Here's the craziest part about physical security: you can have isolated readers/access panels, encrypted communications, and encrypted RFID devices... and your employees will hold the door for a criminal who dresses up like an employee and walks up to the door carrying a bunch of heavy boxes.

Nothing on 0011, a little click on 0100, aaand we're open

While it isn't technically lockpicking. This series of videos on electronic locks has been very enlightening. Thank you LPL!

Can we all take a moment to appreciate this guy's effort to number every video, so when he mentions a previous videos number it legit takes 2 mins to find 😫🙏❤️

Video 3000: hacking into pentagon with sheer will

I've got multiple rfid cards in my wallet. Noticed it a while back, my card wouldn't work whilst in my wallet. Glad to know it isn't a false sense of security.

I absolutly love the venture you took down the RFID road. I want to add a few things for clarification: TL;DR: If you want to know if your card is secure, hold it up to your NFC enabled phone with a reader app and check the type. Mifare classic and ultralight cards are NOT secure. DESfire ones are. (edit: EV1 ones to be specific, at least they should be, original DESfire was cracked as well) If your phone doesn't read the card, it is NOT secure. (NFC operates on 13.56MHz, if it doesn't read the card, it's a 125kHz one) Use a metal card holder or something of the kind to prevent any kind of reading, take the card out when necessary. Metallic plastic or cardboard will not secure your card completely. Credit card theft is not very common nowadays either, no need to worry. Details: Most cards nowadays are 13.56MHz, whereas the cards in the video seem to be 125kHz. 125kHz simply store the password/ID with no encryption and thus aren't very secure. 13.56MHz cards are the standard because they allow encryption. However, most security systems only rely on the public unecrypted portion of the card data, making it very easy to attack. It is worth noting that storing the cards next to each other will not always prevent a read, certain readers are capable of distinguishing between the cards and read them seperately. This can only be done with 13.56MHz cards because they provide the necessarry anticollision protocol. Not all password protected 13.56Mhz cards are safe tho, only DESfire ones and the like are. Most security systems I've encountered are either simply based on the public ID of the card or the password protected data which can be cracked within minutes with the right kind of setup. Please correct me and/or ask me anything, I love this topic.

Still waiting for him to open something with a wet french fry

"This is the LockPickingLawyer, and today I'm going to show you a significant flaw in frontline security. The security guard. With this simple Taser you can pick up off the internet, simply hold the end anywhere on the guard's body, press the button, and you're free to walk right in. In any case..."

Heist Crew Leader: "Ok, so you got your homework for today: Todd, make sure you memorize the building schematics. Amanda, talk to your inside friend and confirm the guard rotation schedules. Vladimir, make sure all the gear is set up and ready to go. Jakob, memorize the getaway routes. Also, for the love of God, don't forget to watch LockPickingLawyer!"

LPL - please continue this series topic by testing some of the purported RFID blocking wallets on the market like the alumi-wallet types and others. It would be interesting to see if their claims are true and if they can degrade the signal from these sniffers enough to thwart these attackers.

The road from being a "Lockpicking Lawyer" to becoming a skilled Penetration Tester. Just gotta get the certifications now LPL and it'll just be another career path available to you! Added bonus of being a lot more fun too.

"That's all I have for you today - BTW, your front door is now open..."

I really like these RFID videos. While watching you pick a lock in less time than it takes most people with the actual key or combination is fun, and I’ve learned a lot from watching you perform your art, these RFID videos are equally fascinating. I certainly don’t speak for anyone besides myself, but I suspect a lot of people who watch your channel are interested in security in general, and these videos certainly tickle that itch!

judge: how did you learn this? me: a lawyer taught me.

LpL sir, I couldn't express the magnitude of the respect and gratitude I have for you and your channel. Your value is that of a family member to me. The holes I was unaware of in my overall security (business and home ) have for the most part been filled. I literally sleep much much better now and find it easier to relax when I have time to. Thank you so much, thanks again and again sir. May the good lord keep you and your beloved blessed and safe. 👊👍

So really, the people who make those RF card blockers should just make them so that they have a built in "RFID card" that is printed with random gibberish.

I love watching LockpickingLawyer. It's like Snapple facts: "WOW! That's a cool thing I did not understand before."

Thank you, my dear friend. Your videos have given me both a reason to live and a reason to have life. I eagerly hunger for every new video that you make and I awake to your voice each sunrise. Keep being you, brother. Keep on keeping on being yourself.

Huge fan of the RFID stuff you have been doing lately! Would love to see more.

very good serie of videos. last month UBS Bank in Zurich Switzerland upgraded all the access control card readers at every door in its Bank now the cards are read slower and at closer range additionally all employees badges were exchanged without detailed reason... your videos pretty much explains why

Please continue this series. Make more videos on RFID. This is very enlightening.

Thanks! You are an excellent presentor and teacher. Your prototype setups are neatly built.

The information on how well the protective sleeves work by itself made this video excellent 👍

Whoah, this was already one of my favorite channels. Worlds just overlapped even more. Maybe we'll see you at Defcon? You may want to look into getting a Proxmark 3.

To paraphrase Mae West; "Is that a gun in your pocket or a RFID reader?"

Going to keep multiple cards together from now on. Brilliant advice and video.

Lpl, I do low voltage service. Your videos have inspired me. I enjoy finding panels w/out keys and have picked more than 10 simple panel locks with your inspiration! Prior to you my prybar got a lot more action. Fire alarm, burg, access control, cam, voip, fiber, comms, and radio systems on occasion. Thanks for the small fun you have made from a large stress.

Reminds me of Mr. Robot.... (when they're breaking into Steel Mountain, they bump into someone at a coffee shop with a similar RFID reader (in a backpack) to clone the employee's card)

I work in the EVSE industry as part of a network operator. In my experience, most EV chargers which support RFID don't support query/response protocols. Very easy to clone cards/fobs for EV charging.

I like that you're starting to make videos on how to protect ourselves and systems. Sure helps keep my peace of mind.

LPL, this isn't so much a comment on this video, it's more general about all the vid's of yours. They are fascinating, interesting, and brief. But in their brevity, you pack a lot of information. Techniques, principles, concepts. Your content is eye-opening, disillusioning (a good thing) and so very informative. Thank you

I love the channel and your work. could you, hopefully more than once, show a video where you show your process? like the gun safes, could you show _how_ you figure out the flaws? Thanks.

Dang LPL I didn’t know you were a nerd too, respect!

While these videos are usually commonplace information and a good review on proper security, I think the first time I was ever blindsided by new information was in here. It had never occurred to me that stacking 2 RFID cards on each other would actually cause readers to fail. Thank you, LPL, for genuinely making my life more secure.

Amazing information as usually LPL. Thank you.

The mad lad has finally done it. He can pick a lock just by walking near it

Also there is another security solution, that gives pretty great security, but can be done with cheap mifare cards, which a solution, many home door locks use to prevent cloning. That is, that the card either have an encrypted counter. Everytime you open the door, it will write counter + 1 to the card. And also store counter + 1 in database. If you try to open the door with a counter less than the value in database, it will fail to open. Another solution is that it simply writes an random value to the mifare card. This random value must match the one from database. Everytime you use the card, a new random value is written to both card and database. Both of these solutions prevent card cloning in the sense that if either the clone or the original card, is used AFTER it has been cloned, the other one will stop working. This will make the attack very detectable, the reader can easily detect that a counter or random value has been reused, especially after one card actually correctly authenticated with a newer value, and thus it can sound a tamper alarm and even block the card and alert the security to reissue a new card to the employee in question. This means, that even if the cloned card were the one to be used next, thus invalidating the original uncloned card, it would still be detected either by the above alarm, OR that the original card owner complains his card no longer works, and gets it replaced with a new one, or having a new counter value written to it by security, which will now invalidate the cloned card.

Subscribed only because you are keeping up with the times. I saw your video about 2 years ago to get a lock for my old house. But since then I only carry these RFID keys.

LPL is one guy loving his work in a paradigm level of commitment and worthiness.

I remember watching a video where a guy made one of these for credit card skimming and just carried it around in a laptop case while he walked around Ney York. Dude stole +300 credit cards in a couple hours just by walking to Starbucks

I have one of those fancy micro wallets with RFID blocking (card holder is basically a hollow block of aluminium. The Readers at our cafeteria cant even read the cards on the outsode of the blocker when in direct contact.

Thank you LPL for FINALLY showing one sane person on how your cards are insecure. Everybody goes Ape about how you can read cards from a distance and how for example the contactless banking is bad. But you are the FIRST to show how it does not work when you have a bunch of cards together. I despise the people that have their work-badges around their necks or on the belt like some dog wears a collar. So easy to pick up on and read. I have mine in my i-Clip wallet that basically stacks all cards together. There is just gibberish whenever I present ANY card inside the stack to any reader. Keep up the awesome work and hopefully, people will understand the security flaws and how to protect against these remote attacks.

Thank you for sharing your wealth of knowledge!

Modify cards so that the RFID is only readable when the card is being pinched in one corner. Use RFID emulation that only occurs on demand rather than always ready.

Impressive device. thx

Many thanks for this video, LPL. I'm enough of a radio nerd to know a reader like that would be an easy build for a lot of amateurs, but I get nowhere trying to explain it to others - I might as well be speaking Elbonian. A demonstration like this is far more instructive than my muddy ramblings. :)

Well thanks for teaching everyone about this vulnerability. Store cards together in a rfid case.

2:42 oh, i thought it was "how to 'legitimize' your newfound wealth and buy a new villa in the carribeans"

i never thought multiple cards would confuse a reader like that. good thing i carry 4 different rifd cards with me at all times i guess

I love it! A man of many talents.

Storing RFID cards together is good advice, thanks.

Ahhh.... I see where this series is going now. Hoping for an active man in the middle attack next :)

This is not Lockpickinglawyer. This is Pentestinglawyer.

It's amazing how much I learned from these RFID videos you uploaded recently! I really enjoy this series and love the ways you could attack this system from different points.

Excellent series of vids on these, thanks!

I so want to play with this at work but fear my IT department would have a sense of humour failure.

There is anti-colission readers that can read multiple tags at a time.

Fantastic information, thank you! I love that stacking them works, I've unintentionally been protecting myself with my little wallet because I stack my 3 money cards together on the same side!

Geez… I installed a system almost completely identical to the system that you’re testing for a mortgage company way back in 2004!!! I’m impressed with how far the technology has come to capture and re-play credentials & cloning cards from a remote scan onto a physical card to be able to make unauthorized access to the lock 🔒 less conspicuous than waving 👋🏻 some huge device or cellphone 📱 in front of the card reader!!! I’m positive that you could have easily gained entry to one remote control door lock on the backdoor because it had its own control system board inside it that you could definitely have opened and then just bridged the contacts to activate the lock opening!!! The main doors on 3 floors of this 10 story building were just simple readers and could not be used directly to activate the lock opening because the controls were not near the door they were in the utility closet of the 3rd & 10th floors & in the IT Server Room on the 1st floor, except for the backdoor, and had separate wires from the server room/utility closets which would activate the lock opening remotely and separately from the reader mechanism!!!

So by keeping that old hotel room key in my wallet with my work ID has inadvertently scrambled the data. Nice. Also explains why I have to take it.out of my wallet to get the door open....

RFID blockers are fine, but our cards are also Ids that we have to have on display at all time

Excellent advice for standard cards. Possibly explains why I've seen suspicious looking people with square profile shoulder bags recently. It's truly scary what shows up on online auction websites these days.

I really like the expansion of your channel to include electronic security as well as that outdoor brute force attack video

Could anything like this be used on contactless credit /debit cards? Also, would you be able to test some popular 'RFID blocking' wallets to see if they actually work?

I really thought this was leading up to a ridge sponsorship.

I am glad to see videos on safes and RFID as well as lockpicking!

Great info, LPL !

Do credit cards with a built-in contactless feature have this same vulnerability?

So can I use an Amiibo card to protect my bank card? thanks Nintendo!

Thanks, now this will make things much easier.

I have a card holder I made out of leather a few years ago that just stores all my cards in a lump, so I'm glad it's preventing something, even if unintentional.

Can you show us how thieves stealing cars using bags or suitcases with transmitting devices?

You've been spending too much time with Deviant Ollam :)

Thanks for the tip. I was using one of those supposedly protectors

Very informative, keep up the great videos

Why do I have this feeling that this UKposts video just read all of my RFIDs?

"This is the LockPicking Lawyer... That's all i have for you today .. Have a Nice day"

I don’t usually leave comments on videos but I would like to on this one, ive taken up pock picking g as a hobby because of this channel and I would love to tell you how much I love it! LPL you make amazing videos and they entertain me for hours upon end. Thank you for the amazing content, and as always have a nice day!

I am glad you are one of the smart ones.

Amazing how unsafe behavior - having all the cards stacked together due to convenience - is actually a safety measure.

So by issuing two different cards to every employee and tell them to store them together you immediately defeat this flaw?

Great video. I've been using these card sleeves for months and wondered how effective they are.

Fantastic video as always

"This is the Electronics Tinkering Lawyer..."

When does this guy have time to practice law??

As much as I enjoy watching you humiliate lock manufacturers by effortlessly opening their poor excuses for locks, I’m equally enjoying videos like this. Thank you for taking the time to make them.

Awesome video, thanks again

I never did trust RFID as secure for the very reasons you show.

Soo, i can just put my cards in those protective covers, and on top of had another worthless card without it as a bait...

The 10 series is wonderful!

Good advice!

Remember not to touch 2 Black Boxes together or they'll explode. /jk

Nice to see you've been branching out in recent videos

Really informative and useful thank you so much.

Just want to say I love these types of videos

Thanks for the safety notice

Awesome I always keep my cards together.

I love the occasional electronic videos. Make more of them!

Dude...really good info. Cheers!