How easily access cards can be cloned and why your PACS might be vulnerable

This report explains how physical access control systems (PACS) can be subverted through cloning of RFID tokens, detailing the reader–token interactions, weaknesses in legacy technologies (e.g., HID Prox, iCLASS), and the risks of default encryption keys even in modern systems (e.g., SEOS). It describes attacker methods using long-range readers and tools like Proxmark3 to capture and replicate credentials, and provides practical mitigations including enforcing custom encryption keys, securing readers/controllers/servers, and proper PACS configuration to reduce cloning risk.