New Blog: MagicBands 2.0? New Style Surfaces & Excites Fans

[disney david]

Again, I am not at all saying this won't happen but practically, when people staying at a Pop Century (used as an example because the room doors open to the outside) prop their doors open with the dead bolt while they run to the pool or to get food, a thief is much more likely to take the easy route.

I guess there are thieves who might target Disney guest rooms using RFID cloning but someone who has that level of expertise will be more likely to target a much more lucrative victim where the payoff is higher and the risk of getting caught lower.

But couldn't the same be said for regular keys I work for a hotel and it won't take much to rob a room without needing a room key.

 

[jcb]

But couldn't the same be said for regular keys I work for a hotel and it won't take much to rob a room without needing a room key.

I suppose but I don't know.

When room keys were brass, they could be copied (assuming you could find a locksmith who would make a copy).

The information on a magnetic strip can be copied in seconds.

RFID signals can be cloned.

The question isn't whether - but how easy we make it for someone to rip us off. The idea is the same as the old joke about not having to out run the polar bear, just being able to out run at least one of your companions.

Then again, I still shop at Target....

 

[disney david]

I suppose but I don't know.

When room keys were brass, they could be copied (assuming you could find a locksmith who would make a copy).

The information on a magnetic strip can be copied in seconds.

RFID signals can be cloned.

The question isn't whether - but how easy we make it for someone to rip us off. The idea is the same as the old joke about not having to out run the polar bear, just being able to out run at least one of your companions.

Then again, I still shop at Target....

Yes your right but I still think their other way to get in the room not easy but might be better then cloning RFID.

 

[Cyrano]

A magic band is a magic band as far as I am concerned.
I would not have pimped up my park entrance ticket or room key so will be treating the bands similarly as a functional commodity to access park, room, FP+ etc . Not getting the excitement with jibitz, band colours/designs

Once home from a WDW trip it will most likely hibernate at the back of a drawer or suitcase ready for the next trip.

 

[disney david]

I see this as a concern about the security of the MMP+ technology than about Disney spying. But I might not be understanding the concerns.

I share the security concerns - which is why I have an AP that is not used for charging privileges anywhere. If someone replicates the RFID chip signal in my AP, they get access to WDW (until May) but they won't be using it to buy Dole Whips.

Now I don't mean to be alarmist (especially not after using the word "hyperbole"). I suspect there are some practical issues with replicating or counterfeiting a magic band or RFID chip and being able to successfully use it at WDW.

You have an ap that can be used to charge is it a corporate ap my ap can't be used to charge. It can only be used for park admission.

 

[*NikkiBell*]

You have an ap that can be used to charge is it a corporate ap my ap can't be used to charge. It can only be used for park admission.

Not sure if I'm misreading or not, but are you saying that your AP can't be used for charging privileges? I have one linked to my MB and can charge with it.

 

[disney david]

Not sure if I'm misreading or not, but are you saying that your AP can't be used for charging privileges? I have one linked to my MB and can charge with it.

If ap is annual pass then no if I am misreading what ap is the. Sorry. I can charge with the magic band if I have a credit card linked to my resort reservation that get charged back to my room.

 

[AndyPok1]

i am waiting for the first resort room thefts.

Is it possible? Sure. Do I expect an outbreak? No more than the yearly or so story of a rogue front-desk cast member using a skimmer.

You know much more about RF technology than I do, but the ID that opens door locks only works in short distances because it needs a power source, correct? So basically wouldn't you have to follow someone out of their room, have a device in your pocket/bag/etc, get close enough to their wrist to touch it, then go back and clone it, then actually go steal from them?

Sure its entirely possible, and will probably happen at some point. But I can't foresee a rash of it.

 

[k5jm]

Is it possible? Sure. Do I expect an outbreak? No more than the yearly or so story of a rogue front-desk cast member using a skimmer.

You know much more about RF technology than I do, but the ID that opens door locks only works in short distances because it needs a power source, correct? So basically wouldn't you have to follow someone out of their room, have a device in your pocket/bag/etc, get close enough to their wrist to touch it, then go back and clone it, then actually go steal from them?

Sure its entirely possible, and will probably happen at some point. But I can't foresee a rash of it.

Just waiting for the first one.

A higher gain antenna can be used to activate an RFID tags from further distances. a 21db yagi should have enough forward radiation to activate a tag a good distance way. (roughly 20 to 30 ft of free space).

 

[Cinderella's slipper]

For those of us who are offsite guests - MB and fp+ are all just tales at this point. I understand that fp+ will be offered to all guests in AK shortly - yet that leaves offsite guests with whatever fp+ times and selections are left after onsite guests have made their choices. I'm not sure how many days tickets I want to buy at Disney, if I will be stuck in stand by lines or left with the dregs of leftovers after onsite guests have made their selections. At least with FP, if you were willing to get to the park early, you had a shot of getting fps for some of the best rides.

What is that you say? I think I hear the darkside calling me. I'm a thrifty New Englander who would pay extra for my ticket to have access from home to fp+ in the rare event (like my upcoming trip) that I am staying offsite.

 

[doconeill]

I understand that fp+ will be offered to all guests in AK shortly...

They already do, for the past couple weeks.

And I'm still in the camp that offsite guests WILL get advanced access, but its not ready yet. They are still working out a lot of kinks.

As for the security, yes, even with a large enough antenna/field (Mike, how big would that antenna and power source need to be?) someone could skim the passive RFID at a distance. But as mentioned, what could they do? If they try for park entrance, they need to give the biometric scan as well, or an ID, which can be matched to the AP. They can't make a purchase as those are all PIN-protected. They could perhaps mess with your FP+ selections at a kiosk and use them.

As for getting in a room, they'd need to know which resort, and which room. Either they need to tail you, or need to guess. If they went around trying to use it on every room, I would expect security alerts to be raised (not that I know the system does that, but if I designed it it would).

Also, I recall that there are in fact TWO passive RFID chips operating at different frequencies. They may carry two different IDs. I'd expect most would need to match. Would a distance skimmer device need to be bigger/different to scan both?

 

[k5jm]

Brian, I think you would need 1 watt ERP to get a good read at 20 feet. The doors to the rooms only need 1 of the RFID's out of the two. If you are within the 20 ft to skim the ID then you have probably followed the victim to a room at a resort. This is all speculation, but, these are the scenarios I get to deal with on a daily basis.

 

[doconeill]

Brian, I think you would need 1 watt ERP to get a good read at 20 feet. The doors to the rooms only need 1 of the RFID's out of the two. If you are within the 20 ft to skim the ID then you have probably followed the victim to a room at a resort. This is all speculation, but, these are the scenarios I get to deal with on a daily basis.

Yeah, I didn't think that if their target is to get in a room, they'd do it at the resort. Wondering about the bulkiness of the skimmer required and how suspicious-looking it would be.

 

[k5jm]

Yeah, I didn't think that if their target is to get in a room, they'd do it at the resort. Wondering about the bulkiness of the skimmer required and how suspicious-looking it would be.

Not very big. About the size of an Arduino or Raspberry Pi, plus the usb reader interface/clone emitter.

This one shows to be about the same size as a KTTW card.

 

[doconeill]

Not very big. About the size of an Arduino or Raspberry Pi, plus the usb reader interface/clone emitter.

This one shows to be about the same size as a KTTW card.

Hmm...I've got a few Raspberry Pis here...maybe I should build one

Or better yet, an anti-skimmer - a "Scamma Jamma" so to speak