Card providing a different ID on every read

Forum / MIFARE general topics and applications / Card providing a different ID on every read

  • 21. April 2020 at 21:29
    I've cobbled together an access control system for use to open my garage door, it's been working fine for several years, I've always just enrolled my Credit/Debit cards as the access token in the past and this has worked without issue. However I've received a new card from Santander and it's behaving differently to all previous cards, Each time I present the debit card it returns a different ID, is this expected?
    + 0  |  - 0

    Re: Card providing a different ID on every read

    22. April 2020 at 12:26
    Hi Mike,

    Yes, it is! You should never trust on a UID of a card. Such UIDs can be manipulated very easily. For security systems like payment cards, random UIDs are used for protection.

    You will ask what I can do to make my car in the garage secure. For instance, you can use a MIFARE Ultralight (it is cheap and sufficient for this use-case) and read a small data block from the card. If the content is what you expect, the door will be opened.

    OK, there is a lot more you can do for increasing security. I will not go into these details. Take in mind: if someone steal the card, the content can be copied. If you want to prevent this, you must use authentication.

    The TapLinx team

    + 0  |  - 0

    Re: Card providing a different ID on every read

    22. April 2020 at 23:30
    Thanks for that, had assumed it was something similar, just a surprise given that I have 5 other reasonably recent chip cards from well known banks that don't do it.

    I understand the risks of depending on the UID, however it is just my garage, The likelihood of a physical breach is probably higher than someone with sufficient knowledge and access to my system to spoof or clone the UID. It'd take a brave individual to attempt, given the CCTV coverage in the area.

    Currently using a cheap controller that although perfectly functional is limited in it's configuration. Depending on the duration of the lockdown I have a bit of a plan to replace with a one of my own design.

    If they steal the card I'd be more worried about any spending spree, rather than them using it to access my garage.
    + 0  |  - 0

    Re: Card providing a different ID on every read

    23. April 2020 at 10:27
    Hi Mike,

    Sure, if someone steal my credit card I will be worried about my money and not of the opening of my garage.

    If your opening system is limited to UIDs, then the only option is to use another card. But the idea behind to use the UID in the registration process to the card reader is to allow more than one card in the field. If a reader finds two cards, then it can instruct one card to be quiet and communicate with the other card. This is part of the “anti-collision” (ISO/IEC 14443). In this process the real UID of the card is not relevant.

    The TapLinx team

    + 0  |  - 0
Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.