Interesting People mailing list archives
more on Hacked Speedpass, Hotel mag cards
From: David Farber <dave () farber net>
Date: Thu, 22 Sep 2005 06:01:04 -0400
Begin forwarded message: From: Jim Thompson <jim () netgate com> Date: September 21, 2005 7:35:52 PM EDT To: Dave Farber <dave () farber net>, jadams01 () sprynet com Cc: Ip Ip <ip () v2 listbox com> Subject: Re: [IP] more on Hacked Speedpass, Hotel mag cards
So? In this case, we've got an actual, live individual making fairly specific claims. Still could be a hoax, but as the snopes page points out, one chain did formerly do just what was claimed. Are you willing to bet that non-chains motels and hotels, and cheaper chains, aren't doing this? Snopes is good at documenting urban legends, but I don't regard that as superior to actually testing the cards and finding out the truth of the matter.The follow-up from Robert Mitchell points something interesting out:"What's interesting to me is that while everyone has an opinion as to whether its possible that hotels would - either knowingly or unknowingly - store such information on a card key, only one person who posted here claims to have tried this at several hotels (without success). Given past discussions and all of the news stories going back to at least 2003, I am surprised that no one else among this tech savvy group has tried this and reported in."Hmm...now where could I find a tech-savvy group to supply data? Any thoughts?
Dave (and John),There is a body of GPL code that would allow anyone to decode the mag- stripe on these types of cards named "Stripe Snoop"
http://stripesnoop.sourceforge.net/The site includes instructions on how to build (or modify) a mag- stripe card reader: http://stripesnoop.sourceforge.net/hardware/ hardware.html
A related toolkit allows the casual user to decode the 1-D and 2-D barcodes used on most state drivers licenses:
http://turbulence.org/Works/swipe/barcode.htmlAll that said, the Speedpass cards use a mag stripe, but rather RFID. Its been hacked: http://rfidanalysis.org/
In my experience, the hotel room keys work as described. (Literally the only information is a room number and a limit on when the
room key is valid.)However, your security can be compromised in other ways whilst staying in a hotel. On more than one occasion I've been handed a key which opens more than one room, and I've been handed a key for an already occupied room. (You can imagine the surprise of both parties
in that one.)Also, the TV in your room has been cracked, with quite possible negative privacy aspects. http://www.wired.com/news/privacy/ 0,1848,68370,00.html
Jim ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Hacked Speedpass, Hotel mag cards David Farber (Sep 22)
- <Possible follow-ups>
- more on Hacked Speedpass, Hotel mag cards David Farber (Sep 22)
- more on Hacked Speedpass, Hotel mag cards David Farber (Sep 22)