Proxmark 3 Bypasses Millions of Hotel Rooms
The Proxmark 3 RDV appears to:
- Read an original hotel card in Stand-Alone mode
- Determine the Master Key for the Site Installation
- Use this Master Key to generate a Master Badge for the Site
- Emulate the badge in Stand Alone Mode.
From the information and videos surfacing in the press, it would appear that F-Secure have cracked the Ving Card encryption algorithm, allowing for unfettered access to any site.
In theory, this attack could be used to:
- Snatch a card from a hotel patron, and access any room / area
- Upgrade your own hotel card to an all-access card
A full explanation video can be seen here:
Implementations aside, this is a testament to the Proxmark's flexibility as a device, and its Open-Source framework, easily allowing for security professionals to adapt the device to their own requirements.