Social Engineering

As an opportunistic hobby I will occasionally engineer my way into “illicit” access to my own stuff as reminder of how vulnerable I am to shenanigans.

Tonight I returned to my hotel room and found my key card unwilling to open my door. It was not that authorization had failed, but rather authentication, as neither the red nor green light came on. I reduced the theory space to a fried card by swiping it on someone else’s door which also gave no recognition of it. I suppose it could also have been that _all_ readers were dead, but that seemed unlikely as there was not a line of irate guests at the front desk as I passed it moments earlier. And I suppose it could have been awkward if that room’s occupants had showed up just as I swiped at their door, but #whatevs.

“I think my card is fried, room XXX”, I said, and handed it to the desk attendant. “Name?”, he asked. “Andrew”, I replied, giving as little information as possible, and not offering my ID, which he did not request. “Oh, yeah, totally dead. You put it next to a phone or something?”, he remarked. “Maybe. Not sure”, I replied noncommittally. He programmed up a new card and handed it over, no more questions asked.

I looked at the physical card afterward. There is no identifier imprinted on it.

So I am pretty sure all I need to go into any arbitrary room in this hotel is knowledge of someone’s name and a room card over which I have dragged a magnet.

The things a less scrupulous person could do with so little… Maybe snoop the guest ahead of you for their name and have access to a card that was “lost” from a previous visit? In you go. Maybe not worth the trouble to steal someone’s wallet. But maybe to leave a little Novichok behind?

Leave a Reply