I always keep them, mostly as a souvenir, which I usually end up throwing away soon after going home. It's also laziness, I never go to the front to check out, straight down to my vehicle, so no reason to pass by 'the box' to return it.
Ever since automatic check out I just leave and toss the key cards. I imagine many others do the same. I also have left key cards in my room and assumed housekeeping would collect them, but I bet they just throw them away as well under the theory that they’re cheap enough that it’s not worth the hassle to sanitize them or risk them being damaged and causing issues for the next guest. I would bet that even for the ones that ARE returned, they don’t re-use them.
Yeah, back story on this talk. Alot of their data had to be glossed over, or as they said in the video, had to slow the release of the information or else finding a venue for Defcon would be difficult next year.
I was in a hotel one time and their machine for cutting cards was on reception where are guests could reach it together with a note that said the password is 0000
There is a hotel chain in Tennessee that uses the same 4 codes for all of their rooms. Yes, you have a 1 in 4 chance your card works on the wrong room. That's exactly what you want to learn with a hotel room filled with wreck diving equipment.
Saflok sucks. I worked for a hotel/resort and they used saflok's latest model. Which all the locks were controlled by one of our servers (AS/400) and if something went wrong, all the doors were f*cked until that problem was resolved.. and guess who has horrible after hours customer support? Thats right, Dormakaba!
what is bad about a 256bit random number, that is stored on the card and inside the lock? cant they reprogram the lock from the front desk? via the power cable? OneWire?
During an attack, if you resequence the lock to the lowest sequence number, it seems likely that would avoid invalidating any existing keys. That would make the attack extremely unlikely to be detected unless audit logging is implemented.
People with bad intentions probably just didn't disclose. Hotel thefts and stuff don't make much media attention. It's probably much more on the high-level espionage and targeted people than petty thieves checking random rooms.
Same reason lockpicking is so rare in crime despite the vast majority of locks being easily exploited, a pair of boltcutters is still faster and works every time. The average criminal finds it much easier to lift a keycard off the housekeeping cart. Much like the vast majority of high profile ransomware and data breech attacks trace back to a social engineering attack or supply-chain attack instead of some Rube Goldberg-esque chain of complex zero-day exploits.
Dang it, a sequence number must be what causes me not to be able to access my room when I leave for the day and then come back after housekeeping. They must have a higher sequence number than me and they invalidate my key. I always have to go to the front desk to get him to fix it.
You didn't listen to the full talk. They said during Q&A that the sequence number is card-level specific, so no, the housekeeping key doesn't change the guest-level sequence.
@iaeeniaeen1898 at the point I added this comment I hadn't watched the whole thing, I tend to log comments as I'm watching the videos not at the very end
Some people forget, some cards get left in the room and housekeeping throws them away, etc. If I pay $1500 for a hotel for a week (did that last week in SF), and then get charged $10 for a $0.50 piece of plastic, I'd be annoyed. The hotels just eat that L, and in my opinion, kinda rightfully so. They also don't charge you for e.g. using more soap, or not hanging the towels, or turning the air conditioner a degree lower or higher. It's just a cost of running business, especially since a pack of 500 of those cards is usually like $200 or less.
The vast majority of hotels I stay at tell you not to come to the front front desk unless you want a paper receipt. If it was a requirement they'd tell you/have a sign.
The most surprising part of this talk is that less than 25% of door cards are returned when people check out, who keeps the door card?
Obviusly hackers keep them :)
I keep them as a souvenir, (and to encourage them to change their keys.)
I always keep them, mostly as a souvenir, which I usually end up throwing away soon after going home. It's also laziness, I never go to the front to check out, straight down to my vehicle, so no reason to pass by 'the box' to return it.
Ever since automatic check out I just leave and toss the key cards. I imagine many others do the same. I also have left key cards in my room and assumed housekeeping would collect them, but I bet they just throw them away as well under the theory that they’re cheap enough that it’s not worth the hassle to sanitize them or risk them being damaged and causing issues for the next guest.
I would bet that even for the ones that ARE returned, they don’t re-use them.
@@swilson42 I love how you think they sanitise key cards. They definitely do re-use them.
"Deadbolt override" is why I always bring my own lock when staying in a hotel
That's why I bring my own heavy duty steel door.
That is why I bring my own building.
What happens when you (the person, body, mech, whatever) are the infrastructure?
I'm with Iceman, this was awesome research. Good job guys, true role models from research process to disclosure to presentation skills :)
Yeah, back story on this talk. Alot of their data had to be glossed over, or as they said in the video, had to slow the release of the information or else finding a venue for Defcon would be difficult next year.
I love the Q&A at the end. Of course DeviantOllam and Iceman are in the audience.
I was in a hotel one time and their machine for cutting cards was on reception where are guests could reach it together with a note that said the password is 0000
There is a hotel chain in Tennessee that uses the same 4 codes for all of their rooms.
Yes, you have a 1 in 4 chance your card works on the wrong room.
That's exactly what you want to learn with a hotel room filled with wreck diving equipment.
Saflok sucks. I worked for a hotel/resort and they used saflok's latest model. Which all the locks were controlled by one of our servers (AS/400) and if something went wrong, all the doors were f*cked until that problem was resolved.. and guess who has horrible after hours customer support? Thats right, Dormakaba!
I’m not sure anyone else in the audience knows what an AS/400 is.
How come the audio out is almost always with static or buzzing?
It stops 9 minutes into the talk at least
you are listening on a mac 😅
Tech guys didn't bother employing A/V guys.
what is bad about a 256bit random number, that is stored on the card and inside the lock? cant they reprogram the lock from the front desk? via the power cable? OneWire?
During an attack, if you resequence the lock to the lowest sequence number, it seems likely that would avoid invalidating any existing keys. That would make the attack extremely unlikely to be detected unless audit logging is implemented.
If they just resequence emergency cards... it probably never will be noticed :)
When that second question asker came up I was like hey I know that voice.
Lennert is dope! Instant click..
You’d think with all this knowledge you’d sort out the audio
$100k/year for vegas hotels is so far down in the noise floor it isn't funny
The real question is now that the hotels know their security is garbage what will they do?
Crazy that this was vulnerable for so long. Wouldn't there be more people with bad intentions trying to figure this out?
People with bad intentions probably just didn't disclose. Hotel thefts and stuff don't make much media attention. It's probably much more on the high-level espionage and targeted people than petty thieves checking random rooms.
Same reason lockpicking is so rare in crime despite the vast majority of locks being easily exploited, a pair of boltcutters is still faster and works every time.
The average criminal finds it much easier to lift a keycard off the housekeeping cart. Much like the vast majority of high profile ransomware and data breech attacks trace back to a social engineering attack or supply-chain attack instead of some Rube Goldberg-esque chain of complex zero-day exploits.
Dang it, a sequence number must be what causes me not to be able to access my room when I leave for the day and then come back after housekeeping. They must have a higher sequence number than me and they invalidate my key. I always have to go to the front desk to get him to fix it.
You didn't listen to the full talk. They said during Q&A that the sequence number is card-level specific, so no, the housekeeping key doesn't change the guest-level sequence.
@iaeeniaeen1898 at the point I added this comment I hadn't watched the whole thing, I tend to log comments as I'm watching the videos not at the very end
The hotels are losing cards to guests not returning them? Charge the guest for taking a keycard!
Some people forget, some cards get left in the room and housekeeping throws them away, etc. If I pay $1500 for a hotel for a week (did that last week in SF), and then get charged $10 for a $0.50 piece of plastic, I'd be annoyed. The hotels just eat that L, and in my opinion, kinda rightfully so.
They also don't charge you for e.g. using more soap, or not hanging the towels, or turning the air conditioner a degree lower or higher.
It's just a cost of running business, especially since a pack of 500 of those cards is usually like $200 or less.
Just checked, the cards from the talk (mifare classik 1k cards) are
The vast majority of hotels I stay at tell you not to come to the front front desk unless you want a paper receipt.
If it was a requirement they'd tell you/have a sign.
@@Fs3iI'd imagine a hotel chain buys tens of millions a year and probably pays a fraction of what a public price would be
Yeah , 5 cent surcharge
Defcon! Give me a job as a sound engineer, please.
Fire your sound guy. jesus
Defcon was too busy trying to screw the badge guy to spend any money on sound.
I wouldn’t say fire ‘m. But give him some help asap.
Sound EnGiNeEr*
It's not even that bad. Sheesh
I recognize that voice!!!!!
Guy on the left is cute asf
do u mean "on the right"?
So who wrote the py for the proxmark3?
Dev? 35:05
☠☠☠☠😺😺😺😺
I really don't like these over explained talks! They alway start with : What grandma eat back in 1900 in the morning at 7:21....