HID Global Reader Configuration Cards
Monitor5.3ICS-CERT ICSA-24-037-02Feb 6, 2024
Attack VectorPhysical
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
HID Global configuration cards (iCLASS SE and OMNIKEY Secure Elements) can have their credential and device administration keys extracted by an attacker with physical access. These extracted keys could be used to create malicious configuration cards or forge credentials, enabling unauthorized access to protected facilities. The vulnerability requires the attacker to be physically close to or in possession of the configuration card; it is not remotely exploitable.
What this means
What could happen
An attacker with physical access to HID configuration cards could extract credential and device administration keys, then use those keys to create malicious cards or forge credentials to gain unauthorized access to facilities or systems protected by HID readers.
Who's at risk
Facilities and organizations using HID iCLASS SE or OMNIKEY Secure Element readers for physical access control, particularly those managing credential cards and configuration cards. This affects security administrators responsible for badge readers, access control systems, and card issuance in government buildings, corporate facilities, data centers, and critical infrastructure sites.
How it could be exploited
An attacker must be in physical possession of or very close to a configuration card. They can then communicate directly with the card using specialized equipment to extract the credential and administrative keys stored on it. Once extracted, these keys enable creation of counterfeit configuration cards or fraudulent credentials.
Prerequisites
- Physical possession of or close proximity (inches) to the configuration card
- Specialized NFC/proximity card reading equipment
- No valid credentials or authorization needed
No patch available for configuration cards themselvesPhysical attack vector (requires attacker proximity/possession)No authentication required for extraction from unprotected cardsLow exploit complexityHigh impact (keys enable forgery of all credentials and administrative access)
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
OMNIKEY Secure Elements reader configuration cards: vers:all/*All versionsNo fix (EOL)
HID iCLASS SE reader configuration cards: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2HARDENINGSecurely destroy all unneeded configuration cards to eliminate potential attack targets
HARDENINGRestrict physical access to configuration cards; store in secure, monitored locations
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
HOTFIXUpdate iCLASS SE reader firmware to version 8.6.0.4 or higher, then use HID Reader Manager application to disable configuration card acceptance on readers
WORKAROUNDRequest a HID 'Shield Card' from HID support to prevent further configuration changes via configuration cards (for OMNIKEY, iCLASS SE modules, and processors)
HOTFIXFor customers using standard keys or concerned their keys are compromised, contact HID about enrolling in the free Elite Key upgrade program to re-key readers and credentials
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/6962ca34-d357-4de5-a3b4-ea5aa5b1977c