face recognition presents technology-enabled realistic opportunities to fight, and win, the battle against crimeIn the UK, the face recognition system helps Welsh police forces with the detection and prevention of crime. "For police it can help facilitate the identification process and it can reduce it to minutes and seconds," says Alexeis Garcia-Perez, a researcher on cybersecurity management at Coventry University. "They can identify someone in a short amount of time and in doing that they can minimise false arrests and other issues that the public will not see in a very positive way". In fact, nearly 60% Americans polled in 2019 accept the use of face recognition by law enforcement to enhance public safety. Forbes magazine states that “When people know they are being watched, they are less likely to commit crimes so the possibility of facial recognition technology being used could deter crime”. Saving time  One thing that all AI functions have been proven to achieve better results than manual security is speed. NBC News writes, “Nearly instantaneously, the program gives a list of potential matches loaded with information that can help him confirm the identity of the people he’s stopped - and whether they have any outstanding warrants. Previously, he’d have to let the person go or bring them in to be fingerprinted”. Facial recognition can also be immensely beneficial in providing a safe and secure atmosphere for those in its presence With AI, instead of spending hours or days to sift through terabytes of video data, the security staff can locate a suspect within seconds. This time-saving benefit is essential to the overall security of any institution, for in most security threat situations, time is of the utmost importance. Another way in which the technology saves time is its ability to enable employees (but not visitors) to open doors to their office in real time with no badge, alleviating the bottleneck of forgotten badge, keycode or password. Saving money A truly high-performance AI software helps save money in many ways. First, if the face recognition software works with your pre-existing camera system, there is no need to replace cameras, hence saving cost on infrastructure. Second, AI alleviates much of the required manual security monitoring 24/7, as the technology will detect people of interest and automatically and timely alert the authorities. Third, by enhancing access authentication, employees save time and can maximise productivity in more important processes. The takeaway AI-enabled face recognition technology has a lot of benefits if used correctly. Can it be abused? Yes, like all tools that mankind has made from antiquity. Should it be deployed? The evidence indicates that the many benefits of this complex feature outweigh the small chance for abuse of power. It is not only a step in the right direction for the security industry but also for the overall impact on daily lives. It helps to make the world a safer place.