By Mark Allen
Did you hear about the recent news from Forbes about the cybersecurity vulnerability in Software House access control systems?
Due to the vulnerability, a Google engineer was able to hack the system and send untraceable commands over the network, allowing him to open doors without credentials, as well as block credentialed employees from opening doors they had authorization to use.
The panels in question now have to be replaced, there is no firmware upgrade, and the only way forward is to pay for an installer to replace, rewire, re-configure, and re-test all hardware.
What It Means for Identiv’s Customers
This type of security breach is not a possibility with Identiv’s Hirsch Velocity Software. Hirsch access control systems have been designed from the beginning with a commitment to both physical and cyber security.
Hirsch SNIB2 and SNIB3 encryption use unique, random keys and initialization vectors for each controller IP port. These new keys change with each new connection, including service restart or network interruption. In fact, Hirsch has been encrypting data long before TLS and AES; our data packets are encrypted, serialized, and hashed — meaning that replay, masquerading, and interception attempts are detected and managed (sent back to the host system as an alarm) by the Velocity application.
Hirsch implemented these cybersecurity measures years ago, and have since added the latest industry encryption capabilities, as well. Velocity systems are penetration-tested and FISMA-certified to meet government security standards around the world.
What Comes Next
Identiv strongly encourages customers to always separate security networks from business networks, if possible. Even when this is impossible or impractical, Identiv has safeguards already in place to protect against incidents like those that affected Google.
If you are concerned about the cybersecurity of your access control system and would like to speak with an Identiv representative about the Hirsch Velocity system and how it can address your requirements, please contact Identiv.