Referenced Videos: [1040] Fingerprint/RFID Lock Defeated With a Paperclip (Mengqi-Control) • [1040] Fingerprint/RFI... [1052] Defeating a RFID System With The ESPKey • [1052] Bugging an RFID...
КОМЕНТАРІ: 1 100
@firefly52474 роки тому
Here's the craziest part about physical security: you can have isolated readers/access panels, encrypted communications, and encrypted RFID devices... and your employees will hold the door for a criminal who dresses up like an employee and walks up to the door carrying a bunch of heavy boxes.
@Franktek124 роки тому
Or out the door with a truck full.
@MrDgwphotos4 роки тому
Yep, social engineering attacks. The best defense is education on what to look out for.
@thenasadude68784 роки тому
The best defense against such an attack would be defining restricted areas, where maintenance is performed at the request of the staff. This way, only known people would normally access the area, and if someone wants to get in, they will grant or deny access according to schedule
@Aro666pl4 роки тому
or better, if your employees wear a normal suit or business casual clothing, an intruder dressed like that with just confidence can easily infiltrate you if security is loose, twitch has nice pizza every friday for their workers by the way edit: basicaly if you look like you belong here nobody will question if you belong here
@YuureiInu4 роки тому
There are single person entry doors in high security places.
@bardfinn4 роки тому
Nothing on 0011, a little click on 0100, aaand we're open
@ZenoDLC4 роки тому
4bit? At least use a 1byte lock
@TonyCecala4 роки тому
😆
@pozsmith82074 роки тому
I prefer nibble sized locks :^)
@phorzer323 роки тому
8 Bits? 255 Combinations.. Lets rake.. ähm bruteforce it
@ethaman27993 роки тому
I’m disappointed in myself that I understand this comment and all the replies to it
@cenycal4 роки тому
While it isn't technically lockpicking. This series of videos on electronic locks has been very enlightening. Thank you LPL!
@DeeSnow974 роки тому
This is the LockHackingLawyer and what I have for your today...
@WorasLT4 роки тому
@@DeeSnow97 ....is a magnetic door lock that I will try to open with a sponge.
@SirJonathonDanielGregorySrVthe4 роки тому
It's still lockpicking really. It's just RFIDs aren't traditional keys and locks. Which makes sense, because while physical measures are always going to be needed, technical measures are a lot harder to breach. We see here that if it's configured correctly, the only people who could get in would be people who do this for a living and Batman.
@crowley3574 роки тому
@@SirJonathonDanielGregorySrVthe 9 in 10 times it's poorly implemented. Just as locks.
@defilerzerg91524 роки тому
Modern solutions require modern problems
@shady14684 роки тому
Can we all take a moment to appreciate this guy's effort to number every video, so when he mentions a previous videos number it legit takes 2 mins to find 😫🙏❤️
@silentdude56k4 роки тому
BosnianBill does this too. I love it.
@penkatadrums4 роки тому
You don't have to go look for it, it's in the description already...
@HazzySW13 роки тому
" LPL *video number here* " that ain't 2 minutes of work :D
@neissy3 роки тому
It takes roughly the amount of time you need to pick a master lock
@hulksmash34292 роки тому
Isn't 2 minutes a little much? All you gotta do is put summn in like "LockPickingLawyer 729" and it would probably come up first
@darkfent4 роки тому
Video 3000: hacking into pentagon with sheer will
@TheH74694 роки тому
sheer tyranny of will
@mihan2d4 роки тому
Video 4000: obtaining Russian nuclear launch codes using The Force.
@BigNerdSam4 роки тому
Lockpicking Lawyer here, shaming the United States Government's inadequate security standards.
@MrTimequake4 роки тому
Will and a Naruto run
@empteenet4 роки тому
*LPL rubs forehead, "and a click out of one..."
@rjhk764 роки тому
I've got multiple rfid cards in my wallet. Noticed it a while back, my card wouldn't work whilst in my wallet. Glad to know it isn't a false sense of security.
@iWhacko4 роки тому
but it is a false sense of security: storing cards together nd not be able to read them is NOT a real solution. The reason the reader can't read them is because they haven't implemented the protocol correctly. The MiFare protocol DOES allow to read multiple cards, since it has a challenge and response, and after initial contact only the correct card should respond to further queries of the data on the card. I mean, if the attack with the large antenna would be within range of multiple people, or if you have an nfc card in your own pocket, it would be a useless attack ;) So if the protocol is implemented correctly, it hould be able to differentiate between multiple cards
@robinturner23004 роки тому
The phenomenon known as card clash is quite common. I keep several cards in my wallet and they have never worked unless removed. I’m with LPL on this one.
@iWhacko4 роки тому
@@robinturner2300 of course it's definately a thing. But I'm just saying, don't bet on it if you want security. Go for proper shielding instead.
@guitarbillthethird4 роки тому
@@iWhacko agreed. as another bit of anecdata, i have two cards that work flawlessly when they're together. in fact, they were issued by building management in the same sleeve. it's possible (even likely) they use different frequencies/protocols, but blindly trusting that two cards will block each other isn't a good idea.
@b-h-t4 роки тому
@@iWhacko is totally right! I don't have an English video at hand but I think the pictures in this German video are understandable also without text. ukposts.info/have/v-deo/hH2bfISZiaB9pHU.html They tested how easy it is to steal money wirelessly with nfc enabled credit cards and debit cards. Banks downplayed the risk with the same argument: more than 1 card and you are safe. Turned out: You aren't! They randomly tested it with standard mobile payment app and mobile card reader and where able to communicate with cards within the card deck. It's harder to read from piled up cards, but it's not nearly impossible.
@craftminerCZ4 роки тому
I absolutly love the venture you took down the RFID road. I want to add a few things for clarification: TL;DR: If you want to know if your card is secure, hold it up to your NFC enabled phone with a reader app and check the type. Mifare classic and ultralight cards are NOT secure. DESfire ones are. (edit: EV1 ones to be specific, at least they should be, original DESfire was cracked as well) If your phone doesn't read the card, it is NOT secure. (NFC operates on 13.56MHz, if it doesn't read the card, it's a 125kHz one) Use a metal card holder or something of the kind to prevent any kind of reading, take the card out when necessary. Metallic plastic or cardboard will not secure your card completely. Credit card theft is not very common nowadays either, no need to worry. Details: Most cards nowadays are 13.56MHz, whereas the cards in the video seem to be 125kHz. 125kHz simply store the password/ID with no encryption and thus aren't very secure. 13.56MHz cards are the standard because they allow encryption. However, most security systems only rely on the public unecrypted portion of the card data, making it very easy to attack. It is worth noting that storing the cards next to each other will not always prevent a read, certain readers are capable of distinguishing between the cards and read them seperately. This can only be done with 13.56MHz cards because they provide the necessarry anticollision protocol. Not all password protected 13.56Mhz cards are safe tho, only DESfire ones and the like are. Most security systems I've encountered are either simply based on the public ID of the card or the password protected data which can be cracked within minutes with the right kind of setup. Please correct me and/or ask me anything, I love this topic.
@SkippyDa4 роки тому
At the building where work my work is in they still use 125khz, a lot of the access card systems are still using this old.
@lmaoroflcopter4 роки тому
@@SkippyDa mainly in the US. Across the pond in the UK you'll mostly find iclass and desfire.
@markcoleman98924 роки тому
You need a complete Faraday cage to block the RF. The old metallized mylar bags for anti-static packaging of computer boards are quite effective, if you can find one, but remember to fold over the open end to complete the "cage." (Would be fun to see if an old metallized-mylar helium birthday balloon would be effective.) Or wrap it in aluminum foil - not very reusable, though.
@pifflebunk4 роки тому
I thought RFID and NFC were different. Can you explain what the difference is? Its not something I know much about.
@craftminerCZ4 роки тому
@@pifflebunk They are different, but NFC was designed with the 13.56MHz RFID technology in mind. NFC is basically a subset of RFID that was designed for secure data transfer, NFC devices can act like both tags and readers, allowing encrypted communication like paying with your phone. However, NFC devices usually have the protocols of 13.56 RFID available for backwards compatibility, that's why your NFC enabled phone can read an RFID tag of the same frequency.
@kobber694 роки тому
Still waiting for him to open something with a wet french fry
@notbappo24354 роки тому
Bruh fr
@dragonsbreath3894 роки тому
Or just water
@dragonsbreath3894 роки тому
@@Lifter976 oh
@sharkinahat4 роки тому
I'm almost sure there's a gun lock that you can open with a frozen fry, not sure if even LPL can do it with a wet one.
@renakunisaki4 роки тому
@@sharkinahat if it's a Master lock he probably can.
@zierlyn4 роки тому
"This is the LockPickingLawyer, and today I'm going to show you a significant flaw in frontline security. The security guard. With this simple Taser you can pick up off the internet, simply hold the end anywhere on the guard's body, press the button, and you're free to walk right in. In any case..."
@SamBrickell3 роки тому
"I'll show that to you again, so you can see it's not a fluke."
@paul-berlin3 роки тому
Non-destructive testing please :)
@invisusmachina4 роки тому
Heist Crew Leader: "Ok, so you got your homework for today: Todd, make sure you memorize the building schematics. Amanda, talk to your inside friend and confirm the guard rotation schedules. Vladimir, make sure all the gear is set up and ready to go. Jakob, memorize the getaway routes. Also, for the love of God, don't forget to watch LockPickingLawyer!"
@short74404 роки тому
69 likes
@DeeSnow974 роки тому
An elite lockpicker messing up a heist crew's day? That's writing prompt worthy
@pellojones16993 роки тому
Can this read credit cards
@mgabbard4 роки тому
LPL - please continue this series topic by testing some of the purported RFID blocking wallets on the market like the alumi-wallet types and others. It would be interesting to see if their claims are true and if they can degrade the signal from these sniffers enough to thwart these attackers.
@tulk37474 роки тому
I have one. works pretty good. Ive have to open my wallet and press the insides hard against the reader to get it to work. folded won;t work at all
@Rentta4 роки тому
I love my RFID blocking phone case. Has slots for credit cards and also blocks the nfc on my phone at the same time.
@alphatherius4 роки тому
This could make a nice like one-off episode, maybe a bit longer (about 7 to 8min) where he could just try them and cut some of them open or something so we could know what to feel or look for, anyhow, great idea!
@DeeSnow974 роки тому
The best RFID blocking wallet is two cards. Been using that ever since I noticed my credit card doesn't work if it's next to my office badge.
@FFVoyager4 роки тому
Also how well a simple home made block using duct tape and tinfoil works would be fun!
@Hijinkx2k4 роки тому
The road from being a "Lockpicking Lawyer" to becoming a skilled Penetration Tester. Just gotta get the certifications now LPL and it'll just be another career path available to you! Added bonus of being a lot more fun too.
@canudo224 роки тому
Hijinkx2k AFAIK he just likes doing this stuff for fun
@JasperJanssen4 роки тому
Leonardo Ceolin he’s fishing for a retainer from DeviantOllam!
@saulmartinezgallegos9924 роки тому
damn, thats a hell of a job title, terrific!, who wouldnt want to be a penetration tester
@user-pm5nk1xo5q4 роки тому
Sounds like a job title in the porn industry
@0Clewi04 роки тому
@@JasperJanssen The story they had where the guy hugged the guards to get the read
@atticstattic4 роки тому
"That's all I have for you today - BTW, your front door is now open..."
@claudiopiazza34763 роки тому
"1 is ok, 2 is loose, nothing on three, 4 is gone aaand I'm watching you sleeping in your bed"
@robertmudry42424 роки тому
I really like these RFID videos. While watching you pick a lock in less time than it takes most people with the actual key or combination is fun, and I’ve learned a lot from watching you perform your art, these RFID videos are equally fascinating. I certainly don’t speak for anyone besides myself, but I suspect a lot of people who watch your channel are interested in security in general, and these videos certainly tickle that itch!
@YodaMan.4 роки тому
judge: how did you learn this? me: a lawyer taught me.
@steveadamo66932 роки тому
LpL sir, I couldn't express the magnitude of the respect and gratitude I have for you and your channel. Your value is that of a family member to me. The holes I was unaware of in my overall security (business and home ) have for the most part been filled. I literally sleep much much better now and find it easier to relax when I have time to. Thank you so much, thanks again and again sir. May the good lord keep you and your beloved blessed and safe. 👊👍
@timogul4 роки тому
So really, the people who make those RF card blockers should just make them so that they have a built in "RFID card" that is printed with random gibberish.
@marksmod3 роки тому
...and a switch to turn it off when one wants to use the card. Or else it renders the first rfid chip unusable. But then one could just add a switch for the original rfid chip, so yea.
@AndrewBakke2 роки тому
@@marksmod Usually you remove the card from the sleeve when you want to use it, and that's functionally the same thing as a switch only more durable.
@assassinlexx19932 роки тому
I like the fact you could sandwich your card between two other cards.
@abirdnamedsuki4 роки тому
I love watching LockpickingLawyer. It's like Snapple facts: "WOW! That's a cool thing I did not understand before."
@ikemeitz52874 роки тому
Thank you, my dear friend. Your videos have given me both a reason to live and a reason to have life. I eagerly hunger for every new video that you make and I awake to your voice each sunrise. Keep being you, brother. Keep on keeping on being yourself.
@Rr7W2u6PH6UC4 роки тому
Huge fan of the RFID stuff you have been doing lately! Would love to see more.
@davidck14 роки тому
very good serie of videos. last month UBS Bank in Zurich Switzerland upgraded all the access control card readers at every door in its Bank now the cards are read slower and at closer range additionally all employees badges were exchanged without detailed reason... your videos pretty much explains why
@nidhigoyal65584 роки тому
Please continue this series. Make more videos on RFID. This is very enlightening.
@mazdarex74 роки тому
Thanks! You are an excellent presentor and teacher. Your prototype setups are neatly built.
@chrisk8534 роки тому
The information on how well the protective sleeves work by itself made this video excellent 👍
@mr_mr4 роки тому
Whoah, this was already one of my favorite channels. Worlds just overlapped even more. Maybe we'll see you at Defcon? You may want to look into getting a Proxmark 3.
@rysacroft4 роки тому
To paraphrase Mae West; "Is that a gun in your pocket or a RFID reader?"
@chimpmoment1304 роки тому
"paraphrase"
@cericat3 роки тому
They often hide the big ones, which are easier to get covert reads with given the better range, in backpacks or large handbags if the unit is small enough.
@andyrbush3 роки тому
Going to keep multiple cards together from now on. Brilliant advice and video.
@-Nick-T4 роки тому
Lpl, I do low voltage service. Your videos have inspired me. I enjoy finding panels w/out keys and have picked more than 10 simple panel locks with your inspiration! Prior to you my prybar got a lot more action. Fire alarm, burg, access control, cam, voip, fiber, comms, and radio systems on occasion. Thanks for the small fun you have made from a large stress.
@mehpersonguy04 роки тому
Reminds me of Mr. Robot.... (when they're breaking into Steel Mountain, they bump into someone at a coffee shop with a similar RFID reader (in a backpack) to clone the employee's card)
@DomThatDubstep4 роки тому
Fun fact: That pack was actually made by Deviant Ollam and his team. If you're not sure who that is you should lookup red teaming on UKposts. They basically get hired by companies to break into their facilities
@Myx04 роки тому
I work in the EVSE industry as part of a network operator. In my experience, most EV chargers which support RFID don't support query/response protocols. Very easy to clone cards/fobs for EV charging.
@robbruce21284 роки тому
Thanks, I'd wondered how secure or insecure by card was. Hopefully there's some fraud protection incorporated in the system to detect implausible charging amounts or locations to mitigate this risk. Mine reloads $10 at a time from my credit card -- I guess I should ask myself how many reloads would it take _me_ to notice somethings going on?
@ldti4 роки тому
I actually wanted to create a device to legitimately clone those ev tags so you wouldn't have to carry a whole lot of them with you. Unfortunately, I couldn't find a controller that supported user set uuid.
@totallynotacat80884 роки тому
I like that you're starting to make videos on how to protect ourselves and systems. Sure helps keep my peace of mind.
@robertbauer67232 роки тому
LPL, this isn't so much a comment on this video, it's more general about all the vid's of yours. They are fascinating, interesting, and brief. But in their brevity, you pack a lot of information. Techniques, principles, concepts. Your content is eye-opening, disillusioning (a good thing) and so very informative. Thank you
@spowell26654 роки тому
I love the channel and your work. could you, hopefully more than once, show a video where you show your process? like the gun safes, could you show _how_ you figure out the flaws? Thanks.
@worldwide_wes4 роки тому
Dang LPL I didn’t know you were a nerd too, respect!
@sauvagess4 роки тому
While these videos are usually commonplace information and a good review on proper security, I think the first time I was ever blindsided by new information was in here. It had never occurred to me that stacking 2 RFID cards on each other would actually cause readers to fail. Thank you, LPL, for genuinely making my life more secure.
@gregj65424 роки тому
Amazing information as usually LPL. Thank you.
@darrenjackson96464 роки тому
The mad lad has finally done it. He can pick a lock just by walking near it
@sebastiannielsen4 роки тому
Also there is another security solution, that gives pretty great security, but can be done with cheap mifare cards, which a solution, many home door locks use to prevent cloning. That is, that the card either have an encrypted counter. Everytime you open the door, it will write counter + 1 to the card. And also store counter + 1 in database. If you try to open the door with a counter less than the value in database, it will fail to open. Another solution is that it simply writes an random value to the mifare card. This random value must match the one from database. Everytime you use the card, a new random value is written to both card and database. Both of these solutions prevent card cloning in the sense that if either the clone or the original card, is used AFTER it has been cloned, the other one will stop working. This will make the attack very detectable, the reader can easily detect that a counter or random value has been reused, especially after one card actually correctly authenticated with a newer value, and thus it can sound a tamper alarm and even block the card and alert the security to reissue a new card to the employee in question. This means, that even if the cloned card were the one to be used next, thus invalidating the original uncloned card, it would still be detected either by the above alarm, OR that the original card owner complains his card no longer works, and gets it replaced with a new one, or having a new counter value written to it by security, which will now invalidate the cloned card.
@kkoppa4 роки тому
Subscribed only because you are keeping up with the times. I saw your video about 2 years ago to get a lock for my old house. But since then I only carry these RFID keys.
@panayiotisyannopoulos26682 роки тому
LPL is one guy loving his work in a paradigm level of commitment and worthiness.
@chasebh894 роки тому
I remember watching a video where a guy made one of these for credit card skimming and just carried it around in a laptop case while he walked around Ney York. Dude stole +300 credit cards in a couple hours just by walking to Starbucks
@cericat3 роки тому
I'm honestly surprised it doesn't happen more often, the tech isn't very difficult to work with and carries less personal risk for the thief to acquire.
@TainakaRicchan4 роки тому
I have one of those fancy micro wallets with RFID blocking (card holder is basically a hollow block of aluminium. The Readers at our cafeteria cant even read the cards on the outsode of the blocker when in direct contact.
@jima42864 роки тому
The solid aluminum may be a better RF shield than metalized plastic/paper.
@backseatpolitician4 роки тому
I was wondering about that. I have seen ads for wallets like that and I was curious if they work.
@saschaschneider63554 роки тому
@Frank Winkhorst No, they don't. A plane is a Faraday cage and protects you against lightning and I've never seen a 12km long grounding wire. A car is a Farady cage as well although it is grounded as their only ground contact is through tires that are made of isolating material. So if you ever get hit by lightning while in your car avoid touching the outside while getting out because there's a danger that you'll become the ground connection. Electric shielding, on the other hand uses a Faraday cage that is grounded so there will be no built up of electric charge on the outside of the cage. It's a safety measure but not necessary for the cage to work.
@muzzthegreat4 роки тому
I agree on the Can't read thing : I have a credit-card in my phone holder and it won't read - I used-to have a Flip-case for my phone, and the card could be read flipped-out; but it does seem to fail to read when flat-against the phone.
@thenasadude68784 роки тому
@@saschaschneider6355 the cage will work, but a lightning has ground by default (it goes to the ground by itself). There are old demonstrations of Faraday cage effects on cars, and in most videos and photos you can see the artificial lightning will discharge to ground through a rim and around the tire wall. That said, electricity likes to travel on the surface of objects, so a Faraday cage will not require ground
@Black3ternity4 роки тому
Thank you LPL for FINALLY showing one sane person on how your cards are insecure. Everybody goes Ape about how you can read cards from a distance and how for example the contactless banking is bad. But you are the FIRST to show how it does not work when you have a bunch of cards together. I despise the people that have their work-badges around their necks or on the belt like some dog wears a collar. So easy to pick up on and read. I have mine in my i-Clip wallet that basically stacks all cards together. There is just gibberish whenever I present ANY card inside the stack to any reader. Keep up the awesome work and hopefully, people will understand the security flaws and how to protect against these remote attacks.
@hyunjunglee43804 роки тому
Thank you for sharing your wealth of knowledge!
@R_C4204 роки тому
Modify cards so that the RFID is only readable when the card is being pinched in one corner. Use RFID emulation that only occurs on demand rather than always ready.
@Ddub10834 роки тому
The whole idea of the card is that its dumb. If you have to carry around something that has electronics to make it smart and responsive to input, might as well just use a phone with active communication rather than passive with RFID.
@silverfeathered14 роки тому
Does it have to be "smart"? Couldn't the tag have a mechanical engagement that closes the circuit? Possibly two "half" chips that need to be physically connected to produce the effect of the one within the card? A light spring loaded slider, maybe? IDK... Just seems like this tech has been adopted way to readily for all the flaws. Hell, there's cars that unlock and work without ever having to take keys out of your pocket...
@kitemett4 роки тому
Impressive device. thx
@pastychomper49394 роки тому
Many thanks for this video, LPL. I'm enough of a radio nerd to know a reader like that would be an easy build for a lot of amateurs, but I get nowhere trying to explain it to others - I might as well be speaking Elbonian. A demonstration like this is far more instructive than my muddy ramblings. :)
@michaelwoods77703 роки тому
Well thanks for teaching everyone about this vulnerability. Store cards together in a rfid case.
@thesturm86864 роки тому
2:42 oh, i thought it was "how to 'legitimize' your newfound wealth and buy a new villa in the carribeans"
@beriorgar4 роки тому
i never thought multiple cards would confuse a reader like that. good thing i carry 4 different rifd cards with me at all times i guess
@jamminwrenches8604 роки тому
I love it! A man of many talents.
@zach35404 роки тому
Storing RFID cards together is good advice, thanks.
@labboc4 роки тому
Ahhh.... I see where this series is going now. Hoping for an active man in the middle attack next :)
@HelenaOfDetroit4 роки тому
Yep! Looks like that's where it will go next. Hoping he does explain that attack.
@xander04794 роки тому
That's basically what video 1052 is
@labboc4 роки тому
Xander 1052 is more of an eavesdropping/replay attack, and would be foiled by a challenge response system. A proper MITM attack would interactively relay signals through a separate channel and is much harder to defend against. (This kind of attack is mitigated in HTTPS using trusted, centralized certificate authorities)
@londongrace57844 роки тому
This is not Lockpickinglawyer. This is Pentestinglawyer.
@SorenWarner4 роки тому
He's becoming Deviant Ollam V2.0
@unknownentityenthusiast67654 роки тому
LockHackingLawyer
@D34thTh30ry4 роки тому
It's amazing how much I learned from these RFID videos you uploaded recently! I really enjoy this series and love the ways you could attack this system from different points.
@kevinwhite99194 роки тому
Excellent series of vids on these, thanks!
@owensparks50134 роки тому
I so want to play with this at work but fear my IT department would have a sense of humour failure.
@Melds4 роки тому
Probably HR would have more to say to you. :)
@ScottKenny19784 роки тому
Just get security manager to watch this video first and give you permission. Then you have an out for when it and HR have a sense of humor failure.
@gehesnuts24443 роки тому
just smack your boss on the ass
@timberlock2 роки тому
There is anti-colission readers that can read multiple tags at a time.
@Inertia8882 роки тому
I wonder if it would help to program several dummie cards, in order to overwhelm it? I suppose I would have to know how many cards it can read and keep more than that number?
@timberlock2 роки тому
@@Inertia888 They can usually read up to 50 cards simultaneously. But there are only high frequency collision readers available. So they can't read credit cards.
@boggledegop4 роки тому
Fantastic information, thank you! I love that stacking them works, I've unintentionally been protecting myself with my little wallet because I stack my 3 money cards together on the same side!
@ZaneDaMagicPufferDragon4 роки тому
Geez… I installed a system almost completely identical to the system that you’re testing for a mortgage company way back in 2004!!! I’m impressed with how far the technology has come to capture and re-play credentials & cloning cards from a remote scan onto a physical card to be able to make unauthorized access to the lock 🔒 less conspicuous than waving 👋🏻 some huge device or cellphone 📱 in front of the card reader!!! I’m positive that you could have easily gained entry to one remote control door lock on the backdoor because it had its own control system board inside it that you could definitely have opened and then just bridged the contacts to activate the lock opening!!! The main doors on 3 floors of this 10 story building were just simple readers and could not be used directly to activate the lock opening because the controls were not near the door they were in the utility closet of the 3rd & 10th floors & in the IT Server Room on the 1st floor, except for the backdoor, and had separate wires from the server room/utility closets which would activate the lock opening remotely and separately from the reader mechanism!!!
@zmanjace13644 роки тому
So by keeping that old hotel room key in my wallet with my work ID has inadvertently scrambled the data. Nice. Also explains why I have to take it.out of my wallet to get the door open....
@cavaniscool4 роки тому
RFID blockers are fine, but our cards are also Ids that we have to have on display at all time
@Asdayasman4 роки тому
Put another RFID card behind it in your lanyard. Doesn't obscure the view, but garbles the data.
@shawnheidingsfelder81794 роки тому
Either that, or simply wearing the card on your chest, where it's supposed to be, rather than on your belt, like many folks would prefer to do, would raise the card out of the read range of devices like this, if they were carried in a bag (maybe not a backpack). There are always little things we can do to make life harder on the bad guys.
@jayrodathome4 роки тому
Asdayasman but then wouldn’t you always have to take the card out to use it? I mean not that big of a deal just a pain.
@SerbanCMusca-ut8ny4 роки тому
@@Asdayasman If you do that, you'd need to take out your "good" card in order to use it. Kinda defeats the purpose. Just sayin'
@Hello71b4 роки тому
@@jayrodathome ... so I guess keychains are also too complicated to use?
@penfold78004 роки тому
Excellent advice for standard cards. Possibly explains why I've seen suspicious looking people with square profile shoulder bags recently. It's truly scary what shows up on online auction websites these days.
@aeueeaia4 роки тому
I really like the expansion of your channel to include electronic security as well as that outdoor brute force attack video
@callmememe13084 роки тому
Could anything like this be used on contactless credit /debit cards? Also, would you be able to test some popular 'RFID blocking' wallets to see if they actually work?
@MattTrevett4 роки тому
I believe that the credit cards use a challenge and response system. They don't simply broadcast the same value every time. Instead, an encrypted number will be generated using a private and public key and only someone who knows the key can come up with the correct response to the challenge.
@theananyo4 роки тому
I really thought this was leading up to a ridge sponsorship.
@Jack-tu5zf3 роки тому
The ridge wallet is all I was thinking about while watching the video.
@MKurrPhoto4 роки тому
I am glad to see videos on safes and RFID as well as lockpicking!
@MKurrPhoto4 роки тому
Not that I like RFID...
@user-rw3qq2sr1z4 роки тому
Great info, LPL !
@DugrozReports4 роки тому
Do credit cards with a built-in contactless feature have this same vulnerability?
@Melds4 роки тому
Some passports, too. There's a foil blocker in the cover.
@megazenn224 роки тому
So can I use an Amiibo card to protect my bank card? thanks Nintendo!
@FrancisSims4 роки тому
I'm wondering the same thing. It seems like if you stick it on your card then the card won't work, but if you stick it on your card holder, that might be a good deterrent...
@coreybrowngaming6204 роки тому
No, other way around is a much better use jk
@renakunisaki4 роки тому
Ironic, Amiibo being used to _prevent_ money from leaving wallets.
@reltihfloda21754 роки тому
Thanks, now this will make things much easier.
@GranRey-04 роки тому
I have a card holder I made out of leather a few years ago that just stores all my cards in a lump, so I'm glad it's preventing something, even if unintentional.
@justsayin91924 роки тому
Can you show us how thieves stealing cars using bags or suitcases with transmitting devices?
@eriqjo4 роки тому
You've been spending too much time with Deviant Ollam :)
@signoutdk4 роки тому
I'm not sure that's possible :)
@CrazyDanishHacker4 роки тому
Pretty sure it was not Deviant Ollam who came up with this method, see e.g. hackaday.com/2013/11/03/rfid-reader-snoops-cards-from-3-feet-away/ which I used during an assignment 6-7 years ago.
@JasperJanssen4 роки тому
Crazy Danish Hacker ... and what does the originator have to do with it? DeviantOllam has been showcasing precisely this vulnerability with what looked like the exact same reader.
@ScottKenny19784 роки тому
I'm pretty sure than any time spent with devollam and LPL is time well spent. I would love to buy them a drink or two for stories.
@russellhltn13964 роки тому
I don't think it was too much at all. I like the direction the channel is going.
@deanhankio63042 роки тому
Thanks for the tip. I was using one of those supposedly protectors
@mahalo98984 роки тому
Very informative, keep up the great videos
@andriworld4 роки тому
Why do I have this feeling that this UKposts video just read all of my RFIDs?
@NeelNarayan4 роки тому
"This is the LockPicking Lawyer... That's all i have for you today .. Have a Nice day"
@thesyndicate90524 роки тому
I don’t usually leave comments on videos but I would like to on this one, ive taken up pock picking g as a hobby because of this channel and I would love to tell you how much I love it! LPL you make amazing videos and they entertain me for hours upon end. Thank you for the amazing content, and as always have a nice day!
@GrenadierOverlander4 роки тому
I am glad you are one of the smart ones.
@jarosawksiazczyk30824 роки тому
Amazing how unsafe behavior - having all the cards stacked together due to convenience - is actually a safety measure.
@CalleSoderberg4 роки тому
So by issuing two different cards to every employee and tell them to store them together you immediately defeat this flaw?
@JasperJanssen4 роки тому
Between bank cards, ID cards/passports, access passes, public transit passes, and a few others, almost all wallets are pretty much covered.
@Melds4 роки тому
On some readers. But the protocol is designed to read a whole pallet of RFID-tagged items at once.
@thenasadude68784 роки тому
No because they will have to take them apart to get read by the intended reader. Most employees will understand that one of the cards is a dummy and will leave it at their desk or at home
@JasperJanssen4 роки тому
TheNasaDude different doors requiring different cards.
@benjaminl57074 роки тому
Great video. I've been using these card sleeves for months and wondered how effective they are.
@serhancinar52183 роки тому
Fantastic video as always
@sonic2000gr4 роки тому
"This is the Electronics Tinkering Lawyer..."
@notangryatanyone4 роки тому
When does this guy have time to practice law??
@jlust66604 роки тому
Maybe that's why all the videos are shorter than 5 minutes
@stevenrichards15394 роки тому
LPL: Your honor I need a continuance Judge: whoa. LPL: yeah your honor Bosnian Bill sent me a challenge lock Judge: I give you a short recess. LPL: your honor, I withdraw my request, plaintiff is ready for trial. And that's all have for you today.
@hook2k3 роки тому
well, average of 2 min per vid? 3h of work/week = ~90 videos recorded. Almost zero editing. 2h to publish and schedule on YT = 3 months worth of videos in a less than a day of work, tadam!
@SteamCrane3 роки тому
He retired from law, at least for now.
@JohnDoesGarage4 роки тому
As much as I enjoy watching you humiliate lock manufacturers by effortlessly opening their poor excuses for locks, I’m equally enjoying videos like this. Thank you for taking the time to make them.
@danielroglich33094 роки тому
Awesome video, thanks again
@pedrowhack-a-mole67864 роки тому
I never did trust RFID as secure for the very reasons you show.
@Alyxif4 роки тому
Soo, i can just put my cards in those protective covers, and on top of had another worthless card without it as a bait...
@jxhnblazed5414 роки тому
The 10 series is wonderful!
@nephco4 роки тому
Good advice!
@solitare46024 роки тому
Remember not to touch 2 Black Boxes together or they'll explode. /jk
@matthewbrough1238904 роки тому
Nice to see you've been branching out in recent videos
@sooobyrooo57634 роки тому
Really informative and useful thank you so much.
@rbrtkayser4 роки тому
Just want to say I love these types of videos
@alexandersillan81392 роки тому
Thanks for the safety notice
@alexflips3934 роки тому
Awesome I always keep my cards together.
@elaroil4 роки тому
I love the occasional electronic videos. Make more of them!