Obviusly hackers keep them :)

I keep them as a souvenir, (and to encourage them to change their keys.)

I always keep them, mostly as a souvenir, which I usually end up throwing away soon after going home. It's also laziness, I never go to the front to check out, straight down to my vehicle, so no reason to pass by 'the box' to return it.

Ever since automatic check out I just leave and toss the key cards. I imagine many others do the same. I also have left key cards in my room and assumed housekeeping would collect them, but I bet they just throw them away as well under the theory that they’re cheap enough that it’s not worth the hassle to sanitize them or risk them being damaged and causing issues for the next guest. I would bet that even for the ones that ARE returned, they don’t re-use them.

@@swilson42 I love how you think they sanitise key cards. They definitely do re-use them.

That's why I bring my own heavy duty steel door.

That is why I bring my own building.

What happens when you (the person, body, mech, whatever) are the infrastructure?

Funny. Hotel invites hackers to test their security. Hackers find holes in security. Hotels no like hackers anymore. 😂

There is a hotel chain in Tennessee that uses the same 4 codes for all of their rooms. Yes, you have a 1 in 4 chance your card works on the wrong room. That's exactly what you want to learn with a hotel room filled with wreck diving equipment.

I’m not sure anyone else in the audience knows what an AS/400 is.

If they just resequence emergency cards... it probably never will be noticed :)

It stops 9 minutes into the talk at least

you are listening on a mac 😅

Tech guys didn't bother employing A/V guys.

People with bad intentions probably just didn't disclose. Hotel thefts and stuff don't make much media attention. It's probably much more on the high-level espionage and targeted people than petty thieves checking random rooms.

Same reason lockpicking is so rare in crime despite the vast majority of locks being easily exploited, a pair of boltcutters is still faster and works every time. The average criminal finds it much easier to lift a keycard off the housekeeping cart. Much like the vast majority of high profile ransomware and data breech attacks trace back to a social engineering attack or supply-chain attack instead of some Rube Goldberg-esque chain of complex zero-day exploits.

Some people forget, some cards get left in the room and housekeeping throws them away, etc. If I pay $1500 for a hotel for a week (did that last week in SF), and then get charged $10 for a $0.50 piece of plastic, I'd be annoyed. The hotels just eat that L, and in my opinion, kinda rightfully so. They also don't charge you for e.g. using more soap, or not hanging the towels, or turning the air conditioner a degree lower or higher. It's just a cost of running business, especially since a pack of 500 of those cards is usually like $200 or less.

Just checked, the cards from the talk (mifare classik 1k cards) are

The vast majority of hotels I stay at tell you not to come to the front front desk unless you want a paper receipt. If it was a requirement they'd tell you/have a sign.

​@@Fs3iI'd imagine a hotel chain buys tens of millions a year and probably pays a fraction of what a public price would be

Yeah , 5 cent surcharge

You didn't listen to the full talk. They said during Q&A that the sequence number is card-level specific, so no, the housekeeping key doesn't change the guest-level sequence.

@iaeeniaeen1898 at the point I added this comment I hadn't watched the whole thing, I tend to log comments as I'm watching the videos not at the very end

Defcon was too busy trying to screw the badge guy to spend any money on sound.

I wouldn’t say fire ‘m. But give him some help asap.

Sound EnGiNeEr*

It's not even that bad. Sheesh

do u mean "on the right"?

I was thinking he looks just like me but chubbier. Glad I'm handsome