Skip to main content

Abstract

While badge cloning is an issue for magnetic cards, the fatal flaw is often the person holding the card who swipes without thinking. Student IDs act as a form of identification and serve many functions at the University of North Georgia. Students use their IDs when accessing their meal plan, Campus Cash, Dining Dollars, and even for authenticating at club events and resident halls. Faculty members also use their university IDs when accessing faculty-only areas in addition to the use of hard keys.

This paper contains an overview of magnetic stripe cards and their track formats, the information stored on each of the three tracks on the student ID, and which tracks of information within the card are required for use in varying scenarios. This goal is achieved by creating partial card clones and exploring the use of those card on the various systems which use them. This research also outlines the steps needed to carry out a badge cloning attack. The research process flow begins with the initial credential harvesting process using a standard card reader. Then, parsing and managing the stolen credentials using a database. Finally, ending the cloning process by writing the stolen credentials to a new blank card. Included in the research is a survey of the student body using the results to gauge the effectiveness of this proposed attack. Concluding this paper will be potential security recommendations to prevent and mitigate this attack.

Files

File nameDate UploadedVisibilityFile size
Mag_Stripe_Hacking__Exposing_the_Fatal_Flaw_with_Student_ID_Cards.webm
19 Jul 2022
Public
127 MB

Metrics

Metadata

  • Subject
    • Computer Science & Information Systems

  • Institution
    • Dahlonega

  • Event location
    • Poster Session

  • Event date
    • 26 March 2021

  • Date submitted

    19 July 2022

  • Additional information
    • Acknowledgements:

      Bryson Payne