How safe is it to use NXP's NTAG216 with pwd and pack authentification for room access control? On the official nxp site the target application for NTAG216 is not access control.
The data on our tags is read and write protected by the pwd. We are using different pwds and packs for each tag.
As we understand the datasheet of NTAG216 it is not possible to read pwd and pack, is this correct?
That depends on how secure you want your access control to be.
In short, the NTAG216 password gets transmitted by the reader in clear text, so all that an attacker has to do is to spoof and replay it at the secured door. That can be done even at a distance of several meters.
With the right equipment it would take me about two hours to break an access control system based on the NTAG216.
Then on the other hand lots of hotels are still using the completely broken mifare classic tags for access control and no one seems to care.