Proxmark 3 RDV2 Bypasses Millions of Hotel Rooms

Posted by Lab401 Steve on

InfoSec firm F-Secure, as widely reported, have managed to cracked Assa Abloy's Ving Card system using the Proxmark 3 RDV2.

The Proxmark 3 RDV appears to:

  • Read an original hotel card in Stand-Alone mode
  • Determine the Master Key for the Site Installation
  • Use this Master Key to generate a Master Badge for the Site
  • Emulate the badge in Stand Alone Mode.

From the information and videos surfacing in the press, it would appear that F-Secure have cracked the Ving Card encryption algorithm, allowing for unfettered access to any site.

In theory, this attack could be used to:

  • Snatch a card from a hotel patron, and access any room / area
  • Upgrade your own hotel card to an all-access card

A full explanation video can be seen here:

Implementations aside, this is a testament to the Proxmark's flexibility as a device, and its Open-Source framework, easily allowing for security professionals to adapt the device to their own requirements.

Proxmark Ving Card Crack DemonstrationProxmark Ving Card Crack Demonstration

Hotel Room Proxmark Master Card

Share this post

← Older Post Newer Post →


Leave a comment

Please note, comments must be approved before they are published.