What Does A CIA Spy Carry Everyday? - YouTube @+10:38 in the video this guy talks about a technology that can be used for universal touch type hotel room key cards. He mentions it being just a piece of plastic and references it as being a card. My question is, is this something that is feasibly even possible at a consumer level? I don’t know much about the tap type of RFID technology hotel key cards use. But it seems incredibly interesting to me that all of the potential hardware configurations and vendors could somehow be compromised in a card type plastic physical package that is so universal. Whats everyones thoughts on this?
1 Like
Sounds like BS. If he said it worked for every door in a single hotel or a single hotel chain I’d say maybe because it could be a cloned master key. If he said it was for a single lock model I’d say maybe they found an exploit. I could loid a bunch of hotel doors with a plastic card because they aren’t installed well. That doesn’t have anything to do with electronic locks though.
1 Like
Definitely can be real. Either a cloned master key, or a custom key that has multiple master hotel keys programmed in, just select via button/screen. They could easily pull more custom codes from a DB of keys at vendor level for national security reasons (covertly), then load those onto a file the agent selects and upload/clone that key onto the card. Also some vendors come with a preset key for master, user 000001, etc. and there are usually just a few vendors (like prox) who do majority of setups. If you don’t believe this, just look up elevator key or handcuff key, there is one for each that works for 99% of models. People are lazy with design, “security through obscurity”
Just found this one: Hotel rooms worldwide can be hacked using a single keycard - TomoNews - YouTube There’s other examples via pen testers, look up “modern rouge”
1 Like
NGL… Pretty badass actually. Thanks for the response!
This supports my original point. It’s possible to generate a master key for a building and “maybe” a hotel chain. One key isn’t going to work everywhere. The second video says this vulnerability was patched 4 years ago. For the “magic key” to work they would have to find an unpatched vulnerability in every system at every hotel then keep it up to date. It doesn’t make sense to to cram every key from every hotel into one card. The card would have to keep spitting out master keys until one worked and you take the chance your magic card is outdated. It makes way more sense to flash a single master key to a card right before an engagement. Then you know it works.
Tell me they have software to generate a master key for nearly any hotel and I would believe that. I’d even believe that software runs on a phone. I don’t believe it can do every hotel and that they crammed it into a normal looking keycard.
2 Likes
Wouldn’t the front desk be notified as soon as one used this?
1 Like
It probably gets logged but it may get lost in the noise of legitimate traffic. There are people doing things like cleaning rooms and maintenance with authentic master keys. I don’t believe there is one magic key that works everywhere in every hotel but master keys are real.
1 Like
I worked at a hotel at the front desk for a few years. Most of the time there isn’t a log of which key card got used in which door. Now I’m sure there’s a hotel door locking system that record such info. But I personally never seen one to where you could look up key swipes based on each room lock. (UPDATE) MY FIANCE CURRENTLY WORKS AT THAT SAME HOTEL, AND THEY JUST UPGRADED THEIR SYSTEM. APPARENTLY ALL THAT INFORMATION IS LOGGED WITH THEIR NEW SYSTEM. WHEREAS THE OLD SYSTEM WAS A MAG SWIPE, IN THE NEW SYSTEM IS NFC TAP. AS FAR AS I KNOW THERE ARE ANY ACTIVE ALERTS FOR WHEN A PARTICULAR KEY CARD IS USED THOUGH. NOT SAYING IT IS IMPOSSIBLE OR EVEN A FEATURE OF THE NEW LOCKING SYSTEM THOUGH.
1 Like
Great information!