Key takeaways
- RFID cloner apps are applications that hackers use to gain illegitimate access to information on RFID tags.
- You can purchase a separate RFID cloner, such as a Proxmark or a Flipper Zero, or you can set up a smartphone to serve as an RFID cloner.
- Protect your residents from RFID cloning by investing in RFID-blocking materials or picking modern RFID systems that feature encryption.
Disclaimer: ButterflyMX access control fobs and key cards are encrypted and cannot be copied with an RFID cloner app. Furthermore, ButterflyMX does not endorse the use of RFID cloner apps by anyone.
These days, RFID-powered devices can do everything from contact-free payments to letting you access a door with a key or fob. But is the technology fully safe? One of the biggest risks of using access control readers is the risk of a thief or scammer using an RFID cloner app to access your information.
This post will explain what an RFID cloner app is and how it works. We’ll then explain how cloners work, how to protect yourself and your residents from RFID cloning and review alternatives to RFID credentials.
This post covers:
- What is an RFID cloner app?
- How do RFID cloners work?
- Protecting your residents from RFID cloning
- Alternatives to RFID credentials
What is an RFID cloner app?
An RFID cloner app is an app that copies an RFID credential or tag. You can buy a standalone device that clones RFID tags or download an app on your smartphone to serve as an RFID cloner.
While you might not know it, RFID devices help enable the wireless world we live in today. For example, you might use the NFC chip reader in your smartphone to make a payment, or you might use a fob or key with an RFID chip in it to unlock your door.
Wireless credentials come with a lot of benefits. But they also make you vulnerable to hackers and scammers who might try to copy your device’s RFID signature and gain access to your smartphone, bank accounts, or building.
How do RFID cloner apps work?
RFID cloner apps work by intercepting a signal that’s sent between a legitimate RFID tag and the reader.
First, let’s examine how an RFID system works to understand how one of these apps works.
RFID systems are made of these parts:
- Credential. RFID credentials send a wireless digital signal to the reader. There are two types of credentials: active and passive credentials. Here’s the difference: an active credential has its own built-in battery, while passive credentials depend on the electromagnetic field generated by a reader to send data.
- Card reader. The card reader receives a wireless signal from the credential and forwards the data over to the RFID control panel.
- Control panel. The control panel is the nerve center of the entire system. It contains a database of credentials. If the card reader forwards a matching credential, the panel directs the door to unlock. An RFID system’s control panel is also where staff can go to make changes. Staff members use the control panel to add and remove residents and edit their permissions.
Can you copy a key fob?
Yes, you can copy a key fob. RFID cloners copy key fobs by waiting until a credential is in range of a reader and duplicating the signal as soon as it’s sent.
Or, an RFID cloning device might even send out its own electromagnetic waves to trigger a credential into sending data, even if there isn’t a reader nearby.
You can copy a key fob with these devices:
- Proxmark
- Flipper Zero
- Smartphones
Is there an RFID reader app?
Yes, you can download an RFID reader app that works on iPhone or Android.
However, know the difference between a legitimate reader app and an illegitimate cloning app. There are plenty of approved uses for downloading an RFID or NFC reader app, like programming prepurchased, blank cards for lawful use.
However, you can use a device like a Proxmark or a Flipper Zero to copy RFID tags illegitimately. While Proxmarks and Flipper Zeros were invented for security penetration testers, anybody can buy one — and they’re certainly a risk.
A scammer might also download an NFC tag cloner APK, or Android Package Kit, to set up a cloner on a regular Android smartphone. Setting up an illegitimate NFC reader on an iPhone is also possible, but a scammer would have to jailbreak their iPhone first.
Learn about apartment amenities here:
Protecting your residents from RFID cloning
Here are a few ways for you to protect yourself and your residents from RFID cloners.
Protect your residents from RFID cloning by:
Purchasing RFID shields
To combat the threat of RFID skimming, some manufacturers have begun adding RFID-blocking materials to everyday materials. You can purchase RFID shields for your wallet or even pick out a jacket or a pair of jeans with a lining that blocks RFID signals.
An RFID blocker does have one downside. If you place a tag with a battery in a shielded bag, the material might make the battery drain faster.
Investing in encrypted RFID technology
The latest RFID devices prevent cloning with innovations like AES-128 encryption and dynamic challenges that vary the key’s signal to the reader.
A reader can vary the amount of voltage it sends to the credential to generate different equally valid responses. This is a great way to defeat RFID cloner apps — even if a hacker captures a specific signature, dynamic challenges reduce the threat of cloning overall.
For instance, ButterflyMX’s access control system uses encrypted key cards and fobs, preventing unauthorized copies and making your property more secure.
Alternatives to RFID credentials
Some alternatives to RFID technology are credentials that depend on other wireless networks, like Bluetooth and WiFi.
While RFID cloners are an unfortunate reality, security advances in RFID technology are constantly happening. For the most part, RFID credentials are safe for you and your residents to use, but you can always invest in extra security measures by purchasing things like RFID shields or looking for specially encrypted RFID technology.
However, you might seek out alternatives to RFID credentials for different reasons. As a property manager, you should know that RFID tags and fobs have a few downsides.
Residents might easily lose a small fob. And each lost fob means you have to spend time programming new fobs, adding to the busy work on your staff’s plate.
RFID and smartphone access
To that end, you might consider other methods of managing access to your property, such as smartphone-based access control.
Residents are sure to take great care of their smartphones, which also enable features like remote unlocking and delivery keys.
But if RFID scanners and tags best fit the needs of your property, you can always choose a system that includes both types of access, like ButterflyMX’s video intercom.
Other benefits of ButterflyMX include:
- Versatility. Your residents will appreciate the flexibility of having multiple ways to open the door, whether that’s using an RFID tag or our simple swipe-to-open app.
- Increased security. Access an audit trail of all door-opening events to increase your property’s security.
- Cloud-based administration. Use any tablet, computer, or smartphone to make changes to our system — even if you’re off-site.