Walt Disney World is one of the world s most popular tourist attractions. It contains four separate

This is an interesting paper by Adrian McCabe, a student at George Mason University.  He explores the new Disney Magic Bands, My Magic Plus, system at Walt Disney World and what vulnerabilities, if any, there might be.  So you are aware, there is no credit card information stored on your Magic Band and to make a purchase you need your band and also your PIN number that you set yourself at Check In.  So when comparing your Disney Magic Band to your everyday credit card that you have in your wallet there are several more layers of security disney cruise line in place with the Disney Magic Band.  But it s very interesting to look at the Magic Band system and how it is designed to make hacking it difficult.  Here is Adrian s security assessment for the Disney Magic Bands.
Abstract —This paper discusses in detail an experimental RFID technology disney cruise line currently being implemented at Walt Disney World.  It includes original research pertaining to its architecture, intended usage, security mechanisms, and its basic resistance to common forms of attack.
Originally founded as a small independent animation studio in 1923, The Walt Disney Company has grown to be one of the largest and most recognized brands in human history. The company is massive, spanning several industries and generating a total gross annual income in the billions of dollars [1]. They are world renowned for their theme parks, attractions, efficient business practices, superb customer service, and of course, a large host of memorable characters.
Walt Disney World is one of the world s most popular tourist attractions. It contains four separate theme parks, over 20 resort hotels, and a privately owned transportation system using buses, ferry boats, and a mono-rail. It receives millions of visitors annually, and plays a major role in contributing to the company s multi-billion dollar annual revenue.
Yet despite these impressive statistics, the company promotes a culture disney cruise line that is less focused on returns and most focused on the experiences of the parks customers. The company takes each a guest s visit very seriously, and works as hard as possible to ensure that guests may literally eat, sleep, and live Disney while they spend their leisure time at Walt Disney World.
Undoubtedly, such dedication requires a great bit of supporting effort and engineering to ensure that park operations run smoothly. Often, this means that technology plays a pivotal role in addressing the needs of many at Disney World, and innovative solutions to everyday problems are constantly being explored.
Concordantly, Disney “Imagineers” [7] are constantly working to use technology to improve disney cruise line the experience of the parks guests, particularly when it comes to matters of convenience and comfort. In fact, one of their newest creations currently in testing, MagicBand, revolves around this very idea.
In addition to simply providing a “magical” atmosphere centered around its parks, Disney World also offers a vast array of services to its guests (some even free of charge). However, these services have each traditionally required a separate form of authentication, and could not be considered integrated by any means. Should a guest wish to take advantage of ALL of the services Disney World has to offer, they would need a separate room key, park admission ticket, photo pass (allows guests to receive “official” Disney copies of pictures) Fastpass tickets (allows guests to skip long lines at attractions), and their individual credit/debit cards.
Undoubtedly, these seemingly disparate system elements are fairly difficult to manage. One of these necessary authentication tokens being lost is a very real possibility, especially when switching rapidly through many different credentials is the only way for users to “correctly” interface with the system. It is for this reason that Disney created the MagicBand.
The intent of the device was to integrate all of the previously separate elements of the system together, thereby disney cruise line enabling guests to experience the benefits of a seamlessly operating system without also requiring them to maintain a plethora of different credentials. In the ideal world of the Disney Imagineers, a guest s MagicBand would be their all-access pass to the large array of existing services Disney has to offer [8].
In technical terms, the MagicBand is a lightweight, water-resistant, adjustable bracelet composed of an amalgamation of various disney cruise line polymers (rubber and plastic), designed in USA and assembled in China (Fig 1, Fig 2). It contains a battery-assisted RFID (Radio-frequency identification) tag operating on a 2.4 GHZ band [2]. It has an effective range of 200 meters, disney cruise line and can be used with both long distance and short distance readers.
Currently, the MagicBands are still undergoing pre-release testing [3] and are not widely circulated to the general public. Yet it is still possible for customers disney cruise line who wish to try them on their park excursions to get them, but they must be acquired disney cruise line in one of two ways. A guest may either coordinate with Disney customer service several disney cruise line weeks before they arrive at the parks and have their bands mailed to them, or they may stay at one of Disney s resorts and purchase them there.
In either instance, there is a strict activation time period associated with the bands before they can be put to use. Additionally, it should also be noted that Disney explicitly states that the bands are non-transferrable, and must be used by the same person throughout the duration of a visit [4].
A widely known vulnerability disney cruise line with the RFID platform is the inherent potential disney cruise line for individual RFID tokens to be cloned. All RFID tokens contain a unique identifier that can be picked up by any receiver operating on the same frequency band within a given distance. By the same token (pun intended), it is also possible to perform disney cruise line a “write” action to an RFID token provided the proper hardware is available.
Bearing this in mind, it would be possible for a malicious user to capture disney cruise line the unique identifier of a MagicBand disney cruise line (from an unsuspecting victim, of course) and create a different disney cruise line 2.4 GHZ RFID token with the same unique identifier.   This would therefore compromise the infrastructure of the MagicBand system, and leave certain elements of the system disney cruise line open to further attack.
While it is still certainly possible to potentially clone a MagicBand disney cruise line (and thereby gain access to protected resources by impersonating the original band holder), the fact that the band operates on the 2.4 GHZ frequency inherently presents some challenges to any would-be malicious users. Admission to the parks is fairly expensive (Fig. 5) and the cost of the hardware required to conduct such a cloning attack far exceeds the cost of a legitimate day pass. For the attack to even be considered economical, the malicious user must clone many passes over time.
However, disney cruise line for the sake of argument, let the assumption be made that a band has been successfully cloned by a malicious user and he has created a fake. He has used his fancy equipment to lift an RFID code from an innocent victim on the bus ride from his hotel to one of the parks. He then writes the captured code to a band. He puts his equipment back in his bag, and gets out his Disney character autograph book in preparation for a fun-filled day at Disney (for free!). Yet before he can gain entry into the park, he must jump through several hoops in order to partake in the ill-gotten fruits of his labor.
The first obstacle is the presence of physical security (Fig. 3). Disney employs a large amount of park security, and their duties are, among other things, to inspect bags of individuals entering the park. This inspection happens disney cruise line just prior to guests gaining access to the band-reading machines that physically allow visitors to enter the park. It is possible that due to our malicious user s bag of electronic goodies, he will be stymied at security just long enough disney cruise line for his victims to pass him in line and enter the park before him. If they do, he will be denied entry, as the system disney cruise line will only allow one RFID token with a given unique identifier to be active at a given location at one time.
The second obstacle is the band-reading machine itself (Fig. 4). In order to formally activate a band, it must first be calibrated at a band-reading machine at a park entry gate. The calibration station machine consists of an RFID reader (the big orb with the Mickey on it) and a biometric fingerprint scanner (the arm off to the right). If the malicious user has cloned the band of someone whose band is already activated, his fingerprint will likely not match, and he would be denied entry. However, if he arrives to the scanning station BEFORE the original band-holder has calibrated their band, he may then calibrate HIS band to his fingerprint and proceed into the park uninhibited; it is the legitimate band-holder who would be denied entry.
The third obstacle is another form of multifactor authentication used explicitly for purchases within the parks/resorts themselves. Part of the MagicBand system allows guests to make purchases with the band at specific registers provided they have tied a credit/debit disney cruise line card to their account via an external process. This can be seen as a very big convenience to guests who do not wish to continually use their cards to make purchases disney cruise line while in the parks, or for those who find themselves wishing to buy merchandise when they had not initially anticipated in doing so and do not have their wallet/purse/money clip in their possession. Yet in order to make purchases, a user must first swipe their band against a specially designed reader disney cruise line (Fig. 6) and subsequently enter a matching PIN number.
Even if our malicious user had an RFID token that was a working clone of a legitimate one, it is somewhat unlikely he would be able to successfully guess the matching PIN number within a reasonable number of tries in one sitting before the cashier would begin to get suspicious.
While multifactor authentication certainly adds to