Hotel keycard firm issues fixes after Black Hat hacker breaks locks • The Register Forums

Friday 24th August 2012 15:45 GMT NightFox

Risk Management or Risk Avoidance?

OK, it's a vulnerability, but any lock is vulnerable and we always knew that. In the 'olden days' when we had keys attached to planks of Perspex to open hotel room doors, they were certainly just as vulnerable as today's electronic locks, but it didn't need anyone to demonstrate that and there was never a general outrage amongst hoteliers that their room locks were suddenly vulnerable, nor any demand that the manufacturers should upgrade them.

Psychologically, I may now feel less secure staying in a hotel room vulnerable to this type of e-attack (and that's maybe a problem in itself for hotels), but the fact is I don't think the real world risk impact is going to be such that multi-million $ expediture would be justified. And it's still the case that most intrusions or thefts from hotel rooms don't involve defeating a door lock.

8 4
1. Friday 24th August 2012 17:35 GMT Anonymous Coward
  
  @NightFox
  
  Quite frankly I think all this news changes all that much. I mean, statistically speaking; how high are the odds that someone would be able and breach the lock as well as goes after your room?
  
  But even so; everytime I pick a hotel I always pick one which provides a safe in which I can put some of the stuff I need to keep safe. Because you can never be sure that nothing will happen; even hotel personal can sometimes commit foul play.
  
  Speaking of those safes btw... Even hotels which had keycard locks still provided safes with a plain old fashion key. Coincidence?
  
  2 2
Friday 24th August 2012 16:00 GMT RainForestGuppy

Free Fix!!!

"The entry-level (free) fix involves supplying a physical plug that blocks access to the portable programmer port of potentially vulnerable HT series locks, coupled with the use of more-obscure Torx screws to make it more difficulties for would-be intruders to open the lock's case and access its internal systems."

I'm sorry but Torx screws are not obsure, I have them all over my mountain bike and have portable multi-tools about the size of a pack of gum with all different sizes on.

If your going into a hotel with a micro-controller to hack locks, a simple screw cover isn't going stop you.

You may aswell put a tea cosy over the lock and say that because you can't see it now it's more secure

14 1
1. Friday 24th August 2012 16:18 GMT Mike Flex
  
  Re: Free Fix!!!
  
  "I'm sorry but Torx screws are not obscure"
  
  There are security varients of Torx screws that are more obscure.
  
  I mean, I'd have to schlep all the way out to the garage to get my security Torx drivers.
  
  22 0
  1. Friday 24th August 2012 16:28 GMT Velv
    
    Re: Free Fix!!!
    
    Secure variants of Torx screws...
    
    Let's face it, any professional thief who goes to the trouble of obtaining a portable door programmer and the associated software isn't going to be thwarted by a Torx screw. Or any other screw for that matter!
    
    10 2
    1. Monday 27th August 2012 05:01 GMT Edwin
      
      Re: Free Fix!!!
      
      Any professional thief doesn't want to spend unnecessary time in a corridor unscrewing screws - you could possibly disguise plugging a wire into a port as fumbling with your keycard, but it's hard to explain the screwdriver stuck in the bottom of the door lock to a passing hotel guest or employee
      
      So if that cover takes the time required to open the door from 3 to 15 seconds, they'll most likely go elsewhere.
      
      2 0
      1. Tuesday 28th August 2012 09:09 GMT Vic
        
        Re: Free Fix!!!
        
        > if that cover takes the time required to open the door from 3 to 15 seconds, they'll most likely go elsewhere.
        
        This is not true.
        
        A couple of screws is no deterrent.
        
        Vic.
        
        0 0
        
        Tuesday 28th August 2012 15:36 GMT Anonymous Coward
        
        Re: Free Fix!!!
        
        Who's to say the new firmware cooked up in a couple of weeks by these monkeys is any better? Really the crypto needs to be peer reviewed, otherwise John Q. Hotelier is in exactly the same position he was a few months ago, blindly trusting the good intentions of the manufacturer. At least the screws are guaranteed to bring the locks up to the same if not better level of security as a regular barrel lock; requiring partial disassembly to get the door open. Probably good enough for a hotel room.
        
        0 0
  2. Friday 24th August 2012 16:30 GMT ElNumbre
    
    Re: Free Fix!!!
    
    I got my obscure security torx bits from a little electronics boutique called Maplin's. Its not like they're a big retail chain or anything.
    
    9 0
    1. Saturday 25th August 2012 06:23 GMT Stuart Halliday
      
      Re: Free Fix!!!
      
      Surely with over 200 stores throughout the UK I'd consider Maplin a big retail chain?
      
      0 3
  3. Friday 24th August 2012 21:44 GMT Anonymous Coward
    
    Re: Free Fix!!!
    
    Free Fix ? Free screw always gets my attention, but this ? Wrong on so many levels.
    
    2 0
2. Friday 24th August 2012 16:45 GMT Anonymous Coward
  
  Re: Free Fix!!!
  
  The thing is, if the instigator has to fiddle about dismantling the lock to get at the programming jack they're more likely to be spotted and challenged whilst doing it. If I were the hotel owner, I'd plump for the free fix and switch locks for something better the next time the hotel gets a refit.
  
  5 0
3. Friday 24th August 2012 17:24 GMT Alan Dougherty
  
  Re: Free Fix!!!
  
  Here's free fix, get a high backed chair, and tip it 45deg, with the top edge under the handle...
  
  Won't stop them from opening the lock, but you'll sure as hell wake up as they try to get in..
  
  0 1
  1. Saturday 25th August 2012 13:29 GMT Sean Timarco Baggaley
    
    Re: Free Fix!!!
    
    "Here's free fix, get a high backed chair, and tip it 45deg, with the top edge under the handle..."
    
    Or you could just throw the bolt. If you're in the room already, you will be the burglar's biggest problem, not the lock.
    
    In any case, it's even easier to break into a hotel room by simply masquerading as one of the hotel's own staff. Pick up master keycard when you arrive. Burgle away to your heart's content. Job done, and no need to splash out a five-figure sum on a keycard hacking system.
    
    5 1
Friday 24th August 2012 16:40 GMT Anonymous Coward

...data port on the underside of Onity’s locks

Squirt some glue in it, jobs a good 'un.

5 1
1. Friday 24th August 2012 23:58 GMT Anonymous Coward
  
  Re: ...data port on the underside of Onity’s locks
  
  Until the batteries run out - then the whole unit would have to be replaced. According to the interview I saw with the hacker at least...
  
  1 0
Friday 24th August 2012 16:51 GMT Tezfair

So...

All the movies were right then when someone went to a door plugged in a device and numbers whizzed around and hey presto the code appeared.

13 0
Friday 24th August 2012 16:53 GMT Anonymous Coward

Time for another vendor to come in...

If I were VingCard, I would come in and undercut the Onity "premium fix" price point and put in some proper locks, just for the additional market share...

4 0
Friday 24th August 2012 17:31 GMT Anonymous Coward

Is this a joke?

Any lock can be hacked. Should we expect manufacturers to come and "fix" them every time someone decides to spend the time (in this case a couple of years) breaking them?

4 9
1. Saturday 25th August 2012 18:52 GMT Giles Jones
  
  Re: Is this a joke?
  
  Exactly right. These cards are mainly used to avoid the need of having multiple keys for every room. It's not for additional security really.
  
  3 1
Friday 24th August 2012 18:13 GMT LordHighFixer

I was always told

Locks are just there to keep honest people honest. If they don't fit that description, then a lock will make no difference...

10 0
1. Saturday 25th August 2012 18:54 GMT Giles Jones
  
  Re: I was always told
  
  Not every person is capable of hacking a lock, electronic or otherwise. Of course, if you can buy a device on ebay to do this then it takes the skill out of it.
  
  Hotels generally have a safe for any valuables and if you're in the room there's usually any internal lock to prevent external access.
  
  0 0
Friday 24th August 2012 18:17 GMT Christoph

Free repair?

"If such a significant issue were to exist in a car, customers would likely expect a complete recall at the expense of the manufacturer."

Free fixes work for cars that cost thousands. A free fix for something that originally sold for not much more than the price of the fix would simply drive the manufacturer out of business, which is not going to get the locks fixed.

3 1
Friday 24th August 2012 18:52 GMT Blain Hamon

"If such a significant issue were to exist in a car, customers would likely expect a complete recall at the expense of the manufacturer."

If you think being hacked by an arduino custom tool is dead simple, then what of a 5cm-wide strip of metal with a notch in it? What should happen if many car doors could be 'hacked' by this?

Signed, an ex tow-truck driver who used to slim-jim his car open because it was quicker than going back to the house for keys.

6 1
1. Friday 24th August 2012 19:11 GMT Rick Giles
  
  @Blain Harmon
  
  "Signed, an ex tow-truck driver who used to slim-jim his car open because it was quicker than going back to the house for keys."
  
  How did you start the car? Hot wire it?
  
  0 0
  1. Saturday 25th August 2012 00:00 GMT Blain Hamon
    
    Re: @Blain Hamon
    
    Hotwiring is significantly more difficult than simply opening the car up. I was working for CSAA (one of the Stateside versions of the british AA) so it was always a case of keys and/or kids (and one grandmother) locked in the car, so the only bit I did was getting the car open. In terms of slim-jimming the car, that was because I was with my truck, and I just needed to get something out of the car, not drive it.
    
    TL:DR version: The car analogy either doesn't work or works too well. What would a car mftr do if it was way too easy to get access to the inside of a car? The answer often is 'bugger all, maybe fix it in a later model'.
    
    2 1
    1. Saturday 25th August 2012 21:05 GMT Andus McCoatover
      
      Re: @Blain Hamon
      
      Er, wait. I call TROLL!!
      
      "always a case of keys and/or kids (and one grandmother) locked in the car," but you said "MY car" on your first post...
      
      OK, explain. Ta muchly.
      
      1 2
      1. Monday 27th August 2012 23:10 GMT Blain Hamon
        
        Re: @Blain Hamon
        
        It's a fair cop. But I wasn't trolling you, I was trolling my wife back then.
        
        I drove to work with my car, jump into the tow truck, and wait for calls. But since I lived in the coverage area, I would wait for calls, sitting in the truck at home so that I could spend time with my wife while still in earshot of the radio. We had a Ford Explorer at the time, with both of our names on the insurance and the pink slip (vehicle ownership record), but she was the primary driver, and the keys were in her purse. Keep in mind that Fords are notorious for having weak security, especially mid-90s.
        
        Therefore, if I was outside the house waiting for a call, and she or I needed something from the Ford, I'd grab the slimjim from the tow truck (since it was right there) and use that to open the car instead of the keys in the purse hanging up in the house. It bugged her so I was trolling her a bit when I mentioned how faster and more convenient the slimjim was.
        
        All this to impress on how weak car door (not ignition) security is, I noted that even for a car I own WITH the keys accessible (but mildly out of reach), the break-in is trivially easy enough to be on par to using the keys.
        
        As to why I was a tow truck driver, I'm a software engineer by training, and thankfully lucked out with learning Objective C before the iPhone came out, but back in 2003 my own car broke down while I was jobhunting and jokingly asked the truck driver if they were hiring.
        
        0 0
Friday 24th August 2012 19:07 GMT Arachnoid

Standard door locks provided by installers on double glazed UPVC conservatory and patio doors are vulnerable to a break in with a hammer and screw driver, any teenager could do it [see youtube].Does it stop them being sold to customers NO,does it make householders throughout the UK ask for new improved locks for free NO.

Always there are compromises and weaknesses on security systems both hardware and software its the nature of the game.One side inovates a new system the other inovates a solution to get round it.

1 3
Friday 24th August 2012 19:09 GMT Rick Giles

In these tough economic times....

I see a possible avenue for an additional revenue steam.

"Wanna by a laptop that was just, er, given to me?"

0 0
Friday 24th August 2012 19:22 GMT Mr Young

Job opportunity -

pay dwarfs to guard the mini bars?

2 0
1. Monday 27th August 2012 20:38 GMT durandal
  
  Re: Job opportunity -
  
  Or dwarf bar-tenders. I think there's a clear need to expand the 'poorly stocked fridge' definition of a 'mini bar'.
  
  0 0
Friday 24th August 2012 20:02 GMT Anonymous Coward

It's the cost of doing business

Every hotel that I have stayed at in the past ten years has charged more than enough to pay for updated security locks and cameras, so I don't see a need to jack room prices any higher to cover proper security. Anything less is unacceptable and should be considered negligence when the hotels know that the current systems are not properly secured.

1 0
Friday 24th August 2012 20:03 GMT Anonymous Coward

Low-cost solution...

"The entry-level (free) fix involves supplying a physical plug that blocks access to the portable programmer port of potentially vulnerable HT series locks, coupled with the use of more-obscure Torx screws to make it more difficulties for would-be intruders to open the lock's case and access its internal systems."

Chewing gum. Shoved in ye data port. Poke it around with pen, to make sure it's good and embedded...

2 0
Friday 24th August 2012 20:36 GMT mhoulden

Wouldn't it be easier just to pinch a master key from a hotel maid while they're busy cleaning the room and not paying attention? You could probably even borrow one if you claimed to have lost your key and needed to get into your room.

2 0
1. Friday 24th August 2012 20:49 GMT Cameron Colley
  
  I was about to say just this.
  
  In fact in one hotel I stayed at the maid seemed to leave a new key in there every day -- I ended up leaving two master keys* on the bed when I left and I'd left others previously.
  
  Must admit I tend to chance it and leave valuables in the room and haven't lost anything yet but I really think all hotels should provide a safe in every room nowadays.
  
  *I assume, didn't check as I was there with a friend who wouldn't let me do the "Oh, shit, sorry, thought it was my room." trick.
  
  3 0
Saturday 25th August 2012 06:25 GMT Stuart Halliday

Someone phone up the NCIS team. They seem to be able to hack into anything within a few minutes...

1 0
1. Saturday 25th August 2012 08:54 GMT Anonymous Coward
  
  The A-Team
  
  Can do it quicker.
  
  0 0
  1. Monday 27th August 2012 01:36 GMT Martin Huizing
    
    Re: The A-Team
    
    Chuck Norris would walk right in. Screw the door!
    
    2 0
    1. Monday 27th August 2012 10:21 GMT Edwin
      
      Re: The A-Team
      
      Especially considering that the door is the strongest part of many American hotel rooms.
      
      0 0
Saturday 25th August 2012 08:53 GMT Anonymous Coward

Mossad

This is only of interest to the Mossad or other agencies with approved asassination programs. But mostly just the Mossad whom will now be testing it in their labs.

0 0
1. Sunday 26th August 2012 07:49 GMT DRendar
  
  Re: Mossad
  
  What, you don't think Mossad, the CIA, MI6 and every other government agency on the planet didn't already know about this?
  
  They probably knew about it before the locks started getting installed!
  
  1 0
This post has been deleted by its author
Saturday 25th August 2012 23:45 GMT mickey mouse the fith

Years ago in a property I rented there was this keycode lock thing, the default manufacturers keycode was 2468y and pretty much every unit I came across in other properties/offices/public buildings opened when keying that in as no one bothered changing it after it was fitted.

I bet there are still thousands of these things out there with that keycode.

The lock itself is probably quite secure if a new keycode is used, but I suppose most people just think every one is unique from the factory.

So, yeah, never assume a lock is secure, because it probably isnt.

0 0
1. Sunday 26th August 2012 15:16 GMT Yet Another Anonymous coward
  
  There was a proposal from one US state to require these keylock boxes for all multiple occupancy buildings (ie college dorms, condos, apartment blocks etc ) for emergency services to be able to get in.
  
  But so that a paramedic/fire/etc arriving wouldn't need to contact a manager to get the code in an emergency - the requirement was going to be that all of them could be opened by a single master "911 key code" which every police/paramedic/fireman would know !
  
  2 0
Monday 27th August 2012 03:54 GMT Drew 11

The fix is obvious. Ban Arduino's.

(Takes off politician's hat)

1 0
Monday 27th August 2012 11:07 GMT Arachnoid

The Hotel safes are no more secure than the rooms anyway just look them up on youtube

0 0
Monday 27th August 2012 14:21 GMT 0laf

What's the real risk?

I think there is still much more of a risk from the underpaid maid and / or handyman with the master card than from the geek in the next room.

This is like my wife worrying if we've locked the hotel balcony doors. Why would someone shimmy up several floors on the outside of a building when it'll be easier to nick the maids key.

If he finds an easy hack on the safes too then there is a trickier problem.

0 0
1. Monday 27th August 2012 16:43 GMT Anonymous Coward
  
  Re: What's the real risk?
  
  Many crims are dumb. Their crims are of opportunity. Open windows very common entry point.
  
  0 0
2. Monday 27th August 2012 22:34 GMT Yet Another Anonymous coward
  
  Re: What's the real risk?
  
  >Why would someone shimmy up several floors on the outside of a building
  
  To deliver chocolate?
  
  Perhaps your wife is just worrying about getting fat?
  
  1 0
Monday 27th August 2012 19:53 GMT cortland

And what's this about providing the hack to OTHER governments? Don't we have enough problems with our own?

0 0
Tuesday 28th August 2012 09:53 GMT mark 63

"the use of more-obscure Torx screws"

not torx screw! run away we're screwed!

0 0

Topics

Special Features

Vendor Voice

Resources

COMMENTS

Risk Management or Risk Avoidance?

@NightFox

Free Fix!!!

Re: Free Fix!!!

Re: Free Fix!!!

Re: Free Fix!!!

Re: Free Fix!!!

Re: Free Fix!!!

Re: Free Fix!!!

Re: Free Fix!!!

Re: Free Fix!!!

Re: Free Fix!!!

Re: Free Fix!!!

Re: Free Fix!!!

...data port on the underside of Onity’s locks

Re: ...data port on the underside of Onity’s locks

So...

Time for another vendor to come in...

Is this a joke?

Re: Is this a joke?

I was always told

Re: I was always told

Free repair?

@Blain Harmon

Re: @Blain Hamon

Re: @Blain Hamon

Re: @Blain Hamon

In these tough economic times....

Job opportunity -

Re: Job opportunity -

It's the cost of doing business

Low-cost solution...

I was about to say just this.

The A-Team

Re: The A-Team

Re: The A-Team

Mossad

Re: Mossad

What's the real risk?

Re: What's the real risk?

Re: What's the real risk?

About Us

Our Websites

Your Privacy