I’m just a regular student studying computer science. I needed to clone my building’s access card because management charges about 50$ every time I need a new card. I bought a proxmark3 as an investment since I lose the access card from time to time.
So anyway, I found out that the “key” to my building access card and the key fob to my home’s smart lock is just FFFFFFFFFFFF. Isn’t this a major concern?
I would be very interested to learn more about what system they are using…
Is your badge running in EM mode by any chance?
It could be an inherent failure/manufacturer decision like a common rfid relay we use in various projects
I found several others also have the same behavior…
I’d be suprised if your company has any control or implemented those keys
I’d equate it to a lock being able to be comb picked as an analogy… it’s such an obvious oversight and is inexcusable
What is even more interesting is, if your saying your personal badge is FFF…. which is bad… but they might be using it for everyone else’s keys also… which is even more dumb…. Because you just eliminated like 90% of the advantages of rfid access control
RFID tags are commonplace in buildings here in the UK.
I made a habit of being a broker of “free tag copies” for everyone I know (because those buildings charge between £15 and £30 for each additional tag)…
So far, all the buildings I checked use a single key for all their tags. (each building a distinct key, but all the users have the same key)
That said, I do agree with you completely there!
Right on the bullseye for the UK residential building market.