Comments on: Swipe locks

Question: Swipe locks

edgeways — Wed, 13 Jul 2005 21:55:40 -0800

Hotel keys and their locks. So I've been staying in a lot of hotels lately and everyone uses these swipe cards now.

I know they are time sensistive somehow and I guess I am just seeking an overview of how the system works for curiousity sake and perhaps sercuity sake.

1. Are there internal clocks in the reciver (door mounted unit)? If so, they run on batteries?
2. Would it be hard to crack such a system. (I know it would be very unlikely to happen, but from a Noob POV it seems like only a moderatly safe system)
3. Would it be hard to disable the door lock alltogeather using a strong magnet or othe device?

Considering the level of security these places have on their WiFi I wonder about this aspect of secuity as well.

This is a question only about those locks for curiosity, I am well aware to use the secondary locks at night, and to store anything truely valuable in a different location during the day. also, this is not a question to gain knoledge to be used neferiously.

By: Brian James

Brian James — Wed, 13 Jul 2005 22:36:37 -0800

I just know someone is going to chime in with an authoritative explanation, but in the meantime here is how I understand it.

The units do have a battery. But the way the "locks" work isn't really time sensitive, at least not normally. Each lock is programmed to accept a certain series of codes (each one stored on a guest's swipe card) in a certain order. (The hotel's lock computer keeps track of which locks expect which codes) When you check out of your room, the next guest in that room will get a keycard with the code that the lock expects after yours. When the lock sees this code, it knows to de-activate the previous one. The guest after that gets the next code, etc etc

About disabling the locks via magnets, I dunno. But my gut tells me the that the lock manufacturers probably thought of that.

By: symphonik

symphonik — Wed, 13 Jul 2005 23:02:30 -0800

There was actually a really good article on this in 2600, either in the current issue or the last, I forget. Read up and enjoy.

By: Jack Karaoke

Jack Karaoke — Wed, 13 Jul 2005 23:02:40 -0800

In my experience, the biggest risk in hotel security is social engineering. This isn't any help with your door lock Q, but I think it's reality. I've walked into hotels, said that I'm with so and so in room such and such, and walked out with a keycard. There are master keys too, and anytime there's a master key, there's a way for someone with ill intentions to get it, if only for a few minutes.

1. This lock runs on 4 AA batteries. It has a clock, but only for controlling when cards function. How it's set is a good question.
2. I would guess they're very tough to crack. If someone had access to the proper machinery, they might be able to duplicate a card, but cracking the entire system strikes me as ridiculous.
3. The solenoid which controls the latch mechanism is mounted parallel to the wall. You're not going to move it by pulling it at a 90 degree angle from the direction it wants to travel, so a simple big ol' magnet isn't going to do anything. I can think of ways to open it, but I ain't talking. Besides.. I'm no genius, anything I think of is certainly not news to these guys, I hope.

I think Brian is close.. everything I've read indicates that the locks operate fairly independent from the front desk. They read and generate keys. Each key is part of a sequence, and as long as there's a machine at the front desk which can generate duplicates and/or the next card in the sequence, the managment shouldn't have to fiddle with the lock too often. As I said, I think the weak point in the system is that you have potentially tired, distracted (stoned?) people handling your security.

You could chain your suitcase to the toilet I guess.

By: shepd

shepd — Wed, 13 Jul 2005 23:11:47 -0800

Which kind of swipe card?

If it's a magstripe lock, you can duplicate the card with an iron and some reel to reel audio tape...

By: LionIndex

LionIndex — Wed, 13 Jul 2005 23:16:45 -0800

The units do have a battery. But the way the "locks" work isn't really time sensitive, at least not normally.

I've stayed at a number of hotels where I had to refresh my keycard (with both the magnetic stripe and perforated varieties) due to the length of my stay. The cards generally seem to expire after a week. This may vary from hotel to hotel, but seems to be a security failsafe in case the staff forgets to update the locks at any point.

By: substrate

substrate — Thu, 14 Jul 2005 04:16:47 -0800

Ditto for what LionIndex says. I lived in a hotel for 4 months and every couple of weeks my security card would stop working then I'd have to go downstairs and get it updated.

By: Moondoggie

Moondoggie — Thu, 14 Jul 2005 05:41:52 -0800

Also, depending upon the size of the hotel, the codes can duplicate. We were staying in a hotel in... I think it was Houston awhile back. Got off on the wrong floor and were still able to get into our "room" which had a very large and very surprised man in it. We were all a little shaken by the experience as we went back to our correct floor. Of course, not so shaken that we didn't go try a few other floors that night for the good of science and humanity.

By: JPowers

JPowers — Thu, 14 Jul 2005 08:04:14 -0800

Here's an article that's pretty close to what you're looking for.

By: edgeways

edgeways — Thu, 14 Jul 2005 08:09:19 -0800

Thanks all

By: mbrubeck

mbrubeck — Thu, 14 Jul 2005 08:51:02 -0800

Some popular keycard locks are known to be vulnerable to manipulation with magnets. The magnets don't interfere with the electronics; they just manipulate the moving metal pieces directly. Here's an example.

And here's an example of a social engineering weakness: In a hotel in Colorado last summer, I left my card at the front desk in order to check out the paddles and puck for the air hockey table. When I returned the equipment, the clerk asked for my room number, stuck a blank card into his computer, and programmed it with the number I provided. I could easily have gotten a key to any room in the hotel, just by asking!