I Used My RFID Implant In My Hand As A Room Key, Hotel Staff Proceeded To Freak Out.
#31
Join Date: Aug 2008
Location: PHL
Programs: UA 1K 1MM, Marriott Gold, IHG Platinum, Raddison Platinum, Avis Presidents Club
Posts: 5,271
I thought it was funny that they asked you about copying a master key.
I've lost count how often I've walked pass a housekeeping cart and see a keycard just sitting on the cart. (Usually attached to some sort of lanyard or keychain so I assume the card is not an old one someone just left in the room)
I've lost count how often I've walked pass a housekeeping cart and see a keycard just sitting on the cart. (Usually attached to some sort of lanyard or keychain so I assume the card is not an old one someone just left in the room)
#32
FlyerTalk Evangelist
Join Date: Nov 2002
Location: ORD
Posts: 14,231
Y
I like where SPG is going with the low power bluetooth system they're using so you can use an iPhone/non-NFC phone as a room key... that's leaps and bounds more secure. I know they still offer NFC/RFID keycards, and I haven't had a chance to check one out, but I suspect they're using a more robust system... I'll know in due time, I have an Aloft stay coming up in the not so distant future.
I like where SPG is going with the low power bluetooth system they're using so you can use an iPhone/non-NFC phone as a room key... that's leaps and bounds more secure. I know they still offer NFC/RFID keycards, and I haven't had a chance to check one out, but I suspect they're using a more robust system... I'll know in due time, I have an Aloft stay coming up in the not so distant future.
#33
Join Date: Nov 2006
Programs: Seniors Bus Pass
Posts: 5,530
Horses, chips and passports
European regulations ...
http://europa.eu/rapid/press-release_IP-08-905_en.htm
Dogs also in parts of the UK.
Not sure I like the idea of me being tagged though!
Last edited by gfunkdave; Oct 20, 2016 at 1:15 pm Reason: fixed the quote
#34
FlyerTalk Evangelist
Join Date: Jun 2004
Location: LON, ACK, BOS..... (Not necessarily in that order)
Programs: **Mucci Diamond Hairbrush** - compared to that nothing else matters (+BA Bronze)
Posts: 15,132
I personally believe that security by obfuscation is ........, it's on the issuer to ensure security, if removing the IC from inside the card is some sort of security issue... then fix it. Though, I don't see how it could. I imagine none of the information on the card itself holds the account value/anything relating to the account that could permit fraud, it's simply a token that registers with the reader, and the account balance/account info is stored on a central system... doing it any other way is downright stupid, that's would be the same as your credit card company maintaining your account balance on the physical credit card.
I understand that they're free to enforce people using the actual keycard, and I certainly wouldn't push any buttons by trying to circumvent it. I purposefully avoid tinkering with payment related systems, it can go from experimenting to something seriously illegal very quickly.
I like the video, very fitting
I understand that they're free to enforce people using the actual keycard, and I certainly wouldn't push any buttons by trying to circumvent it. I purposefully avoid tinkering with payment related systems, it can go from experimenting to something seriously illegal very quickly.
I like the video, very fitting
#35
Join Date: Aug 2008
Location: Somewhere in Florida
Posts: 2,622
Yes, someone could theoretically duplicate the serial # of the RFID token just like skimmers are used with mag-stripe credit cards. The only way to get around that is two-factor authentication which has its own flaws.
I did some contract work for a Starwood property (which shall remain nameless) where the "master" key which unlocked all of the non-guest areas was simply a blank/unassigned RFID prox card. Electrical/HVAC rooms, engineering, the back offices, and yes, the server room. All of the PCI compliance in the world does no good if someone can physically access the POS system. ::facepalm::
#36
Join Date: Feb 2001
Location: London
Programs: AA EXP, SPG Plt
Posts: 2,607
Awesome story, but I think I'd have just told them I'm a magician and am doing a sleight of hand trick (can't show them the card as it would ruin the trick). Simple minds need simple explanations.
#37
Original Poster
Join Date: Oct 2016
Location: Detroit, MI
Programs: Delta - Diamond, IHG - Spire, Choice - Plat, Avis - Presidents Club
Posts: 46
Yeah... but I briefly explained it to the fellow smoker outside... I'm usually the type of person that cuts myself off and dumbs down whatever I'm about to say (sometimes I just say "it's ....ing magic"), but I felt it necessary to explain myself in this case because they knew just enough to be concerned and send police/kick me out of my room.
#38
Join Date: Jun 2008
Location: YVR
Programs: Aeroplan, AAdvantage
Posts: 2,100
Good god, have you read https://en.wikipedia.org/wiki/Daemon_(novel_series)? Don't make that book come alive.
#39
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
Very interesting to encounter someone doing this kind of thing. I figured it was a matter of time for someone to try this kind of implant thing.
At some point, the RFIDs may need replacement. Can't say I'd be a fan of having a series of foreign bodies implanted into my body and replaced just for the purpose of convenience.
At some point, the RFIDs may need replacement. Can't say I'd be a fan of having a series of foreign bodies implanted into my body and replaced just for the purpose of convenience.
#40
Join Date: Sep 2009
Location: Cambridge, UK
Programs: VS, BA, C, C++, IoT
Posts: 117
The thing that shocks me, as someone who's also worked on RFID systems, is that the hotel systems are passive. For anything resembling security, I'd have expected a challenge/response system. A basic pre-programmed static UID setup that makes cloning so easy that anyone with a cheap NFC-enabled Android phone could capture everything needed to duplicate a master key strikes me as bordering on culpable negligence. OK, a static system makes the cards cheaper, but that's easily addressed: the hotel only needs to charge a $10 deposit for active keys, refundable on key return, to more than cover the extra cost of lost keys, and motivate key return.
Last edited by jonsg; Oct 22, 2016 at 1:51 pm
#41
FlyerTalk Evangelist
Join Date: Jun 2005
Posts: 38,410
The thing that shocks me, as someone who's also worked on RFID systems, is that the hotel systems are passive. For anything resembling security, I'd have expected a challenge/response system. A basic pre-programmed static UID setup that makes cloning so easy that anyone with a cheap NFC-enabled Android phone could capture everything needed to duplicate a master key strikes me as bordering on culpable negligence. OK, a static system makes the cards cheaper, but that's easily addressed: the hotel only needs to charge a $10 deposit, refundable on key return, to more than cover the extra cost of the lost keys, and motivate key return.
#42
Join Date: Sep 2009
Location: Cambridge, UK
Programs: VS, BA, C, C++, IoT
Posts: 117
The processor on the card can be as dumb as something that simply reads and writes a bit of EEPROM (memory) - what I refer to as the "passive" type because it does no processing on the data - or something that has a bit of internal programmability and can do something more sophisticated with the data it receives. This is the "active" type I mentioned, which is capable of doing a bit of processing on the fly. That processing would be more than sufficient for a challenge/response exchange.
In case anyone doesn't know what I mean by challenge/response, a simple example is a method by which spies would authenticate with each other. Each would be given the same number. When they meet, A would say "Six" to B; B would say "Nine" to A. The number they both know is 15, 15 - 6 = 9, so B has authenticated with A. A could equally have said "Three", and B's answer had better have been "Twelve", or else!
In our terms, for an entry system, the operation would be more complex than simple subtraction from a larger number, but it doesn't need to be that complex: it just needs to be based on a secret (a magic number) that's stored in both lock and key-card, and changed for each successive occupant.
#43
Join Date: Nov 2008
Location: South Yorkshire, UK
Programs: A3*G, LH FTL, VS Red, Avis Preferred, Hertz President's Circle, (RIP Diamond Club)
Posts: 2,364
Hope I didn't post this in the wrong spot, apologies if I did, I wasn't sure exactly where to post this.
So, I have two RFID chips implanted into my hands (one in each hand), they were purchased from a well known manufacturer who follows all medical safety protocols (sterilizing, packaging, etc...). Both implants were done by my doctor, who also frequently checks for complications/issues (I've had none). I've had one in my left hand for two year, the other for 6 months.
Why two? Well, the first one is a more versatile type of RFID that I use to control various things around my house (unlock my door, open my garage, activate "scenes" with lights/shades/TV, to just name a few).
The second, more recent implant was done with the only objective being to use it with the very common MiFare Ultralight RFID systems. I'm actually the first person (that I know of... the community for this type of thing is quite small) with an implant of this type, and I've used it at ~10 hotels so far. Without getting too technical, I'll briefly explain how I'm able to clone my hotel room key. Most hotels use the MiFare Ultralight system because of it's low cost and ease of programming. In most cases cloning/copying the key cards is not possible, as the UID hard coded/locked into the key card has to match. Recently keycards with re-writable UIDs have become available from China, and the IC from those cards are what I have in my hand, I'm the human "beta tester" as I travel frequently to hotels with RFID keycard systems.
It's worked quite well, when I'm issued a key at the hotel I get into my room, and using a read/writer and some fairly "technical" programs (it can be done with an app on Android devices with NFC, or so I'm told) I copy the key to my hand. It really doesn't take much longer than it takes me to log on to the hotel WiFi, and it's pretty nice to not have to worry about losing a key. Plus you feel like some lazy wizard who only uses his power for mundane things like unlocking doors.
Today I was finally spotted using my hand-key, honestly I never really thought about hiding it. I was entering from a side entrance and an employee was smoking as I approached and was apparently watching closer than I thought because as soon as I swiped my hand they stopped me "Hey, how did you do that?!?" I knew this was going to be tough. I explained the implant in my hand, and that I can copy room keys onto it, in more basic terms than I'm using here. They seemed to think it was pretty odd, but neat, I continued about my business.
An hour later I hear a knock at my door... crap. I opened it and there was a two employees (one identified as a manager, the other... I have no idea) asking to speak with me. They came in, and asked about me being able to hack their doors with my hand... or something to that effect. I explained everything above, showing them the USB reader/writer I use and everything... I'm doing nothing wrong, I have nothing to hide.
It took a good bit of explanation and reasoning to convince them that I hadn't done something nefarious. They asked things like, Could I use it as a "master key"? Technically... yes, but I'd need to be VERY (10cm or so) to a master key to copy it, and that would be illegal. Also, just because I can doesn't mean I am... I can pick locks, doesn't mean I go around doing B&Es. After they understood it better they seemed to calm down and no longer think that I somehow had access to every door in the hotel... They still clearly think I'm absolutely insane, as I'm sure many of you will.
Lesson learned, I'll make sure to be less obvious about my use going forward... the world's just not ready for my "magic".
Disclaimer: I'm aware that RFID implants can be controversial, this isn't meant to be an endorsement/encouragement for anyone reading this to replicate what I'm doing. I do so under supervision from my doctor, and I wouldn't have it any other way.
So, I have two RFID chips implanted into my hands (one in each hand), they were purchased from a well known manufacturer who follows all medical safety protocols (sterilizing, packaging, etc...). Both implants were done by my doctor, who also frequently checks for complications/issues (I've had none). I've had one in my left hand for two year, the other for 6 months.
Why two? Well, the first one is a more versatile type of RFID that I use to control various things around my house (unlock my door, open my garage, activate "scenes" with lights/shades/TV, to just name a few).
The second, more recent implant was done with the only objective being to use it with the very common MiFare Ultralight RFID systems. I'm actually the first person (that I know of... the community for this type of thing is quite small) with an implant of this type, and I've used it at ~10 hotels so far. Without getting too technical, I'll briefly explain how I'm able to clone my hotel room key. Most hotels use the MiFare Ultralight system because of it's low cost and ease of programming. In most cases cloning/copying the key cards is not possible, as the UID hard coded/locked into the key card has to match. Recently keycards with re-writable UIDs have become available from China, and the IC from those cards are what I have in my hand, I'm the human "beta tester" as I travel frequently to hotels with RFID keycard systems.
It's worked quite well, when I'm issued a key at the hotel I get into my room, and using a read/writer and some fairly "technical" programs (it can be done with an app on Android devices with NFC, or so I'm told) I copy the key to my hand. It really doesn't take much longer than it takes me to log on to the hotel WiFi, and it's pretty nice to not have to worry about losing a key. Plus you feel like some lazy wizard who only uses his power for mundane things like unlocking doors.
Today I was finally spotted using my hand-key, honestly I never really thought about hiding it. I was entering from a side entrance and an employee was smoking as I approached and was apparently watching closer than I thought because as soon as I swiped my hand they stopped me "Hey, how did you do that?!?" I knew this was going to be tough. I explained the implant in my hand, and that I can copy room keys onto it, in more basic terms than I'm using here. They seemed to think it was pretty odd, but neat, I continued about my business.
An hour later I hear a knock at my door... crap. I opened it and there was a two employees (one identified as a manager, the other... I have no idea) asking to speak with me. They came in, and asked about me being able to hack their doors with my hand... or something to that effect. I explained everything above, showing them the USB reader/writer I use and everything... I'm doing nothing wrong, I have nothing to hide.
It took a good bit of explanation and reasoning to convince them that I hadn't done something nefarious. They asked things like, Could I use it as a "master key"? Technically... yes, but I'd need to be VERY (10cm or so) to a master key to copy it, and that would be illegal. Also, just because I can doesn't mean I am... I can pick locks, doesn't mean I go around doing B&Es. After they understood it better they seemed to calm down and no longer think that I somehow had access to every door in the hotel... They still clearly think I'm absolutely insane, as I'm sure many of you will.
Lesson learned, I'll make sure to be less obvious about my use going forward... the world's just not ready for my "magic".
Disclaimer: I'm aware that RFID implants can be controversial, this isn't meant to be an endorsement/encouragement for anyone reading this to replicate what I'm doing. I do so under supervision from my doctor, and I wouldn't have it any other way.