Many buildings, including apartment and condo complexes, are still relying upon the old 125 KHz RFID key fobs as part of their access control systems. As I wrote in an article in 2018, these are easily and quickly duplicated at kiosks in grocery and DIY stores which means there is no viable key control.
These low security fobs were in use at my condo complex so I convinced our Management to upgrade to the newer encrypted HID tags to prevent cloning or hacking. Entry to our facility is also controlled by a telephone intercom made by Keri Systems. This is typical technology for apartment buildings as part of most access control systems. When a visitor presses the call button, the tenant can “buzz them in” by triggering the electric strike on the front door. Keri is a significant supplier of intercoms.
Many of these systems, including ours, have a U.S. Postal Service lock that allows a mailman to control the door by activating an internal micro-switch within the panel. This “bypass lock” circumvents all of the building entry security. It is a fundamental issue that needs to be addressed nationwide because every facility can be affected. The combination of a post office lock, door override switch, and the ability to easily open many of these intercom cabinets provides an immediate security red flag. It creates the equivalent of a universal master key to every location that has an intercom system protected by a lock that may cost less than ten dollars.
In contrast, most commercial buildings utilize a KnoxBox or similar secure separate key vault to store keys or key fobs to open outside doors. They are protected by a higher-security Underwriters Laboratory-rated (UL 437) lock. These boxes are mounted into outside walls and can be extremely difficult to compromise. Unfortunately this is typically not the case with the intercom consoles because most manufacturers have chosen to supply inexpensive locks to secure their enclosures.
I analyzed the security of the cabinet lock, internal access to the…