Farpointe Data, the access control provider of RFID solutions, is notifying its access control manufacturers, distributors, integrators, and dealers that hacking of access control systems has become a threat far bigger than most think. Protecting their end-users from hackers is imperative for channel partners.

Cyber security breaches

"The U.S. federal government suffered a staggering 61,000 cyber-security breaches, that it knows of, last year alone," reports Farpointe Data President Scott Lindley. "Several recent events highlight the importance of why the access control channel must work with their customers to deal with accelerating hacking attacks."

According to Lindley, the most important is that the U.S. Federal Trade Commission (FTC) has decided that it will hold the business community responsible for failing to implement good cyber security practices and is now filing lawsuits against those that don't. An appeals court has backed its lawsuit against the hotel chain operator Wyndham Worldwide for not protecting consumers' information and, just recently, the FTC filed a lawsuit against D-Link and its U.S. subsidiary, alleging that it used inadequate safeguards on its wireless routers and IP cameras that left them vulnerable to hackers.

Wiegand over-the-air protocol

"Prospective penalties go beyond FTC threats, though," Lindley warns. "A luxury hotel in Austria, the Romantik Seehotel Jaegerwirt, recently had to pay hackers a ransom after they managed to access its electronic key system and lock all the hotel guests in their rooms. Approximately 180 people were staying at the hotel on that day. Many were locked in their rooms, while others were locked out of theirs. The hackers demanded €1,500, about $1,600. The hotel decided to pay, explaining that they felt that they had no other choice, especially because neither police nor insurance could help them."

"The U.S. federal government suffered a staggering 61,000 cyber-security breaches, that it knows of, last year alone"

Adding to the problem, states Lindley, is that Wiegand, the industry standard over-the-air protocol commonly used to communicate credential data from a card to an electronic access reader, is no longer inherently secure due to its original obscure and non-standard nature.

MIFARE DESFire EV1 smartcard platform

For this reason, Farpointe has introduced features such as potting all readers and options that can be added to the readers. The first is MAXSecure, which provides a higher-security handshake, or code, between the proximity or smart card, tag, and reader to help ensure that readers will only accept information from specially coded credentials. The second is Valid ID, a new anti-tamper feature available with contactless smartcard readers, cards, and tags. It can add an additional layer of authentication assurance to NXP's MIFARE DESFire EV1 smartcard platform, operating independently, in addition to, and above the significant standard level of security that DESFire EV1 delivers. Valid ID lets a smartcard reader effectively help verify that the sensitive access control data programmed to a card or tag is not counterfeit.

"With the increasing incidences of hacking throughout the world and the fact that the FTC is now reviewing such cyber security lapses should make channel partners providing access control products and systems take notice and suggest anti-hacking solutions to their customers," Lindley argues.

Download PDF version

In case you missed it

What is the value of remote monitoring systems’ health and operation?
What is the value of remote monitoring systems’ health and operation?

When is it too late to learn that a video camera isn’t working properly? As any security professional will tell you, it’s too late when you find that the system has failed to capture critical video. And yet, for many years, system administrators “didn’t know what they didn’t know.” And when they found out, it was too late, and the system failed to perform as intended. Fortunately, in today’s technology-driven networked environment, monitoring a system’s health is much easier, and a variety of systems can be deployed to ensure the integrity of a system’s operation. We asked this week’s Expert Panel Roundtable: How can remote monitoring of a security system’s health and operation impact integrators and end users?

What is the changing role of training in the security industry?
What is the changing role of training in the security industry?

Even the most advanced and sophisticated security systems are limited in their effectiveness by a factor that is common to all systems – the human factor. How effectively integrators install systems and how productively users interface with their systems both depend largely on how well individual people are trained. We asked this week’s Expert Panel Roundtable: What is the changing role of training in the security and video surveillance market?

What is AI Face Search? Benefits over facial recognition systems
What is AI Face Search? Benefits over facial recognition systems

When a child goes missing in a large, crowded mall, we have a panicking mom asking for help from the staff, at least a dozen cameras in the area, and assuming the child has gone missing for only 15 minutes, about 3 hours’ worth of video to look through to find the child. Typical security staff response would be to monitor the video wall while reviewing the footage and making a verbal announcement throughout the mall so the staff can keep an eye out for her. There is no telling how long it will take, while every second feels like hours under pressure. As more time passes, the possible areas where the child can be will widen, it becomes more time-consuming to search manually, and the likelihood of finding the child decreases. What if we can avoid all of that and directly search for that particular girl in less than 1 second? Artificial neural networks are improving every day and now enable us to search for a person across all selected camera streamsWith Artificial Intelligence, we can. Artificial neural networks are improving every day and now enable us to search for a person across all selected camera streams in a fraction of a second, using only one photo of that person. The photo does not even have to be a full frontal, passport-type mugshot; it can be a selfie image of the person at a party, as long as the face is there, the AI can find her and match her face with the hundreds or thousands of faces in the locations of interest. The search result is obtained in nearly real time as she passes by a certain camera. Distinguishing humans from animals and statues The AI system continuously analyses video streams from the surveillance cameras in its network, distinguishes human faces from non-human objects such as statues and animals, and much like a human brain, stores information about those faces in its memory, a mental image of the facial features so to speak. When we, the system user, upload an image of the person of interest to the AI system, the AI detects the face(s) in that image along with their particular features, search its memory for similar faces, and shows us where and when the person has appeared. We are in control of selecting the time period (up to days) and place (cameras) to search, and we can adjust the similarity level, i.e., how much a face matches the uploaded photo, to expand or fine-tune the search result according to our need. Furthermore, because the camera names and time stamps are available, the system can be linked with maps to track and predict the path of the person of interest. AI Face Search is not Face Recognition for two reasons: it protects people’s privacy, and it is lightweight Protecting people’s privacy with AI Face Search  All features of face recognition can be enabled by the system user, such as to notify staff members when a person of interest is approaching the store AI Face Search is not Face Recognition for two reasons: it protects people’s privacy, and it is lightweight. First, with AI Face Search, no names, ID, personal information, or lists of any type are required to be saved in the system. The uploaded image can be erased from the system after use, there is no face database, and all faces in the camera live view can be blurred out post-processing to guarantee GDPR compliance. Second, the lack of a required face database, a live view with frames drawn around the detected faces and constant face matching in the background also significantly reduces the amount of computing resource to process the video stream, hence the lightweight. Face Search versus Face Recognition AI Face Search Face Recognition Quick search for a particular person in video footage Identify everyone in video footage Match detected face(s) in video stream to target face(s) in an uploaded image Match detected face(s) in video stream to a database Do not store faces and names in a database Must have a database with ID info Automatically protect privacy for GDPR compliance in public places May require additional paperwork to comply with privacy regulations Lightweight solution Complex solution for large-scale deployment Main use: locate persons of interest in a large area Main use: identify a person who passes through a checkpoint Of course, all features of face recognition can be enabled by the system user if necessary, such as to notify staff members when a person of interest is approaching the store, but the flexibility to not have such features and to use the search tool as a simple Google-like device particularly for people and images is the advantage of AI Face Search.Because Face Search is not based on face recognition, no faces and name identifications are stored Advantages of AI Face Search Artificial Intelligence has advanced so far in the past few years that its facial understanding capability is equivalent to that of a human. The AI will recognise the person of interest whether he has glasses, wears a hat, is drinking water, or is at an angle away from the camera. In summary, the advantages of Face Search: High efficiency: a target person can be located within a few seconds, which enables fast response time. High performance: high accuracy in a large database and stable performance, much like Google search for text-based queries. Easy setup and usage: AI appliance with the built-in face search engine can be customised to integrate to any existing NVR/VMS/camera system or as a standalone unit depending on the customer’s needs. The simple-to-use interface requires minimal training and no special programming skills. High-cost saving: the time saving and ease of use translate to orders of magnitude less manual effort than traditionally required, which means money saving. Scalability: AI can scale much faster and at a wider scope than human effort. AI performance simply relies on computing resource, and each Face Search appliance typically comes with the optimal hardware for any system size depending on the customer need, which can go up to thousands of cameras. Privacy: AI Face Search is not face recognition. For face recognition, there are privacy laws that limits the usage. Because Face Search is not based on face recognition, no faces and name identifications are stored, so Face Search can be used in many public environments to identify faces against past and real-time video recordings. AI Face Search match detected face(s) in video stream to target face(s) in an uploaded image Common use cases of AI Face Search In addition to the scenario of missing child in a shopping mall, other common use cases for the AI Face Search technology include: Retail management: Search, detect and locate VIP guests in hotels, shopping centres, resorts, etc. to promptly attend to their needs, track their behaviour pattern, and predict locations that they tend to visit. Crime suspect: Quickly search for and prove/disprove the presence of suspects (thief, robber, terrorist, etc.) in an incident at certain locations and time. School campus protection: With the recent increase in number of mass shootings in school campuses, there is a need to identify, locate and stop a weapon carrier on campus as soon as possible before he can start shooting. Face Search will enable the authorities to locate the suspect and trace his movements within seconds using multiple camera feeds from different areas on campus. Only one clear image of the suspect’s face is sufficient. In the race of technology development in response to business needs and security concerns, AI Face Search is a simple, lightweight solution for airports, shopping centres, schools, resorts, etc. to increase our efficiency, minimise manual effort in searching for people when incidents occur on site, and actively prevent potential incidents from occurring. By Paul Sun, CEO of IronYun, and Mai Truong, Marketing Manager of IronYun