Abstract
While badge cloning is an issue for magnetic cards, the fatal flaw is often the person holding the card who swipes without thinking. Student IDs act as a form of identification and serve many functions at the University of North Georgia. Students use their IDs when accessing their meal plan, Campus Cash, Dining Dollars, and even for authenticating at club events and resident halls. Faculty members also use their university IDs when accessing faculty-only areas in addition to the use of hard keys.
This paper contains an overview of magnetic stripe cards and their track formats, the information stored on each of the three tracks on the student ID, and which tracks of information within the card are required for use in varying scenarios. This goal is achieved by creating partial card clones and exploring the use of those card on the various systems which use them. This research also outlines the steps needed to carry out a badge cloning attack. The research process flow begins with the initial credential harvesting process using a standard card reader. Then, parsing and managing the stolen credentials using a database. Finally, ending the cloning process by writing the stolen credentials to a new blank card. Included in the research is a survey of the student body using the results to gauge the effectiveness of this proposed attack. Concluding this paper will be potential security recommendations to prevent and mitigate this attack.
Files
| Thumbnail | File name | Date Uploaded | Visibility | File size | Options |
|---|---|---|---|---|---|
Mag_Stripe_Hacking__Exposing_the_Fatal_Flaw_with_Student_ID_Cards.webm | 19 Jul 2022 | Public | 127 MB |
Metadata
- Subject
Computer Science & Information Systems
- Institution
Dahlonega
- Event location
Poster Session
- Event date
26 March 2021
- Date submitted
19 July 2022
- Additional information
Acknowledgements:
Bryson Payne