Slashdot Mirror

← Back to Stories (view on slashdot.org)

What's On Your Hotel Keycard

Posted by CmdrTaco on from the get-your-paranoia-on dept.

Lam1969 writes "From Robert Mitchell's blog on Computerworld: '... Wallace, IT director at AAA Reading-Berks in Wyomissing, Penn. has been bringing a card reader with him on business trips to see what's on the magnetic strips of his hotel room access cards. To his dismay, a surprising number have contained his name and credit card information - and in unencrypted form.' " Update: 09/20 19:10 GMT by J : Snopes, as of two months ago, says this is false.

9 of 416 comments (clear)

  1. Re:Illegal? by Anonymous Coward · · Score: 5, Insightful

    Now admittedly this country has gone to hell, but why in the world would you think a card reader would be illegal?

    That is incredibly depressing.

    For the government, and its media cronies to have you in the state of mind where you feel that you should not have access to something like a card reader is sad and pathetic.

  2. Information On Card by Daveznet · · Score: 5, Insightful

    Why would the Hotel need to put straight Credit Card information onto the card? This doesnt make any sense. Why wouldnt they just use some sort of key to tie your swipe card to your account on their system. This way if you DO lose your card and it isn't cancelled in time someone who decides to use it can only use it within the Hotel where it can then easily be tracked.

    --
    GL HF!
  3. Better idea! by czarangelus · · Score: 3, Insightful

    Instead of using a hotel keycard, they should code the lock to allow you to open your door with your own credit card. That's something you're far more likely to take good care of, and then you don't have to worry about duplicates of that information floating around.

    --
    When a true genius appears, you can know him by this sign: that all the dunces are in a confederacy against him.
  4. You're kidding, right? by swb · · Score: 5, Insightful

    I know a lot of people (including myself, until now) simply assumed the card had some magick code on it that opened the door, and once they checked out, the code stopped working, so key cards got:

    1) left in the room when you walked out. There's probably a box on the cleaning carts where they get chucked. Highly insecure.

    2) left in the rental car or wherever. You're done with it and presumably it has no information relevant to you.

    3) idly thrown away (probably the most secure, provided its a sufficiently yucky trash can)

    4) Taped to office doors or cube walls to make a "gee, I travel a lot" mosaic.

    The idea that they're somehow secure because they MIGHT get stored and reused seems laughable.

  5. Re:I don't get it by AK+Marc · · Score: 3, Insightful

    As opposed to the employee that can just print out the same information, take home the printout, and go shopping at your expense? Seriously, it may be an additional location where your information is stored, but it isn't anything that the front desk doesn't already have ample access to.

    --
    Learn to love Alaska
  6. Data Recovery by Kadin2048 · · Score: 4, Insightful

    Using a regular card reader I'm pretty confident you could only get one "generation." To get the next one you'd have to use some pretty specialized equipment. And I'm not sure it would be a sure thing either, provided that the information was recorded into the stripe using the same equipment and the same power level.

    However if the hotel personnel sometimes used card reader/writer A, which has low power, but occasionally reader B, which has an ever so slightly higher power level, then assuming the last one used was A, you ought to be able to get at least 2 records off of the card, because the last record from B will be buried a little deeper in the strip than the overwrite by A.

    Or if you had 3 card reader/writers, each at slightly different power levels, and used them in the right order, you might be able to reconstruct 3 sets of data from the card.

    The analogy I'm thinking of is like how (analog) HiFi audio is written to a VHS tape: it's recorded onto the tape underneath the video signal, using a recording head where the flux pattern goes deeper into the recording medium. (It's also separated by virtue of an FM carrier and the azimuth angle of the recording heads, which you wouldn't have on a magnetic stripe card.)

    I've read some articles on recovering overwritten information from linear magnetic tape (Nixon tapes, etc.) and it's no easy task. The usual way to do it is to just look for areas of the tape near the edges that weren't saturated by the erase head the second time around. I'm fairly confident in saying that recovery of two sets of data, made by the same reader/writer, would be non-trivial.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  7. Re:I remember this hoax . . . by lxs · · Score: 3, Insightful

    For someone from a community that has a healthy scepticism to all things published both on- and offline, the average slashdot reader appears to have an unshakable faith in snopes.com

  8. Re:Ironic: Debunking the Debunking by DerekLyons · · Score: 3, Insightful
    It's sort of odd, that at first there was this urban myth saying you needed to worry, and then Snopes "debunked" it, and now we have good evidence from a person who actually took a card reader and checked some cards (as opposed to Snopes, who just called Doubletree, apparently), saying that the original hoax actually was on to something, after all.
    No, we don't have good evidence - we have a posting on a blog.
    None of this changes the Slashdot article at all, assuming that we trust the author to not be fabricating his results with the card reader completely (and I have no reason to believe that).
    We have no reason to make an assumption either way - that this is a hoax, or that he is telling the truth.
  9. Re:Illegal? by thparker · · Score: 4, Insightful
    Think about it, if your computers went down, and all you had were your customers keycards... they want to be able to bill you no matter what.

    I find this whole article suspect. Just the other day when I checked into a Sheraton, the computer system was down. No reservation data (they had a faxed list from some other location), no swiping of the credit card, nothing. Still, I could get my keycard and get into my room -- because the keycard encoding was part of a completely different system.

    I'm not suggesting that when all systems are online that additional info couldn't be passed to the keycard, but I don't buy it.