Here's the craziest part about physical security: you can have isolated readers/access panels, encrypted communications, and encrypted RFID devices... and your employees will hold the door for a criminal who dresses up like an employee and walks up to the door carrying a bunch of heavy boxes.

@Franktek12

4 жыл бұрын

Or out the door with a truck full.

@MrDgwphotos

4 жыл бұрын

Yep, social engineering attacks. The best defense is education on what to look out for.

@thenasadude6878

4 жыл бұрын

The best defense against such an attack would be defining restricted areas, where maintenance is performed at the request of the staff. This way, only known people would normally access the area, and if someone wants to get in, they will grant or deny access according to schedule

@Aro666pl

4 жыл бұрын

or better, if your employees wear a normal suit or business casual clothing, an intruder dressed like that with just confidence can easily infiltrate you if security is loose, twitch has nice pizza every friday for their workers by the way edit: basicaly if you look like you belong here nobody will question if you belong here

@YuureiInu

4 жыл бұрын

There are single person entry doors in high security places.

Can we all take a moment to appreciate this guy's effort to number every video, so when he mentions a previous videos number it legit takes 2 mins to find 😫🙏❤️

@silentdude56k

4 жыл бұрын

BosnianBill does this too. I love it.

@penkatadrums

4 жыл бұрын

You don't have to go look for it, it's in the description already...

@HazzySW1

3 жыл бұрын

" LPL *video number here* " that ain't 2 minutes of work :D

@neissy

3 жыл бұрын

It takes roughly the amount of time you need to pick a master lock

@hulksmash3429

3 жыл бұрын

Isn't 2 minutes a little much? All you gotta do is put summn in like "LockPickingLawyer 729" and it would probably come up first

While it isn't technically lockpicking. This series of videos on electronic locks has been very enlightening. Thank you LPL!

@DeeSnow97

4 жыл бұрын

This is the LockHackingLawyer and what I have for your today...

@WorasLT

4 жыл бұрын

@@DeeSnow97 ....is a magnetic door lock that I will try to open with a sponge.

@SirJonathonDanielGregorySrVthe

4 жыл бұрын

It's still lockpicking really. It's just RFIDs aren't traditional keys and locks. Which makes sense, because while physical measures are always going to be needed, technical measures are a lot harder to breach. We see here that if it's configured correctly, the only people who could get in would be people who do this for a living and Batman.

@crowley357

4 жыл бұрын

@@SirJonathonDanielGregorySrVthe 9 in 10 times it's poorly implemented. Just as locks.

@defilerzerg9152

4 жыл бұрын

Modern solutions require modern problems

Nothing on 0011, a little click on 0100, aaand we're open

@ZenoDLC

4 жыл бұрын

4bit? At least use a 1byte lock

@TonyCecala

4 жыл бұрын

😆

@pozsmith8207

4 жыл бұрын

I prefer nibble sized locks :^)

@phorzer32

3 жыл бұрын

8 Bits? 255 Combinations.. Lets rake.. ähm bruteforce it

@ethaman2799

3 жыл бұрын

I’m disappointed in myself that I understand this comment and all the replies to it

Video 3000: hacking into pentagon with sheer will

@TheH7469

4 жыл бұрын

sheer tyranny of will

@mihan2d

4 жыл бұрын

Video 4000: obtaining Russian nuclear launch codes using The Force.

@BigNerdSam

4 жыл бұрын

Lockpicking Lawyer here, shaming the United States Government's inadequate security standards.

@MrTimequake

4 жыл бұрын

Will and a Naruto run

@empteenet

4 жыл бұрын

*LPL rubs forehead, "and a click out of one..."

I've got multiple rfid cards in my wallet. Noticed it a while back, my card wouldn't work whilst in my wallet. Glad to know it isn't a false sense of security.

@iWhacko

4 жыл бұрын

but it is a false sense of security: storing cards together nd not be able to read them is NOT a real solution. The reason the reader can't read them is because they haven't implemented the protocol correctly. The MiFare protocol DOES allow to read multiple cards, since it has a challenge and response, and after initial contact only the correct card should respond to further queries of the data on the card. I mean, if the attack with the large antenna would be within range of multiple people, or if you have an nfc card in your own pocket, it would be a useless attack ;) So if the protocol is implemented correctly, it hould be able to differentiate between multiple cards

@robinturner2300

4 жыл бұрын

The phenomenon known as card clash is quite common. I keep several cards in my wallet and they have never worked unless removed. I’m with LPL on this one.

@iWhacko

4 жыл бұрын

@@robinturner2300 of course it's definately a thing. But I'm just saying, don't bet on it if you want security. Go for proper shielding instead.

@guitarbillthethird

4 жыл бұрын

@@iWhacko agreed. as another bit of anecdata, i have two cards that work flawlessly when they're together. in fact, they were issued by building management in the same sleeve. it's possible (even likely) they use different frequencies/protocols, but blindly trusting that two cards will block each other isn't a good idea.

@b-h-t

4 жыл бұрын

@@iWhacko is totally right! I don't have an English video at hand but I think the pictures in this German video are understandable also without text. kzread.info/dash/bejne/foGeqrCbgs2yc6Q.html They tested how easy it is to steal money wirelessly with nfc enabled credit cards and debit cards. Banks downplayed the risk with the same argument: more than 1 card and you are safe. Turned out: You aren't! They randomly tested it with standard mobile payment app and mobile card reader and where able to communicate with cards within the card deck. It's harder to read from piled up cards, but it's not nearly impossible.

I absolutly love the venture you took down the RFID road. I want to add a few things for clarification: TL;DR: If you want to know if your card is secure, hold it up to your NFC enabled phone with a reader app and check the type. Mifare classic and ultralight cards are NOT secure. DESfire ones are. (edit: EV1 ones to be specific, at least they should be, original DESfire was cracked as well) If your phone doesn't read the card, it is NOT secure. (NFC operates on 13.56MHz, if it doesn't read the card, it's a 125kHz one) Use a metal card holder or something of the kind to prevent any kind of reading, take the card out when necessary. Metallic plastic or cardboard will not secure your card completely. Credit card theft is not very common nowadays either, no need to worry. Details: Most cards nowadays are 13.56MHz, whereas the cards in the video seem to be 125kHz. 125kHz simply store the password/ID with no encryption and thus aren't very secure. 13.56MHz cards are the standard because they allow encryption. However, most security systems only rely on the public unecrypted portion of the card data, making it very easy to attack. It is worth noting that storing the cards next to each other will not always prevent a read, certain readers are capable of distinguishing between the cards and read them seperately. This can only be done with 13.56MHz cards because they provide the necessarry anticollision protocol. Not all password protected 13.56Mhz cards are safe tho, only DESfire ones and the like are. Most security systems I've encountered are either simply based on the public ID of the card or the password protected data which can be cracked within minutes with the right kind of setup. Please correct me and/or ask me anything, I love this topic.

@SkippyDa

4 жыл бұрын

At the building where work my work is in they still use 125khz, a lot of the access card systems are still using this old.

@lmaoroflcopter

4 жыл бұрын

@@SkippyDa mainly in the US. Across the pond in the UK you'll mostly find iclass and desfire.

@markcoleman9892

4 жыл бұрын

You need a complete Faraday cage to block the RF. The old metallized mylar bags for anti-static packaging of computer boards are quite effective, if you can find one, but remember to fold over the open end to complete the "cage." (Would be fun to see if an old metallized-mylar helium birthday balloon would be effective.) Or wrap it in aluminum foil - not very reusable, though.

@pifflebunk

4 жыл бұрын

I thought RFID and NFC were different. Can you explain what the difference is? Its not something I know much about.

@craftminerCZ

4 жыл бұрын

@@pifflebunk They are different, but NFC was designed with the 13.56MHz RFID technology in mind. NFC is basically a subset of RFID that was designed for secure data transfer, NFC devices can act like both tags and readers, allowing encrypted communication like paying with your phone. However, NFC devices usually have the protocols of 13.56 RFID available for backwards compatibility, that's why your NFC enabled phone can read an RFID tag of the same frequency.

"This is the LockPickingLawyer, and today I'm going to show you a significant flaw in frontline security. The security guard. With this simple Taser you can pick up off the internet, simply hold the end anywhere on the guard's body, press the button, and you're free to walk right in. In any case..."

@SamBrickell

3 жыл бұрын

"I'll show that to you again, so you can see it's not a fluke."

@paul-berlin

3 жыл бұрын

Non-destructive testing please :)

Still waiting for him to open something with a wet french fry

@notbappo2435

4 жыл бұрын

Bruh fr

@dragonsbreath389

4 жыл бұрын

Or just water

@dragonsbreath389

4 жыл бұрын

@@Lifter976 oh

@sharkinahat

4 жыл бұрын

I'm almost sure there's a gun lock that you can open with a frozen fry, not sure if even LPL can do it with a wet one.

@renakunisaki

4 жыл бұрын

@@sharkinahat if it's a Master lock he probably can.

LPL - please continue this series topic by testing some of the purported RFID blocking wallets on the market like the alumi-wallet types and others. It would be interesting to see if their claims are true and if they can degrade the signal from these sniffers enough to thwart these attackers.

@tulk3747

4 жыл бұрын

I have one. works pretty good. Ive have to open my wallet and press the insides hard against the reader to get it to work. folded won;t work at all

@Rentta

4 жыл бұрын

I love my RFID blocking phone case. Has slots for credit cards and also blocks the nfc on my phone at the same time.

@alphatherius

4 жыл бұрын

This could make a nice like one-off episode, maybe a bit longer (about 7 to 8min) where he could just try them and cut some of them open or something so we could know what to feel or look for, anyhow, great idea!

@DeeSnow97

4 жыл бұрын

The best RFID blocking wallet is two cards. Been using that ever since I noticed my credit card doesn't work if it's next to my office badge.

@FFVoyager

4 жыл бұрын

Also how well a simple home made block using duct tape and tinfoil works would be fun!

Heist Crew Leader: "Ok, so you got your homework for today: Todd, make sure you memorize the building schematics. Amanda, talk to your inside friend and confirm the guard rotation schedules. Vladimir, make sure all the gear is set up and ready to go. Jakob, memorize the getaway routes. Also, for the love of God, don't forget to watch LockPickingLawyer!"

@short7440

4 жыл бұрын

69 likes

@DeeSnow97

4 жыл бұрын

An elite lockpicker messing up a heist crew's day? That's writing prompt worthy

@pellojones1699

3 жыл бұрын

Can this read credit cards

The road from being a "Lockpicking Lawyer" to becoming a skilled Penetration Tester. Just gotta get the certifications now LPL and it'll just be another career path available to you! Added bonus of being a lot more fun too.

@canudo22

4 жыл бұрын

Hijinkx2k AFAIK he just likes doing this stuff for fun

@JasperJanssen

4 жыл бұрын

Leonardo Ceolin he’s fishing for a retainer from DeviantOllam!

@saulmartinezgallegos992

4 жыл бұрын

damn, thats a hell of a job title, terrific!, who wouldnt want to be a penetration tester

@user-pm5nk1xo5q

4 жыл бұрын

Sounds like a job title in the porn industry

@0Clewi0

4 жыл бұрын

@@JasperJanssen The story they had where the guy hugged the guards to get the read

I love watching LockpickingLawyer. It's like Snapple facts: "WOW! That's a cool thing I did not understand before."

judge: how did you learn this? me: a lawyer taught me.

"That's all I have for you today - BTW, your front door is now open..."

@claudiopiazza3476

3 жыл бұрын

"1 is ok, 2 is loose, nothing on three, 4 is gone aaand I'm watching you sleeping in your bed"

very good serie of videos. last month UBS Bank in Zurich Switzerland upgraded all the access control card readers at every door in its Bank now the cards are read slower and at closer range additionally all employees badges were exchanged without detailed reason... your videos pretty much explains why

So really, the people who make those RF card blockers should just make them so that they have a built in "RFID card" that is printed with random gibberish.

@marksmod

3 жыл бұрын

...and a switch to turn it off when one wants to use the card. Or else it renders the first rfid chip unusable. But then one could just add a switch for the original rfid chip, so yea.

@AndrewBakke

2 жыл бұрын

@@marksmod Usually you remove the card from the sleeve when you want to use it, and that's functionally the same thing as a switch only more durable.

@assassinlexx1993

2 жыл бұрын

I like the fact you could sandwich your card between two other cards.

I really like these RFID videos. While watching you pick a lock in less time than it takes most people with the actual key or combination is fun, and I’ve learned a lot from watching you perform your art, these RFID videos are equally fascinating. I certainly don’t speak for anyone besides myself, but I suspect a lot of people who watch your channel are interested in security in general, and these videos certainly tickle that itch!

LpL sir, I couldn't express the magnitude of the respect and gratitude I have for you and your channel. Your value is that of a family member to me. The holes I was unaware of in my overall security (business and home ) have for the most part been filled. I literally sleep much much better now and find it easier to relax when I have time to. Thank you so much, thanks again and again sir. May the good lord keep you and your beloved blessed and safe. 👊👍

Thank you LPL for FINALLY showing one sane person on how your cards are insecure. Everybody goes Ape about how you can read cards from a distance and how for example the contactless banking is bad. But you are the FIRST to show how it does not work when you have a bunch of cards together. I despise the people that have their work-badges around their necks or on the belt like some dog wears a collar. So easy to pick up on and read. I have mine in my i-Clip wallet that basically stacks all cards together. There is just gibberish whenever I present ANY card inside the stack to any reader. Keep up the awesome work and hopefully, people will understand the security flaws and how to protect against these remote attacks.

Please continue this series. Make more videos on RFID. This is very enlightening.

Huge fan of the RFID stuff you have been doing lately! Would love to see more.

While these videos are usually commonplace information and a good review on proper security, I think the first time I was ever blindsided by new information was in here. It had never occurred to me that stacking 2 RFID cards on each other would actually cause readers to fail. Thank you, LPL, for genuinely making my life more secure.

Thank you, my dear friend. Your videos have given me both a reason to live and a reason to have life. I eagerly hunger for every new video that you make and I awake to your voice each sunrise. Keep being you, brother. Keep on keeping on being yourself.

I work in the EVSE industry as part of a network operator. In my experience, most EV chargers which support RFID don't support query/response protocols. Very easy to clone cards/fobs for EV charging.

@robbruce2128

4 жыл бұрын

Thanks, I'd wondered how secure or insecure by card was. Hopefully there's some fraud protection incorporated in the system to detect implausible charging amounts or locations to mitigate this risk. Mine reloads $10 at a time from my credit card -- I guess I should ask myself how many reloads would it take _me_ to notice somethings going on?

@ldti

4 жыл бұрын

I actually wanted to create a device to legitimately clone those ev tags so you wouldn't have to carry a whole lot of them with you. Unfortunately, I couldn't find a controller that supported user set uuid.

To paraphrase Mae West; "Is that a gun in your pocket or a RFID reader?"

@chimpmoment130

4 жыл бұрын

"paraphrase"

@cericat

3 жыл бұрын

They often hide the big ones, which are easier to get covert reads with given the better range, in backpacks or large handbags if the unit is small enough.

Well thanks for teaching everyone about this vulnerability. Store cards together in a rfid case.

Thanks! You are an excellent presentor and teacher. Your prototype setups are neatly built.

Reminds me of Mr. Robot.... (when they're breaking into Steel Mountain, they bump into someone at a coffee shop with a similar RFID reader (in a backpack) to clone the employee's card)

@DomThatDubstep

4 жыл бұрын

Fun fact: That pack was actually made by Deviant Ollam and his team. If you're not sure who that is you should lookup red teaming on KZread. They basically get hired by companies to break into their facilities

The mad lad has finally done it. He can pick a lock just by walking near it

As much as I enjoy watching you humiliate lock manufacturers by effortlessly opening their poor excuses for locks, I’m equally enjoying videos like this. Thank you for taking the time to make them.

LPL, this isn't so much a comment on this video, it's more general about all the vid's of yours. They are fascinating, interesting, and brief. But in their brevity, you pack a lot of information. Techniques, principles, concepts. Your content is eye-opening, disillusioning (a good thing) and so very informative. Thank you

Whoah, this was already one of my favorite channels. Worlds just overlapped even more. Maybe we'll see you at Defcon? You may want to look into getting a Proxmark 3.

Dang LPL I didn’t know you were a nerd too, respect!

The information on how well the protective sleeves work by itself made this video excellent 👍

Going to keep multiple cards together from now on. Brilliant advice and video.

I love the channel and your work. could you, hopefully more than once, show a video where you show your process? like the gun safes, could you show _how_ you figure out the flaws? Thanks.

I remember watching a video where a guy made one of these for credit card skimming and just carried it around in a laptop case while he walked around Ney York. Dude stole +300 credit cards in a couple hours just by walking to Starbucks

@cericat

3 жыл бұрын

I'm honestly surprised it doesn't happen more often, the tech isn't very difficult to work with and carries less personal risk for the thief to acquire.

Geez… I installed a system almost completely identical to the system that you’re testing for a mortgage company way back in 2004!!! I’m impressed with how far the technology has come to capture and re-play credentials & cloning cards from a remote scan onto a physical card to be able to make unauthorized access to the lock 🔒 less conspicuous than waving 👋🏻 some huge device or cellphone 📱 in front of the card reader!!! I’m positive that you could have easily gained entry to one remote control door lock on the backdoor because it had its own control system board inside it that you could definitely have opened and then just bridged the contacts to activate the lock opening!!! The main doors on 3 floors of this 10 story building were just simple readers and could not be used directly to activate the lock opening because the controls were not near the door they were in the utility closet of the 3rd & 10th floors & in the IT Server Room on the 1st floor, except for the backdoor, and had separate wires from the server room/utility closets which would activate the lock opening remotely and separately from the reader mechanism!!!

I like that you're starting to make videos on how to protect ourselves and systems. Sure helps keep my peace of mind.

I have one of those fancy micro wallets with RFID blocking (card holder is basically a hollow block of aluminium. The Readers at our cafeteria cant even read the cards on the outsode of the blocker when in direct contact.

@jima4286

4 жыл бұрын

The solid aluminum may be a better RF shield than metalized plastic/paper.

@backseatpolitician

4 жыл бұрын

I was wondering about that. I have seen ads for wallets like that and I was curious if they work.

@saschaschneider6355

4 жыл бұрын

@Frank Winkhorst No, they don't. A plane is a Faraday cage and protects you against lightning and I've never seen a 12km long grounding wire. A car is a Farady cage as well although it is grounded as their only ground contact is through tires that are made of isolating material. So if you ever get hit by lightning while in your car avoid touching the outside while getting out because there's a danger that you'll become the ground connection. Electric shielding, on the other hand uses a Faraday cage that is grounded so there will be no built up of electric charge on the outside of the cage. It's a safety measure but not necessary for the cage to work.

@muzzthegreat

4 жыл бұрын

I agree on the Can't read thing : I have a credit-card in my phone holder and it won't read - I used-to have a Flip-case for my phone, and the card could be read flipped-out; but it does seem to fail to read when flat-against the phone.

@thenasadude6878

4 жыл бұрын

@@saschaschneider6355 the cage will work, but a lightning has ground by default (it goes to the ground by itself). There are old demonstrations of Faraday cage effects on cars, and in most videos and photos you can see the artificial lightning will discharge to ground through a rim and around the tire wall. That said, electricity likes to travel on the surface of objects, so a Faraday cage will not require ground

i never thought multiple cards would confuse a reader like that. good thing i carry 4 different rifd cards with me at all times i guess

Lpl, I do low voltage service. Your videos have inspired me. I enjoy finding panels w/out keys and have picked more than 10 simple panel locks with your inspiration! Prior to you my prybar got a lot more action. Fire alarm, burg, access control, cam, voip, fiber, comms, and radio systems on occasion. Thanks for the small fun you have made from a large stress.

Subscribed only because you are keeping up with the times. I saw your video about 2 years ago to get a lock for my old house. But since then I only carry these RFID keys.

2:42 oh, i thought it was "how to 'legitimize' your newfound wealth and buy a new villa in the carribeans"

I so want to play with this at work but fear my IT department would have a sense of humour failure.

@Melds

4 жыл бұрын

Probably HR would have more to say to you. :)

@ScottKenny1978

4 жыл бұрын

Just get security manager to watch this video first and give you permission. Then you have an out for when it and HR have a sense of humor failure.

@gehesnuts2444

3 жыл бұрын

just smack your boss on the ass

Amazing information as usually LPL. Thank you.

LPL is one guy loving his work in a paradigm level of commitment and worthiness.

Modify cards so that the RFID is only readable when the card is being pinched in one corner. Use RFID emulation that only occurs on demand rather than always ready.

@Ddub1083

4 жыл бұрын

The whole idea of the card is that its dumb. If you have to carry around something that has electronics to make it smart and responsive to input, might as well just use a phone with active communication rather than passive with RFID.

@silverfeathered1

4 жыл бұрын

Does it have to be "smart"? Couldn't the tag have a mechanical engagement that closes the circuit? Possibly two "half" chips that need to be physically connected to produce the effect of the one within the card? A light spring loaded slider, maybe? IDK... Just seems like this tech has been adopted way to readily for all the flaws. Hell, there's cars that unlock and work without ever having to take keys out of your pocket...

Impressive device. thx

Excellent series of vids on these, thanks!

Many thanks for this video, LPL. I'm enough of a radio nerd to know a reader like that would be an easy build for a lot of amateurs, but I get nowhere trying to explain it to others - I might as well be speaking Elbonian. A demonstration like this is far more instructive than my muddy ramblings. :)

This is not Lockpickinglawyer. This is Pentestinglawyer.

@SorenWarner

4 жыл бұрын

He's becoming Deviant Ollam V2.0

@unknownentityenthusiast6765

4 жыл бұрын

LockHackingLawyer

Ahhh.... I see where this series is going now. Hoping for an active man in the middle attack next :)

@HelenaOfDetroit

4 жыл бұрын

Yep! Looks like that's where it will go next. Hoping he does explain that attack.

@xander0479

4 жыл бұрын

That's basically what video 1052 is

@labboc

4 жыл бұрын

Xander 1052 is more of an eavesdropping/replay attack, and would be foiled by a challenge response system. A proper MITM attack would interactively relay signals through a separate channel and is much harder to defend against. (This kind of attack is mitigated in HTTPS using trusted, centralized certificate authorities)

I really like the expansion of your channel to include electronic security as well as that outdoor brute force attack video

Thank you for sharing your wealth of knowledge!

Also there is another security solution, that gives pretty great security, but can be done with cheap mifare cards, which a solution, many home door locks use to prevent cloning. That is, that the card either have an encrypted counter. Everytime you open the door, it will write counter + 1 to the card. And also store counter + 1 in database. If you try to open the door with a counter less than the value in database, it will fail to open. Another solution is that it simply writes an random value to the mifare card. This random value must match the one from database. Everytime you use the card, a new random value is written to both card and database. Both of these solutions prevent card cloning in the sense that if either the clone or the original card, is used AFTER it has been cloned, the other one will stop working. This will make the attack very detectable, the reader can easily detect that a counter or random value has been reused, especially after one card actually correctly authenticated with a newer value, and thus it can sound a tamper alarm and even block the card and alert the security to reissue a new card to the employee in question. This means, that even if the cloned card were the one to be used next, thus invalidating the original uncloned card, it would still be detected either by the above alarm, OR that the original card owner complains his card no longer works, and gets it replaced with a new one, or having a new counter value written to it by security, which will now invalidate the cloned card.

There is anti-colission readers that can read multiple tags at a time.

@Inertia888

2 жыл бұрын

I wonder if it would help to program several dummie cards, in order to overwhelm it? I suppose I would have to know how many cards it can read and keep more than that number?

@timberlock

2 жыл бұрын

@@Inertia888 They can usually read up to 50 cards simultaneously. But there are only high frequency collision readers available. So they can't read credit cards.

I am glad to see videos on safes and RFID as well as lockpicking!

@MKurrPhoto

4 жыл бұрын

Not that I like RFID...

I love it! A man of many talents.

I really thought this was leading up to a ridge sponsorship.

@Jack-tu5zf

3 жыл бұрын

The ridge wallet is all I was thinking about while watching the video.

So can I use an Amiibo card to protect my bank card? thanks Nintendo!

@FrancisSims

4 жыл бұрын

I'm wondering the same thing. It seems like if you stick it on your card then the card won't work, but if you stick it on your card holder, that might be a good deterrent...

@coreybrowngaming620

4 жыл бұрын

No, other way around is a much better use jk

@renakunisaki

4 жыл бұрын

Ironic, Amiibo being used to _prevent_ money from leaving wallets.

It's amazing how much I learned from these RFID videos you uploaded recently! I really enjoy this series and love the ways you could attack this system from different points.

Interesting topic. I have an unrelated story from a while back. BNSF Railroad office in Denver was just ramping up to install RFID chips on all their rolling stock. They had installed and were going to test a reader at a particular crossing west of Denver in the mountains. A friend of mine was a line worker for the railroad (don't know his exact job title) and he was out in his truck on the rail line and related this to me over the amateur radio. He got a railroad radio message to get to the crossing that was to be tested and lift his truck off the line and wait for the next train, inbound to Denver, to pass. The train came by and was not remarkably long, but the central controller called back on the radio and asked how many cars were in that train. My friend told them there weren't many and that it was a mixed freight. The central controller called back and said the RFID reader had reported the train had over 36,000 cars on it, then they both realized that the new (yet to be installed) chips were on that train as freight and the sensor at the crossing had successfully read every single chip in the shipment.

Could anything like this be used on contactless credit /debit cards? Also, would you be able to test some popular 'RFID blocking' wallets to see if they actually work?

@MattTrevett

4 жыл бұрын

I believe that the credit cards use a challenge and response system. They don't simply broadcast the same value every time. Instead, an encrypted number will be generated using a private and public key and only someone who knows the key can come up with the correct response to the challenge.

Do credit cards with a built-in contactless feature have this same vulnerability?

@Melds

4 жыл бұрын

Some passports, too. There's a foil blocker in the cover.

Storing RFID cards together is good advice, thanks.

Fantastic information, thank you! I love that stacking them works, I've unintentionally been protecting myself with my little wallet because I stack my 3 money cards together on the same side!

So by issuing two different cards to every employee and tell them to store them together you immediately defeat this flaw?

@JasperJanssen

4 жыл бұрын

Between bank cards, ID cards/passports, access passes, public transit passes, and a few others, almost all wallets are pretty much covered.

@Melds

4 жыл бұрын

On some readers. But the protocol is designed to read a whole pallet of RFID-tagged items at once.

@thenasadude6878

4 жыл бұрын

No because they will have to take them apart to get read by the intended reader. Most employees will understand that one of the cards is a dummy and will leave it at their desk or at home

@JasperJanssen

4 жыл бұрын

TheNasaDude different doors requiring different cards.

So by keeping that old hotel room key in my wallet with my work ID has inadvertently scrambled the data. Nice. Also explains why I have to take it.out of my wallet to get the door open....

Great info, LPL !

I don’t usually leave comments on videos but I would like to on this one, ive taken up pock picking g as a hobby because of this channel and I would love to tell you how much I love it! LPL you make amazing videos and they entertain me for hours upon end. Thank you for the amazing content, and as always have a nice day!

RFID blockers are fine, but our cards are also Ids that we have to have on display at all time

@Asdayasman

4 жыл бұрын

Put another RFID card behind it in your lanyard. Doesn't obscure the view, but garbles the data.

@shawnheidingsfelder8179

4 жыл бұрын

Either that, or simply wearing the card on your chest, where it's supposed to be, rather than on your belt, like many folks would prefer to do, would raise the card out of the read range of devices like this, if they were carried in a bag (maybe not a backpack). There are always little things we can do to make life harder on the bad guys.

@jayrodathome

4 жыл бұрын

Asdayasman but then wouldn’t you always have to take the card out to use it? I mean not that big of a deal just a pain.

@SerbanCMusca-ut8ny

4 жыл бұрын

@@Asdayasman If you do that, you'd need to take out your "good" card in order to use it. Kinda defeats the purpose. Just sayin'

@Hello71b

4 жыл бұрын

@@jayrodathome ... so I guess keychains are also too complicated to use?

Can you show us how thieves stealing cars using bags or suitcases with transmitting devices?

Very informative, keep up the great videos

Excellent advice for standard cards. Possibly explains why I've seen suspicious looking people with square profile shoulder bags recently. It's truly scary what shows up on online auction websites these days.

You've been spending too much time with Deviant Ollam :)

@signoutdk

4 жыл бұрын

I'm not sure that's possible :)

@CrazyDanishHacker

4 жыл бұрын

Pretty sure it was not Deviant Ollam who came up with this method, see e.g. hackaday.com/2013/11/03/rfid-reader-snoops-cards-from-3-feet-away/ which I used during an assignment 6-7 years ago.

@JasperJanssen

4 жыл бұрын

Crazy Danish Hacker ... and what does the originator have to do with it? DeviantOllam has been showcasing precisely this vulnerability with what looked like the exact same reader.

@ScottKenny1978

4 жыл бұрын

I'm pretty sure than any time spent with devollam and LPL is time well spent. I would love to buy them a drink or two for stories.

@russellhltn1396

4 жыл бұрын

I don't think it was too much at all. I like the direction the channel is going.

Why do I have this feeling that this KZread video just read all of my RFIDs?

Thanks, now this will make things much easier.

I work with these quite a bit. To enhance security, cards are tied to users, and users have access hours, so it can't be used after hours. High-security areas are limited to just authorized users and are card+PIN. Finally, security monitors card attempts after hours (and it can be emailed or texted as well) and can turn off individual cards. Plus, a separate burglar alarm system helps if a card did get cloned. One advantage is that the override cylinder doesn't need a change key cut and there are fewer physical keys floating around, which can't be disabled if lost or copied.

"This is the LockPicking Lawyer... That's all i have for you today .. Have a Nice day"

When does this guy have time to practice law??

@jlust6660

4 жыл бұрын

Maybe that's why all the videos are shorter than 5 minutes

@stevenrichards1539

4 жыл бұрын

LPL: Your honor I need a continuance Judge: whoa. LPL: yeah your honor Bosnian Bill sent me a challenge lock Judge: I give you a short recess. LPL: your honor, I withdraw my request, plaintiff is ready for trial. And that's all have for you today.

@HuatengChen

3 жыл бұрын

well, average of 2 min per vid? 3h of work/week = ~90 videos recorded. Almost zero editing. 2h to publish and schedule on YT = 3 months worth of videos in a less than a day of work, tadam!

@SteamCrane

3 жыл бұрын

He retired from law, at least for now.

Fantastic video as always

Awesome video, thanks again

"This is the Electronics Tinkering Lawyer..."

Soo, i can just put my cards in those protective covers, and on top of had another worthless card without it as a bait...

Dude...really good info. Cheers!

I love the occasional electronic videos. Make more of them!

Amazing how unsafe behavior - having all the cards stacked together due to convenience - is actually a safety measure.

I never did trust RFID as secure for the very reasons you show.

Nice to see you've been branching out in recent videos

Or dial your HAM radio in; and pick up positive reads from across a parking lot. Kristen Paget displayed this method at DefCon a few years back. Worth a look if Apple/Discover/Visa/MasterCard haven't forced the videos down yet. My favorite one was reading hotel room keys at an out-door pool from several stories up. RFID is a security liability, thanks for the video.

Remember not to touch 2 Black Boxes together or they'll explode. /jk

Just want to say I love these types of videos

Great video. I've been using these card sleeves for months and wondered how effective they are.

Really informative and useful thank you so much.

This guy is just ridiculously clever

On placing them together, they need to be touching to create the gibberish (which you show but I thought I'd emphasize), not just in the same wallet for someone thinking of trying that. I've had an RFID card on either side of my wallet for two locations I access and I only need to hold up the side with the card for the location and it will read correctly. They have only a few mm between them but it's enough that I have no false readings. PS - Love that you are trying out RFID and electronic lock methods!

Good advice!

I am glad you are one of the smart ones.