Badge Cloning is Easier Than You’d Expect

the exploit blog logo
The Exploit: Penetration Testing Insights From The Frontlines
Posted on August 21, 2020
Badge Cloning is Easier Than You’d Expect

Written by Raxis Research Team

You would be hard pressed to find a company or an organization that doesn’t issue employee badges to every employee on Day one. These radio frequency identification cards usually include employee pictures as well as an electronic tag that allows access to secured doors throughout the building. The cards let IT teams know who went where and when. Companies love them because they are inexpensive and easy to manage. 

How Easy is it to Clone an Electronic Access Badge?

What a lot of companies don’t realize, however, is that the technology to read and duplicate the cards is relatively inexpensive and easy to obtain by almost anyone. Unless you take proper precautions, the badge you’ve issued for security could become a vulnerability.

Check out this video to see just how easy it is for someone with criminal intentions to gain access to secured areas of your building. The Raxis team has used this technique very successfully over the years on our red team engagements. 

As the video demonstrates, the process is simple and fast. Even if you know what to look for, it’s hard to spot when it’s happening. 

At Raxis, our assessments are meant to identify real-world vulnerabilities that may otherwise go unnoticed. We are here to attack – in a completely ethical way – and show you how to make your company a harder target for hackers.

Raxis Research Team

Raxis Research Team
The Raxis Research Team is dedicated to staying ahead of the threat landscape. Our experts dig into emerging exploits, uncover hidden vulnerabilities, and develop resources that power our penetration testing engagements. By combining curiosity with technical precision, the team equips Raxis testers with cutting-edge intelligence to simulate real-world attacks and strengthen client defenses.

About The Exploit

The Exploit is written by Raxis penetration testers. Every post is a technical writeup from someone who runs engagements for a living, with code, command output, and the reasoning behind each step. Topics include exploit research, vulnerability disclosure, tool development, and the offensive techniques showing up in current client work.

Search The Exploit Blog

Raxis Discovered CVEs

View the CVEs that Raxis engineers have uncovered and submitted.

Blog Categories

Join Our Newsletter

Name(Required)
Newsletter(Required)
Do you wish to join our newsletter? We send out emails once a month that cover the latest in cybersecurity news. We do not sell your information to other parties.