Electronic Hotel Safe

[Daffy D]

Recent stay at a hotel they had an electronic room safe witch in addition to the normal keypad had a card swipe option.

You could close/open the safe in the normal way by entering a 4 digit code on the keypad or by using the credit card swipe.

What is the point of this Perhaps for people who can't remember a four digit code

I would be reluctant to use the swipe feature as I don't see the point and how do I know they are not just cloning my card, though I doubt this would be the case with hotel safes as if too many guests credit accounts were being drained it would not take long for the hotel to be identified.

So what is the point

[Cuban]

These have been in use and sold here for a long time, there is a convenience factor or rather a perceived convenience factor by some people that are not generally data theft aware. I doubt there is a way to extract the safe's swipped data check-sum for 'your' card without gaining access to the control chip, in short there are easier ways to copy your data.

When using such numeric keypads, it is wise to wipe each digit before and after use, I have seen a number of very simple techniques to obtain a secret PIN, use of a dried liquid that glows (fluorescence) under UV light, paint the buttons allow to dry, the mark taps in the PIN correctly (four digits) and indicates what the four digits are, look for the smuged marks. Then it's trial and error 4x4x4x4=256 times to guess the pattern used for your PIN, if it takes 5 seconds per go (assuming no clever secure logic to limit the number of attempts, three goes on an ATM) you will break the code within 22 minutes by this brute force attack. A bit over 6 minutes if you repeat one digit. I've seen talcum powder used before now on one secure access door where someone was proving a point about security.

This applies to ATM keypads as it does such hotel safes.

While we are on this theme, when I used to travel to more hotels than I do these days, I would carry a dud plastic credit type card to leave in the room's electrical supply switch (your room pass holder by the door) to allow me to keep the aircon running while I was out. I also had (have) a few magnets that could be taped to a piece of cardboard for the older style sensors with magnetic reed switches, I could fashion a 'copy' of the room key's dongle in a few minutes for the same purpose.

[Sophon]

Then it's trial and error 4x4x4x4=256 times to guess the pattern used for your PIN, if it takes 5 seconds per go (assuming no clever secure logic to limit the number of attempts, three goes on an ATM) you will break the code within 22 minutes by this brute force attack.

Not even as much as that. Four (different) digits only gives 24 combinations (4x3x2x1=24), as you can not use the same number more than once. So with 5 seconds per attempt it would only take two minutes to crack the code.

Sophon

Edited December 13, 2008 by Sophon

[Cuban]

...indeed - I'll go to the back of the class, and play with my magnets.

[Maizefarmer]

Then it's trial and error 4x4x4x4=256 times to guess the pattern used for your PIN, if it takes 5 seconds per go (assuming no clever secure logic to limit the number of attempts, three goes on an ATM) you will break the code within 22 minutes by this brute force attack.

Not even as much as that. Four (different) digits only gives 24 combinations (4x3x2x1=24), as you can not use the same number more than once. So with 5 seconds per attempt it would only take two minutes to crack the code.

Sophon

24 combinations?? ..... Nope: I have yet to see a hotel safe keypad with only 4 digits on it - they're usually 0 thru to 9 aren't they? - and that gives you much the same amount of combinations as you have with an ATM card - millions of possibilities ... and if your plastic card is needed, you then have to add the 16 or 20 digit number of the card (written into the magnetic stripe) -and all of a sudden you have hundreds on billions of possibilities. Brute force "attack" - with a crow bar, yes - they're seldom fixed very well to the wall - ask me, I know - I had to check out with one in my luggage from a hotel in Holland about 10 years ago after snapping my plastic card pushing it into an ATM!

Edited December 13, 2008 by Maizefarmer

[Tywais]

4 digits consisting of the numbers 0-9 give 10000 possible combinations (10^4) based on the photo above using 0-9. Another way of seeing it is, if the same number can be used more then once, and as far as I know that is not a limitation on a reasonable safe, is below.

0000 0001 0002 > 9999 = 10000 possibilities. This applies to 4 digit ATM PINs also, not millions of combinations which would require a minimum of 6 digits.

[george]

Solution: before you use the hotel room safe, just press all number buttons before you do anything else.

[Sophon]

Then it's trial and error 4x4x4x4=256 times to guess the pattern used for your PIN, if it takes 5 seconds per go (assuming no clever secure logic to limit the number of attempts, three goes on an ATM) you will break the code within 22 minutes by this brute force attack.

Not even as much as that. Four (different) digits only gives 24 combinations (4x3x2x1=24), as you can not use the same number more than once. So with 5 seconds per attempt it would only take two minutes to crack the code.

Sophon

24 combinations?? ..... Nope: I have yet to see a hotel safe keypad with only 4 digits on it - they're usually 0 thru to 9 aren't they? - and that gives you much the same amount of combinations as you have with an ATM card - millions of possibilities ... and if your plastic card is needed, you then have to add the 16 or 20 digit number of the card (written into the magnetic stripe) -and all of a sudden you have hundreds on billions of possibilities. Brute force "attack" - with a crow bar, yes - they're seldom fixed very well to the wall - ask me, I know - I had to check out with one in my luggage from a hotel in Holland about 10 years ago after snapping my plastic card pushing it into an ATM!

I think you misunderstand what we were talking about.

The premise was that someone had treated the numbers on the safe with some kind of substance, that would later allow them to see which four numbers the guest had used when opening the safe. If you know which four numbers is used in the combination then there are only 24 possible combinations.

Example:

Someone wipes the safe clean, and later checks the numbers on the safe for fingerprints. Only e.g. the four numbers 1, 4, 7, 9 shows signs of fingerprints, so it must be these four numbers that was used when setting the code/opening the safe. Knowing the four numbers, there are only these 24 possible combinations:

1-4-7-9

1-4-9-7

1-7-4-9

1-7-9-4

1-9-4-7

1-9-7-4

4-1-7-9

4-1-9-7

4-7-1-9

4-7-9-1

4-9-1-7

4-9-7-1

7-1-4-9

7-1-9-4

7-4-1-9

7-4-9-1

7-9-1-4

7-9-4-1

9-1-4-7

9-1-7-4

9-4-1-7

9-4-7-1

9-7-1-4

9-7-4-1

Of course, assuming that the safe uses a four digit code, which most cheaper safes do, it will have 10,000 (not millions) of possible combinations, but if you know which four digits the code consists of it narrows down the combinations considerably. Safes that use variable length code (for instance codes between four and eight digits) would be very different as would safes that block after e.g. three incorrect attempts.

Anyway, in my mail I was only commenting on Cuban's math not his premise.

Sophon

[Jambo]

Wow !!

Thanks for the advice Sophon. I never imagined that it would be so easy!!

I think i will do what George advised - press all the digits before using.

[citizen33]

Wow !!

Thanks for the advice Sophon. I never imagined that it would be so easy!!

I think i will do what George advised - press all the digits before using.

Yes, this is a thought-provoking thread. As an additional footnote, and in defence of Cuban against Maizefarmer, 'brute-force attack' has a different meaning than crow bars if you know anything about the world of hacking.

[dumball]

Did anyone think of checking the back of the safe ? A simple door in the back , accessed through the clothes closet in the next room , eliminates all of the thinking required in the mathmatics department . Please remember , Thai are taught not to think , it will give them a head-ache . LOL555

[MeetJohnDoe]

George has the right idea...just wipe the keys with an alcohol swab and/or press all the keys before first use. Also, I think many of these safes have a lock-out feature after a certain number of incorrect pass numbers are entered. At the least, there would be some period of time before a new series of numbers could be entered and this would greatly slow down any break-in attempt.

I have traveled in Asia for a decade and never had a hotel-safe break-in. I don't think they are very common...despite the stories one reads occasionally in the local press. Actually, I have never had anything stolen from a hotel room, and on occasion, I have had to leave notebook computers unsecured because I forgot the security cable.

[Naam]

Then it's trial and error 4x4x4x4=256 times to guess the pattern used for your PIN, if it takes 5 seconds per go (assuming no clever secure logic to limit the number of attempts, three goes on an ATM) you will break the code within 22 minutes by this brute force attack.

Not even as much as that. Four (different) digits only gives 24 combinations (4x3x2x1=24), as you can not use the same number more than once. So with 5 seconds per attempt it would only take two minutes to crack the code.

Sophon

maths is not one of your strong points i assume?

[Sophon]

Then it's trial and error 4x4x4x4=256 times to guess the pattern used for your PIN, if it takes 5 seconds per go (assuming no clever secure logic to limit the number of attempts, three goes on an ATM) you will break the code within 22 minutes by this brute force attack.

Not even as much as that. Four (different) digits only gives 24 combinations (4x3x2x1=24), as you can not use the same number more than once. So with 5 seconds per attempt it would only take two minutes to crack the code.

Sophon

maths is not one of your strong points i assume?

Please elaborate.

Sophon

[Moonrakers]

Then it's trial and error 4x4x4x4=256 times to guess the pattern used for your PIN, if it takes 5 seconds per go (assuming no clever secure logic to limit the number of attempts, three goes on an ATM) you will break the code within 22 minutes by this brute force attack.

Not even as much as that. Four (different) digits only gives 24 combinations (4x3x2x1=24), as you can not use the same number more than once. So with 5 seconds per attempt it would only take two minutes to crack the code.

Sophon

maths is not one of your strong points i assume?

Please elaborate.

Sophon

I think that you have not taken into account that there are actually 9 digits available, yet only 4 can be used.

Edited December 13, 2008 by globalj

[Sophon]

I think that you have not taken into account that there are actually 9 digits available, yet only 4 can be used.

Actually there are ten digits available giving 10,000 possible four digit combinations. But Cuban's mail describes methods to determine which four digits have been used for the access code, meaning that the other six digits can be excluded.

Sophon

[JetsetBkk]

For the "logically" challenged, (Naam, Cuban, Tywais, please raise your hands ), this was discussed over a year ago, here: http://www.thaivisa.com/forum/Warning-Hote...t&p=1610578

As Sophon says, there are only 24 combinations provided you know which 4 keys were pressed.

Of course, if only 3, 2 or 1 key were used, the answer would be different, but I can't be bothered to work it out. (Apart from when 1 key is used 4 times: there is only one combination ).

Anyway, these safes aren't... er... safe. Read the previous thread!

[Tigs]

In the hotel at check-in you all give your passport to be photocopied. It is amazing how many people use the day and month of their birth as a 4 digit code (or include the year as a 6 digit code).

[Daffy D]

Erm! Ah! So the reason for having a card swipe is that you don't leave fingerprints on your selected 4 digits that can then be highlighted by magic powder and with an undetermined amount of combinations open the safe.

So using the card swipe would be safer but what if you wanted to leave your card in the safe? you would then be at the mercy of the magic powder gang

Don't these safes have a master key/number/code that can be used by the management to open in the case of a guest having forgotten his code number of if he used the swipe thing lost his card while he was out.

Whats to stop some one buying a similar safe and getting the codes to open all the safes in the hotel?

Can't be that simple but TIT so who knows.

[Naam]

For the "logically" challenged, (Naam, Cuban, Tywais, please raise your hands ), this was discussed over a year ago, here: http://www.thaivisa.com/forum/Warning-Hote...t&p=1610578

As Sophon says, there are only 24 combinations provided you know which 4 keys were pressed.

Of course, if only 3, 2 or 1 key were used, the answer would be different, but I can't be bothered to work it out. (Apart from when 1 key is used 4 times: there is only one combination ).

Anyway, these safes aren't... er... safe. Read the previous thread!

correct

[JetsetBkk]

...Don't these safes have a master key/number/code that can be used by the management to open in the case of a guest having forgotten his code number of if he used the swipe thing lost his card while he was out.

Whats to stop some one buying a similar safe and getting the codes to open all the safes in the hotel?

Can't be that simple but TIT so who knows.

If the management are the problem, it doesn't really matter what precautions you take.

Did you read that topic? http://www.thaivisa.com/forum/Warning-Hote...t&p=1606782

[simon43]

I never use hotel safes! I carry a pair of boxer shorts that I was wearing on a previous occasion when I got a very bad case of the 'Bangkok Trots'. (I carry them in a sealed bag). Upon leaving my hotel room I slip my money and credit cards inside the boxers and leave everything in full view....

To date, no-one has stolen my money or cards.

But there does seem to be a problem when er.. ladies of the night return to my room with me. I have to provide a clothes peg for her nose:)

Simon

[nuwatmat]

I never use hotel safes! I carry a pair of boxer shorts that I was wearing on a previous occasion when I got a very bad case of the 'Bangkok Trots'. (I carry them in a sealed bag). Upon leaving my hotel room I slip my money and credit cards inside the boxers and leave everything in full view....

To date, no-one has stolen my money or cards.

But there does seem to be a problem when er.. ladies of the night return to my room with me. I have to provide a clothes peg for her nose:)

Simon

[JetsetBkk]

I never use hotel safes! I carry a pair of boxer shorts that I was wearing on a previous occasion when I got a very bad case of the 'Bangkok Trots'. (I carry them in a sealed bag). Upon leaving my hotel room I slip my money and credit cards inside the boxers and leave everything in full view....

To date, no-one has stolen my money or cards.

But there does seem to be a problem when er.. ladies of the night return to my room with me. I have to provide a clothes peg for her nose:)

Simon

Bl00dy h3ll! I'm having my tea, Simon!

[Carib]

[Master Chief]

Erm! Ah! So the reason for having a card swipe is that you don't leave fingerprints on your selected 4 digits that can then be highlighted by magic powder and with an undetermined amount of combinations open the safe.

So using the card swipe would be safer but what if you wanted to leave your card in the safe? you would then be at the mercy of the magic powder gang

Don't these safes have a master key/number/code that can be used by the management to open in the case of a guest having forgotten his code number of if he used the swipe thing lost his card while he was out.

Whats to stop some one buying a similar safe and getting the codes to open all the safes in the hotel?

Can't be that simple but TIT so who knows.

No digital master code is installed, but there is mostly a master key.

MC

[JoeThePoster]

No digital master code is installed

Maybe not always, but this happened to me once in Guangzhou. The display started flashing "ERR 15 ENTER MASTER CODE" after I punched-in the wrong code thrice!

Had to call the front desk and the duty manager showed up with 2 witnesses. He then proceeded to enter the digital master code to open the safe and reset the display.

By the way, the digital master code was 999999.

[sorensen]

I always thought that the credit card swipe was so that the hotel could over-ride the security code with a master card AND code in case a guest forgot his code.

Am I totally wrong or does this make sense?

Robert

[Cuban]

For most of these safes - you can peel off the maker's lable to reveal an old fashioned key hole where a master key will allow access. Well my electronic safe at home is like this.

As for my maths failure - hey it was a quickly typed response while thinking about other things (my excuse).

For those that can - seek the 'fresh' puzzle thread running elsewhere on TV.

Two huge clues and no attempted answers yet.

[JetsetBkk]

Oh God. I really must stop eating before I click on this thread.