Help/advice - approaching systems admin to enrol/roster implant UID

There are two main problems or difficulties here;

  • the admin doesn’t actually understand how RFID systems work

  • the bosses of admins (the ones who set policy) don’t understand how RFID systems work

In both cases, the problem is that these access control people treat RFID access systems like old physical key based security systems… where they focus on control of the physical card or badge or fob, instead of understanding that the unique serial number in the card is the real control point.

  • Key based systems place control into the physical keys being distributed. It’s terrible.

  • RFID systems keep control of the system with the admins.

Check this out - https://dangerousthings.com/chip-implants-101/keys-vs-rfid/ and watch the videos

Now… to answer your question… when you go to approach whoever controls these things… you have to engage in a bit of social engineering. You have to use your wit and charm to win the day… and you cannot do that over email or the phone. In fact, read this guide for approaching professionals first to see why this matters.

Since you are talking to someone who operates a gym and not a secure facility, it should be easier… and you don’t necessarily have to educate them on how these systems work, you just need to speak their language… meet with them in person… talk to the front desk person a bit about your implants… try to get them on your side… show them why it’s cool… say things like “I have my own gym card!” - speak their language… use whatever term they use to describe their cards… but don’t expect that front desk person to actually be able to add you… maybe you’ll get lucky and they’ll say “yeah let’s try it” and you can try to get them to do it… but expect to speak to the manager… try to get the front desk person (who is now on your side) to introduce you to the manager… they might say “hey check this out… it’s really cool…” and try to get off on a good foot.

In any case, you have to navigate those waters as you swim them… maybe the manager will think “hey we can get the media here and get publicity!” or maybe the manager will think “this is the devil’s work” and rip up your contract. Who knows.

Now, when it comes to adding your implant to the system… that’s another case of having to go with the flow… but before you even get to the point of talking about implants, research the hell out of your card… does it have anything in user memory? Are parts of the memory secured? If not, maybe it is just the UID… but then you need to know how new cards are added to their system… is there a reader that does enrollment or do they type numbers that are printed on the cards? Are there any numbers printed on your card? You basically have to be able to do all the reconnaissance and try to understand exactly how this can work or could work before attempting to get them to add your implant to the system… because their incentive is very low, and even small hurdles can easily derail the whole thing… like when someone you don’t like is asking you to do something you don’t want to do… you’re going to look for any reason big or small to say “well we tried” and give up… so do everything you can to not let that happen.

4 Likes