[IP] more on Hacked Speedpass, Hotel mag cards

To: Ip Ip <ip@xxxxxxxxxxxxxx>
Subject: [IP] more on Hacked Speedpass, Hotel mag cards
From: David Farber <dave@xxxxxxxxxx>
Date: Thu, 22 Sep 2005 06:01:04 -0400
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
References: <33F4DCB8-44D9-473B-BEDD-AFBFBD250652@xxxxxxxxxxx>
Reply-to: dave@xxxxxxxxxx



Begin forwarded message:

From: Jim Thompson <jim@xxxxxxxxxxx>
Date: September 21, 2005 7:35:52 PM EDT
To: Dave Farber <dave@xxxxxxxxxx>, jadams01@xxxxxxxxxxx
Cc: Ip Ip <ip@xxxxxxxxxxxxxx>
Subject: Re: [IP] more on Hacked Speedpass, Hotel mag cards

So? In this case, we've got an actual, live individual makingfairly specific claims. Still could be a hoax, but as the snopespage points out, one chain did formerly do just what was claimed.Are you willing to bet that non-chains motels and hotels, andcheaper chains, aren't doing this? Snopes is good at documentingurban legends, but I don't regard that as superior to actuallytesting the cards and finding out the truth of the matter.
The follow-up from Robert Mitchell points something interesting out:
"What's interesting to me is that while everyone has an opinion asto whether its possible that hotels would - either knowingly orunknowingly - store such information on a card key, only one personwho posted here claims to have tried this at several hotels(without success). Given past discussions and all of the newsstories going back to at least 2003, I am surprised that no oneelse among this tech savvy group has tried this and reported in."
Hmm...now where could I find a tech-savvy group to supply data? Anythoughts?



Dave (and John),

There is a body of GPL code that would allow anyone to decode the mag-stripe on these types of cards named "Stripe Snoop"


http://stripesnoop.sourceforge.net/

The site includes instructions on how to build (or modify) a mag-stripe card reader: http://stripesnoop.sourceforge.net/hardware/hardware.html

A related toolkit allows the casual user to decode the 1-D and 2-Dbarcodes used on most state drivers licenses:

http://turbulence.org/Works/swipe/barcode.html

All that said, the Speedpass cards use a mag stripe, but ratherRFID. Its been hacked: http://rfidanalysis.org/

In my experience, the hotel room keys work as described.(Literally the only information is a room number and a limit on when the

room key is valid.)

However, your security can be compromised in other ways whilststaying in a hotel. On more than one occasion I've been handed a keywhich opens more than one room, and I've been handed a key for analready occupied room. (You can imagine the surprise of both parties

in that one.)

Also, the TV in your room has been cracked, with quite possiblenegative privacy aspects. http://www.wired.com/news/privacy/0,1848,68370,00.html


Jim



-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] Pledge-A-Picket Concept
Next by Date: [IP] Google's Card Catalog Should Be Left Open
Previous by thread: [IP] Pledge-A-Picket Concept
Next by thread: [IP] more on Hacked Speedpass, Hotel mag cards
Index(es):
- Date
- Thread