Home > CAPEC List > CAPEC-396: Bypassing Card or Badge-Based Systems (Version 2.11)  

CAPEC-396: Bypassing Card or Badge-Based Systems

Bypassing Card or Badge-Based Systems
Definition in a New Window Definition in a New Window
Attack Pattern ID: 396
Abstraction: Standard
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker bypasses the security of a card-based system by using techniques such as cloning access cards or using brute-force techniques. Card-based systems are widespread throughout business, government, and supply-chain management. Attacks against card-based systems vary widely based on the attackers' goals, but commonly include unauthorized reproduction of cards, brute-force creation of valid card-values, and attacks against systems which read or process card data. Due to the inherent weaknesses of card and badge security, high security environments will rarely rely upon the card or badge alone as a security mechanism. Common card based systems are used for financial transactions, user identification, and access control. Cloning attacks involve making an unauthorized copy of a user's card while brute-force attacks involve creating new cards with valid values. Denial of service attacks against card-based systems involve rendering the reader, or the card itself, to become disabled. Such attacks may be useful in a fail-closed system for keeping authorized users out of a location while a crime is in progress, whereas fail-open systems may grant access, or an alarm my fail to trigger, if an attacker disables or damages the card authentication device.

+ References
[R.396.1] [REF-20] Stuart McClure, Joel Scambray and George Kurtz. "Hacking Exposed: Network Security Secrets & Solutions". Chapter 9: Hacking Hardware. 6th Edition. McGraw Hill. 2009.
+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017