Badge cloning is the act of copying authentication data from an RFID badge's microchip to another badge. In an attack scenario, badge cloning is useful because it enables the attacker to obtain authorization credentials without actually stealing a physical badge from the organization. Badge cloning can be done through handheld RFID writers, which are inexpensive and easy to use. You simply hold the badge up to the RFID writer device, press a button to copy its tag's data, then hold a blank badge up to the device and write the copied data. You now have a cloned badge. What's more, certain badge cloning tools can read the data like any normal RFID reader, in that the reader can be several feet away and concealed inside a bag.

Note that badge cloning is most effective on older RFID badge technology that uses the 125kHz EM4100 protocol. This technology does not support encryption and will begin transmitting data to any receivers that are nearby. Newer RFID badge technology uses higher frequencies that increase the rate at which data can be sent, and subsequently, supports encryption. These badges only broadcast certain identifying attributes, rather than all authentication data on the badge.

Despite the advances in security, these encryption-based badges can still be cloned with the right tools. All it takes is an Android device with NFC capabilities and a cloning app. Certain apps will contain the default encryption keys that are issued by the badge's manufacturer. Many organizations fail to change these keys, and as a result, you can easily copy the badge's data to a new badge through NFC.