Feeds

back to article Hotel keycard firm issues fixes after Black Hat hacker breaks locks

Hotel lockmaker Onity has developed fixes to safeguard millions of hotel keycard locks against an attack demonstrated at the Black Hat conference last month. But the most comprehensive of the two approaches involves a partial hardware replacement that will cost hotels a substantial amount of cash to apply. Mozilla software …

COMMENTS

This topic is closed for new posts.

Page:

Stop

Risk Management or Risk Avoidance?

OK, it's a vulnerability, but any lock is vulnerable and we always knew that. In the 'olden days' when we had keys attached to planks of Perspex to open hotel room doors, they were certainly just as vulnerable as today's electronic locks, but it didn't need anyone to demonstrate that and there was never a general outrage amongst hoteliers that their room locks were suddenly vulnerable, nor any demand that the manufacturers should upgrade them.

Psychologically, I may now feel less secure staying in a hotel room vulnerable to this type of e-attack (and that's maybe a problem in itself for hotels), but the fact is I don't think the real world risk impact is going to be such that multi-million $ expediture would be justified. And it's still the case that most intrusions or thefts from hotel rooms don't involve defeating a door lock.

8
4
Silver badge

@NightFox

Quite frankly I think all this news changes all that much. I mean, statistically speaking; how high are the odds that someone would be able and breach the lock as well as goes after your room?

But even so; everytime I pick a hotel I always pick one which provides a safe in which I can put some of the stuff I need to keep safe. Because you can never be sure that nothing will happen; even hotel personal can sometimes commit foul play.

Speaking of those safes btw... Even hotels which had keycard locks still provided safes with a plain old fashion key. Coincidence?

2
2
FAIL

Free Fix!!!

"The entry-level (free) fix involves supplying a physical plug that blocks access to the portable programmer port of potentially vulnerable HT series locks, coupled with the use of more-obscure Torx screws to make it more difficulties for would-be intruders to open the lock's case and access its internal systems."

I'm sorry but Torx screws are not obsure, I have them all over my mountain bike and have portable multi-tools about the size of a pack of gum with all different sizes on.

If your going into a hotel with a micro-controller to hack locks, a simple screw cover isn't going stop you.

You may aswell put a tea cosy over the lock and say that because you can't see it now it's more secure

14
1

Re: Free Fix!!!

"I'm sorry but Torx screws are not obscure"

There are security varients of Torx screws that are more obscure.

I mean, I'd have to schlep all the way out to the garage to get my security Torx drivers.

22
0
Silver badge
FAIL

Re: Free Fix!!!

Secure variants of Torx screws...

Let's face it, any professional thief who goes to the trouble of obtaining a portable door programmer and the associated software isn't going to be thwarted by a Torx screw. Or any other screw for that matter!

10
2
Bronze badge
Joke

Re: Free Fix!!!

I got my obscure security torx bits from a little electronics boutique called Maplin's. Its not like they're a big retail chain or anything.

9
0
Anonymous Coward

Re: Free Fix!!!

The thing is, if the instigator has to fiddle about dismantling the lock to get at the programming jack they're more likely to be spotted and challenged whilst doing it. If I were the hotel owner, I'd plump for the free fix and switch locks for something better the next time the hotel gets a refit.

5
0

Re: Free Fix!!!

Here's free fix, get a high backed chair, and tip it 45deg, with the top edge under the handle...

Won't stop them from opening the lock, but you'll sure as hell wake up as they try to get in..

0
1
Anonymous Coward

Re: Free Fix!!!

Free Fix ? Free screw always gets my attention, but this ? Wrong on so many levels.

2
0
Thumb Up

Re: Free Fix!!!

Surely with over 200 stores throughout the UK I'd consider Maplin a big retail chain?

0
3

Re: Free Fix!!!

"Here's free fix, get a high backed chair, and tip it 45deg, with the top edge under the handle..."

Or you could just throw the bolt. If you're in the room already, you will be the burglar's biggest problem, not the lock.

In any case, it's even easier to break into a hotel room by simply masquerading as one of the hotel's own staff. Pick up master keycard when you arrive. Burgle away to your heart's content. Job done, and no need to splash out a five-figure sum on a keycard hacking system.

5
1

Re: Free Fix!!!

Any professional thief doesn't want to spend unnecessary time in a corridor unscrewing screws - you could possibly disguise plugging a wire into a port as fumbling with your keycard, but it's hard to explain the screwdriver stuck in the bottom of the door lock to a passing hotel guest or employee

So if that cover takes the time required to open the door from 3 to 15 seconds, they'll most likely go elsewhere.

2
0
Vic
Silver badge

Re: Free Fix!!!

> if that cover takes the time required to open the door from 3 to 15 seconds, they'll most likely go elsewhere.

This is not true.

A couple of screws is no deterrent.

Vic.

0
0
Anonymous Coward

Re: Free Fix!!!

Who's to say the new firmware cooked up in a couple of weeks by these monkeys is any better? Really the crypto needs to be peer reviewed, otherwise John Q. Hotelier is in exactly the same position he was a few months ago, blindly trusting the good intentions of the manufacturer. At least the screws are guaranteed to bring the locks up to the same if not better level of security as a regular barrel lock; requiring partial disassembly to get the door open. Probably good enough for a hotel room.

0
0
Bronze badge

...data port on the underside of Onity’s locks

Squirt some glue in it, jobs a good 'un.

5
1
Anonymous Coward

Re: ...data port on the underside of Onity’s locks

Until the batteries run out - then the whole unit would have to be replaced. According to the interview I saw with the hacker at least...

1
0
Facepalm

So...

All the movies were right then when someone went to a door plugged in a device and numbers whizzed around and hey presto the code appeared.

13
0
Anonymous Coward

Time for another vendor to come in...

If I were VingCard, I would come in and undercut the Onity "premium fix" price point and put in some proper locks, just for the additional market share...

4
0
Anonymous Coward

Is this a joke?

Any lock can be hacked. Should we expect manufacturers to come and "fix" them every time someone decides to spend the time (in this case a couple of years) breaking them?

4
9
Gold badge

Re: Is this a joke?

Exactly right. These cards are mainly used to avoid the need of having multiple keys for every room. It's not for additional security really.

3
1
WTF?

I was always told

Locks are just there to keep honest people honest. If they don't fit that description, then a lock will make no difference...

10
0
Gold badge

Re: I was always told

Not every person is capable of hacking a lock, electronic or otherwise. Of course, if you can buy a device on ebay to do this then it takes the skill out of it.

Hotels generally have a safe for any valuables and if you're in the room there's usually any internal lock to prevent external access.

0
0
Silver badge
Unhappy

Free repair?

"If such a significant issue were to exist in a car, customers would likely expect a complete recall at the expense of the manufacturer."

Free fixes work for cars that cost thousands. A free fix for something that originally sold for not much more than the price of the fix would simply drive the manufacturer out of business, which is not going to get the locks fixed.

3
1
Holmes

"If such a significant issue were to exist in a car, customers would likely expect a complete recall at the expense of the manufacturer."

If you think being hacked by an arduino custom tool is dead simple, then what of a 5cm-wide strip of metal with a notch in it? What should happen if many car doors could be 'hacked' by this?

Signed, an ex tow-truck driver who used to slim-jim his car open because it was quicker than going back to the house for keys.

6
1
Bronze badge
Pirate

@Blain Harmon

"Signed, an ex tow-truck driver who used to slim-jim his car open because it was quicker than going back to the house for keys."

How did you start the car? Hot wire it?

0
0

Re: @Blain Hamon

Hotwiring is significantly more difficult than simply opening the car up. I was working for CSAA (one of the Stateside versions of the british AA) so it was always a case of keys and/or kids (and one grandmother) locked in the car, so the only bit I did was getting the car open. In terms of slim-jimming the car, that was because I was with my truck, and I just needed to get something out of the car, not drive it.

TL:DR version: The car analogy either doesn't work or works too well. What would a car mftr do if it was way too easy to get access to the inside of a car? The answer often is 'bugger all, maybe fix it in a later model'.

2
1
Bronze badge
FAIL

Re: @Blain Hamon

Er, wait. I call TROLL!!

"always a case of keys and/or kids (and one grandmother) locked in the car," but you said "MY car" on your first post...

OK, explain. Ta muchly.

1
2
Trollface

Re: @Blain Hamon

It's a fair cop. But I wasn't trolling you, I was trolling my wife back then.

I drove to work with my car, jump into the tow truck, and wait for calls. But since I lived in the coverage area, I would wait for calls, sitting in the truck at home so that I could spend time with my wife while still in earshot of the radio. We had a Ford Explorer at the time, with both of our names on the insurance and the pink slip (vehicle ownership record), but she was the primary driver, and the keys were in her purse. Keep in mind that Fords are notorious for having weak security, especially mid-90s.

Therefore, if I was outside the house waiting for a call, and she or I needed something from the Ford, I'd grab the slimjim from the tow truck (since it was right there) and use that to open the car instead of the keys in the purse hanging up in the house. It bugged her so I was trolling her a bit when I mentioned how faster and more convenient the slimjim was.

All this to impress on how weak car door (not ignition) security is, I noted that even for a car I own WITH the keys accessible (but mildly out of reach), the break-in is trivially easy enough to be on par to using the keys.

As to why I was a tow truck driver, I'm a software engineer by training, and thankfully lucked out with learning Objective C before the iPhone came out, but back in 2003 my own car broke down while I was jobhunting and jokingly asked the truck driver if they were hiring.

0
0
Bronze badge
Thumb Down

Standard door locks provided by installers on double glazed UPVC conservatory and patio doors are vulnerable to a break in with a hammer and screw driver, any teenager could do it [see youtube].Does it stop them being sold to customers NO,does it make householders throughout the UK ask for new improved locks for free NO.

Always there are compromises and weaknesses on security systems both hardware and software its the nature of the game.One side inovates a new system the other inovates a solution to get round it.

1
3
Bronze badge
Joke

In these tough economic times....

I see a possible avenue for an additional revenue steam.

"Wanna by a laptop that was just, er, given to me?"

0
0
Coat

Job opportunity -

pay dwarfs to guard the mini bars?

2
0

Re: Job opportunity -

Or dwarf bar-tenders. I think there's a clear need to expand the 'poorly stocked fridge' definition of a 'mini bar'.

0
0
Anonymous Coward

It's the cost of doing business

Every hotel that I have stayed at in the past ten years has charged more than enough to pay for updated security locks and cameras, so I don't see a need to jack room prices any higher to cover proper security. Anything less is unacceptable and should be considered negligence when the hotels know that the current systems are not properly secured.

1
0
Anonymous Coward

Low-cost solution...

"The entry-level (free) fix involves supplying a physical plug that blocks access to the portable programmer port of potentially vulnerable HT series locks, coupled with the use of more-obscure Torx screws to make it more difficulties for would-be intruders to open the lock's case and access its internal systems."

Chewing gum. Shoved in ye data port. Poke it around with pen, to make sure it's good and embedded...

2
0
Holmes

Wouldn't it be easier just to pinch a master key from a hotel maid while they're busy cleaning the room and not paying attention? You could probably even borrow one if you claimed to have lost your key and needed to get into your room.

2
0

I was about to say just this.

In fact in one hotel I stayed at the maid seemed to leave a new key in there every day -- I ended up leaving two master keys* on the bed when I left and I'd left others previously.

Must admit I tend to chance it and leave valuables in the room and haven't lost anything yet but I really think all hotels should provide a safe in every room nowadays.

*I assume, didn't check as I was there with a friend who wouldn't let me do the "Oh, shit, sorry, thought it was my room." trick.

3
0
Trollface

Someone phone up the NCIS team. They seem to be able to hack into anything within a few minutes...

1
0
Anonymous Coward

The A-Team

Can do it quicker.

0
0
Trollface

Re: The A-Team

Chuck Norris would walk right in. Screw the door!

2
0
Go

Re: The A-Team

Especially considering that the door is the strongest part of many American hotel rooms.

0
0
Anonymous Coward

Mossad

This is only of interest to the Mossad or other agencies with approved asassination programs. But mostly just the Mossad whom will now be testing it in their labs.

0
0

Re: Mossad

What, you don't think Mossad, the CIA, MI6 and every other government agency on the planet didn't already know about this?

They probably knew about it before the locks started getting installed!

1
0
Bronze badge
Facepalm

anyone

Anyone who's been on holiday to spain knows that the masterkey cards for the rooms are widely available to the local crims.

The amount that must be "lost" or simply never returned by staff that leave is astronomical.

I always treat the locks as a privacy device, to prevent people accidentally entering the wrong room, rather than a security device. I always assume anyone can enter the room at any time and keep everything valuable in the safe, and the safe locked, even when I'm in the room.

If you want to feel secure in your room, buy a couple of rubber door wedges for the door and a bike cable lock for the patio door.

1
0
FAIL

Years ago in a property I rented there was this keycode lock thing, the default manufacturers keycode was 2468y and pretty much every unit I came across in other properties/offices/public buildings opened when keying that in as no one bothered changing it after it was fitted.

I bet there are still thousands of these things out there with that keycode.

The lock itself is probably quite secure if a new keycode is used, but I suppose most people just think every one is unique from the factory.

So, yeah, never assume a lock is secure, because it probably isnt.

0
0
Silver badge

There was a proposal from one US state to require these keylock boxes for all multiple occupancy buildings (ie college dorms, condos, apartment blocks etc ) for emergency services to be able to get in.

But so that a paramedic/fire/etc arriving wouldn't need to contact a manager to get the code in an emergency - the requirement was going to be that all of them could be opened by a single master "911 key code" which every police/paramedic/fireman would know !

2
0
Facepalm

The fix is obvious. Ban Arduino's.

(Takes off politician's hat)

1
0
Bronze badge
Thumb Down

The Hotel safes are no more secure than the rooms anyway just look them up on youtube

0
0
Facepalm

What's the real risk?

I think there is still much more of a risk from the underpaid maid and / or handyman with the master card than from the geek in the next room.

This is like my wife worrying if we've locked the hotel balcony doors. Why would someone shimmy up several floors on the outside of a building when it'll be easier to nick the maids key.

If he finds an easy hack on the safes too then there is a trickier problem.

0
0
Anonymous Coward

Re: What's the real risk?

Many crims are dumb. Their crims are of opportunity. Open windows very common entry point.

0
0
Silver badge

Re: What's the real risk?

>Why would someone shimmy up several floors on the outside of a building

To deliver chocolate?

Perhaps your wife is just worrying about getting fat?

1
0

Page:

This topic is closed for new posts.