I’m wondering if anyone has put together information documents on the xEM implant to present for work. I finally convinced my work to look into using my implant instead of my proxy card. Its a bigger company so I’ve had to slowly go up the ladder to get approval. The problem is they have to send it up to corporate for final decision, and they want some files on the technology to have an informed conversation about it. The catch is they want some relatively short and to the point. I was hoping someone else might have came across this with their work and would have some kind of information package to help move things along.
@amal, you can find some documents on DT “Dangerous Things”. But Amal can most likely PM everything conceiving needed as far as documentation.
Ask @amal if he has time to video conference with them during the meeting
Sure I’d do that via Skype
First tell me about your badge… what technology is it? Is the plan to clone your badge to the implant? Let me know those things and I’ll offer a concise response.
We use an HID prox system i dontt know the exact details about it besides that it uses 125khz. I just got off work and don’t have my card with me
@amal I should also mention that i don’t mind cloning my current access badge but I want to try and go through the company and get them on boar with it. Partially because i don’t want any trouble with the the company but mostly to raise awareness of the benefits of using an implant. So far almost no one at my work even knew implantable chips existed. And the ones that have heard of them had such a horribly misinformed knowledge base about it. I know its not likely but I’d like to think one day people can have an open and informed conversation and maybe a few more people might be interested in getting a chip of their own.
gotcha… well I didn’t have time to do a big write-up so here goes…
Expect to shatter some expectations. I guarantee your work people consider the badge system to be “secure” even though it isn’t. It’s not their fault really, it was sold to millions of businesses as a “secure access solution” by HID… ridiculous.
The next mind shattering thing you’re going to probably have to lay down on them is a complete re-working of how they understand they should be operating their access control system. I bet they, like basically every business I’ve ever come across, believes that if they control the physical badge, they control access… so they fight like hell to get that badge or keyfob or card back from people when they are let go… but this is dumb. They should be tossing those fobs or cards or badges, or really not even worry about recovering them honestly… they should always remove the UID from the system and consider THAT to be the way security is maintained, not fussing over a physical badge. Now, if the badges were actually secure, that would be a different story… but they aren’t… so fighting to get a physical badge back from an employee who’s been let go is a complete waste of time and gives a false sense of security which can be dangerous, depending on where you work.
I would start them off with this;
So basically, their heads are probably going to be melting at this point… so I would present your argument in written form and leave it to them to mull over… don’t stand there waiting for an answer, because you will be asking a shell shocked manager to make a decision with the realization that they’ve been operating under false assumptions and what you want to do could be even more dangerous than what they just discovered. I would make the argument that since the badges are not secure anyway and this is not only possible but is dead simple to do, like making a copy of a key at the hardware store, that they should 1) change how they treat IDs in the system and consider those ID numbers THE PRIMARY ACCESS IDENTIFIER and forget the cards or fobs that report those IDs… and 2) if they shift focus to managing IDs in the system and not managing physical credentials, then it would not be any different in terms of how the system “sees” you when you present your card or badge or implant… it’s all the same to the system, so there’s nothing really at risk here.
Or. they could just say “cool” and let you do it without so much as a peep… dunno.