back to article Don't put that duffel bag full of cash in the hotel room safe

Hotel safes are far less secure than guests are led to believe. Widespread use of default codes and other issues mean that it is relatively easy for criminals to get at hotel guests' valuables, security firm G DATA warns. The input panel, in front of the safe, to enter the PIN code or swipe a card through the credit card …

  1. Timmay

    Taking you to the cleaners

    I don't think anyone's ever thought it sensible to entrust hotel provided safes with their priceless family jewels, but unless the cleaner also dabbles in locksmithing and/or hacking electronics, they're probably still fine for keeping housekeeping's opportunist mitts off my passport and a paltry bit of foreign shrapnel.

    1. Captain Scarlet Silver badge

      Re: Taking you to the cleaners

      Ah you have not seen Murder She Wrote or Columbo then, always feels like the crown jewels are nicked from them whenever one is present.

      1. ben edwards

        Re: Taking you to the cleaners

        Those are from the hotel's main safe, hidden securely behind the front desk where nobody would ever see it except when being loaded.

  2. ZSn

    Fertle

    This has always been the case. These locks are just a deterent, and won't stand up to any serious attempt at hacking. But what people fail to realise is that it is true of *any* safe. They not unconditionally secure, but usually a reasonable time that a determined attacker will take to open them is quoted (and unless you spend a *lot* it's only in the hours range).

    It also reminds me of a trip to the former communist countries, a colleague had his room burgled while he slept in it. After that I took to wearing a moneybelt containing my passport and cards while asleep in bed. If I lost that at least I would have got a cheap thrill. This was the same country that someone stole a railway line from (they only noticed when the train had to stop because there were no tracks in front of it anymore).

    1. JimmyPage Silver badge
      Stop

      Doesn't need to be Russia

      last year there was a story that a bunch of thieves stole an entire Liverpool pavement.

      linky

    2. Stretch

      Re: Fertle

      "But what people fail to realise is that it is true of *any* safe"

      This is true of all locks, alarms systems and indeed all security up to and including Quantum Keys based methods.

  3. Aggrajag

    A chain is only as strong as the weakest link... one hotel I stopped in had the safes bolted to the wardrobe. I only noticed this when I went to look in a companions room complete with smashed up wardrobe and absent safe.

    1. aui

      Too true

      The last hotel I was in had the safe secured to a 15mm shelf by a couple screws at the back. You could lift the whole thing up at the front and lever it off the chipboard quite easily if you wanted to.

  4. Crisp

    You were only supposed to blow the bloody doors off!

    Safe cracking has come a long way since the 60's.

  5. NogginTheNog

    Using the safe

    I don't always use them when staying in hotels that have them fitted, but when I have I've done so not so much because I feel them particularly secure but because I figure you may be opening yourself up to your insurance provider saying "Sorry you weren't covered" if you had something stolen and hadn't used the safe?

    1. John Tserkezis

      Re: Using the safe

      "Sorry you weren't covered if you had something stolen and hadn't used the safe?"

      Read the fine print again, you usually aren't covered even if you DO use the safe - in room or otherwise...

      1. Stretch

        Re: you usually aren't covered

        I see you have experienced insurance before.

  6. Nigel Cro

    Nothing New Here

    This is old, old news.

    Adam Laurie has been challenging himself to break hotel safes in under a minute for many years.

  7. Billa Bong

    Simple social engineering would break both the door and the safe

    I stayed in a hotel where the mag card were so poor quality I pretty much daily had to get it recoded, requiring only my name and the room number. I once forgot what code I'd used for the safe and asked reception to open it, requiring only my name and room number... I never use the safe now - what would be the point?

    1. I ain't Spartacus Gold badge

      Re: Simple social engineering would break both the door and the safe

      A confident manner is all you need. 2 stories from my last company illustrate:

      1. Someone walked into one of the branches. Overalls and clipboard. "Sign here please". Put £10,000 of copiers onto dolly, and wheeled them out to his van. Byeee. Wonder how much he got for them down the pub?

      2. Chap walks into head office. Finds a nice side office with 3 people in. "I've lost my contact lens, can you help me find it?" Gets them all into the gents looking, then he remembers it might have fallen out in the car. Pops out, nicks their wallets, then to allay suspicion pops back into the gents, "Sorry chaps, it was in the car, thanks for all your help." Leaves. The credit card company spotted the odd transaction, and phoned one of the guys to check it, which was the first time they noticed.

      As you say, I've never had trouble getting into a hotel room. At one family occasion my brother managed to go to the desk and get a duplicate key to someone else's room. Even though we'd all booked and paid separately. And the one time I've had to ask to be let back into my room, no questions were asked but the number.

  8. Anonymous Coward
    Anonymous Coward

    Well there is flaw right there....

    "....after unscrewing a plate on the front of the safe......"

    Bit like putting screws for the padlock latch on the outside.

    1. Velv
      Headmaster

      Re: Well there is flaw right there....

      I think you missed the point.

      A bypass needs to be available so the hotel can access the safe when the guest forgets the code or the batteries fail.

      Makes sense to put the emergency access BEHIND a screwed panel to increase the attack time required. You still need the emergency key to actually open the safe.

      "Bit like putting screws for the padlock latch on the outside but covering them with thick paint that clogs the slot"

    2. tony2heads

      Re: Well there is flaw right there....

      Yes, but what about using one-way screws? They are common enough around here and, as long as they are counter sunk and used with some Locktite or similar adhesive, are truly hard to remove. You are reduced to drilling them out. That might get the attention of security staff

  9. Ben Hodson

    My fave, a couple of guys followed delivery vans. When they noticed high value boxes delivered (Dell, HP etc). They simply waited 5 minutes and rocked up to the good in dept. and said that the delivery had been made in error and that their delivery was on the next lorry in about 20 minutes.

    A signature and receipt and they took the boxes away - simple !

    I still reckon that a tool box, overalls and confidence will get you past 90% of security.

    1. Anonymous Coward
      Anonymous Coward

      When pen testing, don't forget the physical

      "I still reckon that a tool box, overalls and confidence will get you past 90% of security."

      Especially when they come with the job and security lets you in. Staff may be checked and supervised, are the cleaners? One corporate datacenter. "Only 3 members of staff have access to this room". Quick check of their access control system finds +2 contract cleaner passes. Apologies to the IT guys in that site who ended up with additional cleaning duties after that one.

    2. I ain't Spartacus Gold badge
      Happy

      I still reckon that a tool box, overalls and confidence will get you past 90% of security.

      A friend of mine did this. He's a furniture designer, but was meeting a client at his office. In one of GEC Marconi's buildings doing defence work. He coudn't be arsed to go through the long security checks this time, so he removed his suit jacket, rolled up his sleeves and waltzed past security and reception carrying a rolled-up newspaper, his lunchbox and a pad of paper. He got in unchallenged of course.

      I presume the KGB weren't equipped with lunch boxes at the time, thus our national security was safe.

      Rather like our planes are safe from the hijack danger of the metal cutlery that 1st class passengers are given onboard. This is because Al Qaeda HR policy is that people have to fly economy, on pain of a disciplinary interview...

      1. the spectacularly refined chap

        Rather like our planes are safe from the hijack danger of the metal cutlery that 1st class passengers are given onboard. This is because Al Qaeda HR policy is that people have to fly economy, on pain of a disciplinary interview...

        Nope, plastic cutlery even in first. It was one of the things people commented on when Concorde scheduled services resumed following its crash - 9/11 happened while it was out. It had been solid silver stuff prior to that.

        1. Glenturret Single Malt

          Emirates economy class hands out metal cutlery.

        2. jgarbo
          Devil

          Plastic cutlery...

          If you can cut a steak with a plastic knife, you can also cut a throat. Basic martial arts training. Want to know what a ball point pen can do? So where's the security?

  10. Crazy Operations Guy

    This is why you pay your employees well

    It baffles me at how many companies I've been to that have very paranoid levels of security put in place, yet they pay their security guards, janitors/maintenance staff and help desk workers crap wages. In my career as a security consultant, I've seen so many thefts of data by rival companies paying-off low-paid employees.

    In one case a security guard and a help desk drone got paid at least a couple hundred thousands dollars each by a foreign company to steal some chemical formulas from my client. Since neither of them triggered any alerts, no one found out about it until after the two of them and their families were long gone. They were corrupted by the simple fact that neither of them were getting paid well enough to support a family.

    1. Fatman

      Re: This is why you pay your employees well

      ...yet they pay their security guards, janitors/maintenance staff and help desk workers crap wages.

      Jesus Christ Man!!!

      How in hell do you expect to fund the senior executive bonus pool????

      You must cut costs somewhere!!!!!

  11. Scott Broukell
    Meh

    Wheel barrows

    So this fella used to work in a wheel barrow factory and would often leave of an evening pushing a brand new wheel barrow with a sack draped over it. The chaps on the gate would lift up the sacking and look underneath, whereupon, seeing there wasn't anything in it, they would wave him through the factory gates with a smile.

    1. moonface

      Re: Wheel barrows

      Don't tell me the same fella smuggled Donkeys!

    2. Down not across

      Re: Wheel barrows

      The sack is brilliant. Disguises the obvious :-)

    3. Anonymous Coward
      Anonymous Coward

      Re: Wheel barrows

      Even more bizarre, I was told this by an old boy that I used to rent a room from many moons ago. A friend of his worked in a meat packing plant and managed to smuggle an entire pig out of the plant by putting a wax cotton jacket and trousers on it, a motorcycle helmet and goggles and strapping it to his back and riding out past security on his motorbike, with the pig as pillion. Admittedly he chose a dark, wet winter's night to do this but even so. A bit tricky to claim it was a mistake if caught!

  12. Eclectic Man Silver badge

    Physical Acces Control Systems are affected too

    I did some consultancy for the Probation Service in England. I visited a Probation Office which used a PIN entry system for securing teh doors between the insecure offender area and the secure office area. Each member of staff had a PIN used to gain acess.

    One day an offender was found in the office area unescorted. When aske how he got there he said he had been 'playing' wiht the PIN pad and the door had just opened. The PIN he said he used worked, but was not one issued by the Probatin Office to its staff. neither could the Probation Office delete it. It turned out to be the manufacturer's hard-coded access PIN to be used in case a customer got locked out. It took a bespoke software patch to fix it.

    So now I advise clients to get a letter signed yb the supplier to the effect that there are no means of acess of which the customer is not aware, and in particular no hard coded PINs or master pass cards (for RFI enabled locks).

    (The offender was not a violent one, forunately, but had lots of time to do a key search attack, something else to think about.)

    1. David Neil

      Re: Physical Acces Control Systems are affected too

      Vaguely similar issue when my youngest son was in intensive care after he was born. Buzzer system to get onto the ward, with a keypad next to the door for staff - a quick look told you that the number 5 was worn down and a quick count of the number of times pressed got you onto the ward quicker than waiting for some passing staff member to answer the buzzer.

      1. Graham Marsden
        Happy

        @David Neil - Re: Physical Acces Control Systems are affected too

        My mother was in hospital recently and visitors were supposed not to be allowed into wards during meal times.

        So, due to various circumstances, I arrive late and think "bugger, they won't let me in", but, at that moment, there's an old guy having a bit of difficulty getting his wheelchair out of the lift.

        "Want a hand, mate?"

        "Sure."

        "Tell you what, I'll just push you into the ward, how about that?"

        Nurse sees person pushing patient in wheelchair, lets us in...

        (Ok, so it's not High Security, but still :-) )

    2. Flocke Kroes Silver badge

      If everyone has their own number ...

      I like to start early and get things done before people arrive and ask for help. On my last day, I had to wait for someone else to arrive because my number had already been deleted. As you would expect, he had forgotten his number because he never had to use it before. There we were with the bungler alarm screaming waiting for someone else to turn up and cancel the alarm. Just on the off-chance, I tried 1066 and the alarm turned off. Given enough people, someone will pick 1066 if they are not allowed to use 1234.

      1. Anonymous Coward
        Anonymous Coward

        Re: If everyone has their own number ...

        1066 is the default on a certain make.

      2. John Tserkezis

        Re: If everyone has their own number ...

        "I tried 1066 and the alarm turned off. Given enough people, someone will pick 1066 if they are not allowed to use 1234."

        The Battle of Hastings.

        As a guide, if your pin code is documented in a history book, it's not good enough...

        1. Unep Eurobats
          Joke

          Re: If everyone has their own number ...

          I don't think anything memorable happened in 1234. Apart from on 6 May when all the IT people got really excited.

          1. Doogs

            Re: If everyone has their own number ...

            Only if you look at the single digits.

      3. qwertyuiop
        Coat

        Re: If everyone has their own number ...

        Actually, I've done a hack on certain makes of PIN pad and managed to download ALL of the PINs! Here you are:

        0000

        0001

        0002

        0003

        0004

        0005

  13. Anonymous Coward
    Anonymous Coward

    Forget Electronic Attacks

    I had the misfortune of locking my wallet and keys into one of these style of safes where either the internally battery wasn't quite charged or the bolt motor was failing. It locked itself fine but when I put my code back in, the locking bolt did not retract. I fiddled with the controls for a while "locking" and "unlocking" it hoping it would open.

    Eventually in a hail of swearing and huffing I just yanked on the door as hard as I was able and the door thankfully popped open. I am by no measure a physically strong person so either the lock was only partially engaged or these are the least-secure safes ever made.

  14. Havoc

    Feynman

    wasn't joking...

  15. /\/\j17

    YouTube my friends

    Plenty of videos on YouTube about how to 'break' in to hotel room safes. The lock's just controlled by a sprung solinoid. Enter the correct code and the solinoid energises/pulls the in down allowing the handle to turn. After a timeout/when you close the door the solinoid de-energises and a spring pushes the pin back up to stop the handle turning.

    Hold the handle in the open direction and give the top of the door a good thump and the precusive actions usually enough to drop the pin down against the spring enough to release the handle. See from 60sec in - http://www.youtube.com/watch?v=hcYB9ceiAiY

  16. Bod

    Removable safes

    Been in hotels where the safe could simply be lifted out of the cupboard and taken away.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon