I’m at Eurocrypt 2025 this week.
We’re in a famcy hotel. We have NFC cards which unlock our rooms. The elevators in the lobby are summoned using the room card: you tap your card on the reader, and select a destination floor from a little menu. You don’t get to ask for any floor: it only offers a few common areas (the restaurant, the swimming pool, etc.) and the floor with yor room. This certainly makes the menu less cluttered; it also means it’s hard to wander around on floors other than the one with your own room. That’s good, right?
Not so fast!
Poeple lose their key cards. I found a key card lying about on the floor in the conference room. It turns out that it didn’t belong to the person in the nearby chair.
It would let me into someone’s room. But it’s a big hotel, with 15 or so floors with guest rooms. I’d have a lot of searching to do to find my victim’s room
Except that I don’t. I go to the lobby, and I tap the card on the elevator’s reader. It immediately tells me my victim’s floor number, and offers to take me there.
This seems definitely worse than letting me walk around the corridors on arbitrary floors.
Leave a comment