This paper provides a comprehensive security analysis of the Lenel magnetic swipe card system used at the University of Maryland at College Park. We first explore the cards and hardware components which comprise the system, and then present several plausible points and methods of attack on the system. We chose several of these attacks and demonstrated them using a $240 commercial card reader/writer and a customized unit powered by a microcontroller, which cost about $20 in parts.
We developed the capability to read cards, write arbitrary data to cards, simulate card swipes through a reader using a flux reversal pattern generator, and “sniff” data from up to 16 live swipes using a single microcontroller which can be easily hidden in the reader’s housing. We tested and successfully demonstrated these capabilities on the live Lenel system under the supervision of the university’s Department of Public Safety.
Based on our findings, we recommend that the university use neither social security nor university ID numbers on the cards, that it use magnetic card access only in low-security areas, and that it use a more sophisticated and secure system such as proximity smart cards for access to high-security areas. While the analysis and recommendations presented in this paper are aimed at the University of Maryland, building security professionals everywhere can use the material presented here to enhance the security of their own swipe card systems.
Author: Daniel Ramsbrock | Stepan Moskovchenko | Christopher Conroy
Source: University of Maryland