Tag Archives: Electronic Lock Systems

Hospitality Industry Security Update: “Hotel Security for the Traveler”

“…There are three questions to ask for selecting a secure hotel: Are there electronic door locks? Is there good key control? And is there a fire alarm and water sprinkler system? Image Generally, the only way to find this out is calling the hotel directly. The number one security issue is controlling who has access to a guest’s hotel room…

The sad truth is that criminals target travelers, especially in and around hotels. The abundance of literature on the topic of hotel security does not seem to have deterred criminals from using hotels as a target of their trade. An informal survey of hotel security staff reveals old patterns of crime repeated and new tricks (or new variations of old tricks) continue as before. There are, however, some practices which can reduce your risk of being the target of crime or other hazards in a hotel.

For more: http://businessdayonline.com/2014/04/hotel-security-for-the-traveler/#.U0v56q1dXnw

Comments Off on Hospitality Industry Security Update: “Hotel Security for the Traveler”

Filed under Crime, Guest Issues, Hotel Industry, Management And Ownership, Risk Management

Hospitality Industry Security Risks: Thirty Arizona Hotels Burglarized By “Electronic Door Hackers” Using Portable Programming Devices; TV’s, Laptops And Credit Cards Stolen

“…Surveillance video showed the suspects, both white males in their 20s, entering the hotel and then leaving with the victim’s suitcases… some Onity Electronic Lock30 local hotels — probably more — have been targeted by hotel hackers. Investigators believe there are more suspects than those caught on surveillance video…hotel hacking is not just a local problem. Because the technology used to open the electronic locks is so easy to obtain and use, hotel hacking is growing issue nationwide…”

A man and a woman have been burglarizing hotel and motel rooms in the Easy Valley and now Silent Witness is offering a reward for information about them. According to Silent Witness, the pair, dubbed “Hotel Hackers,” used portable programming devices to get into the rooms at various locations in Mesa, Tempe, Scottsdale and possibly Avondale. It’s not clear how many locations the pair has hit, but Silent Witness said the crime spree started on Feb. 25.

The suspects have stolen TVs, bedding, laptop computers and guests’ personal belongings, including credit cards.

Silent Witness released surveillance video (above) and photos of the pair, both of which were taken at a Walmart store where the suspects used a stolen credit card.

For more: http://www.azfamily.com/news/Hotel-Hackers-behind-burglaries-at-hotels-motels-in-East-Valley-207552391.html

Comments Off on Hospitality Industry Security Risks: Thirty Arizona Hotels Burglarized By “Electronic Door Hackers” Using Portable Programming Devices; TV’s, Laptops And Credit Cards Stolen

Filed under Crime, Guest Issues, Insurance, Liability, Risk Management, Theft

Hospitality Industry Security Risks: Hotels Should Employ “Motherboard Fix” To Make Electronic Door Locks Secure From Hacking And Break-In

“It’s the older Onity locks that are subject to hacking,” Seiders said. “With the old locks, which were the best at the time, the encryption code that authorizes the lock to open has been installed on all of those individual Onity Electronic Locklocks. The hacking device, when it’s plugged into the lock, fools the lock into thinking it’s an authorized programmer. The newer locks don’t have the encryption code in each one; the code is issued at the front desk.”

Following a robbery at a Houston hotel in which thieves exploited security flaws in Onity locks first revealed at the Black Hat conference in July, Hotel Management spoke with Todd Seiders, director of risk management at Petra Risk Solutions and former director of loss prevention at Marriott, for tips on how hoteliers can keep their rooms secure.

“[Onity] immediately started offering the caps and screens to block the port that causes the vulnerability, but I don’t think that’s a very valuable option, because if you block these terminal ports and you have an emergency in the room and the lock has failed, you have to be able to plug in the portable programmer or you’ll have liability issues,” Seiders said. “The thing to take advantage of now is the motherboard switch out. If you mail it in within a reasonable amount of time they’ll replace it for free. The motherboard fix, that’s what these hotels should be doing.”

While Seiders noted that the recession has meant less money available for full-time security staff and new equipment like cameras, he emphasized the importance of staff training in hotel security. “My advice is to go walk the halls and if you see a person standing in the hallway go and look at him for 60 seconds. He’ll either go to a room, or, if not, approach him and say ‘what’s up,’ find out if you can help him. Customer service is the best security.”

Seiders also pointed out that the newer models are not as vulnerable to hacking.

In a statement from Onity, the company said, “Over the next several weeks, we will ensure all hotel properties in our database receive the mechanical solution. These mechanical caps and security screws block physical access to the lock ports that hackers use to illegally break into hotel rooms. The mechanical solution remains free of charge to customers. Technical solutions vary depending on the age, model and deployment of locks at properties.”

For more: http://www.hotelmanagement.net/operations-management/keep-your-rooms-secure-from-door-lock-hackers

Comments Off on Hospitality Industry Security Risks: Hotels Should Employ “Motherboard Fix” To Make Electronic Door Locks Secure From Hacking And Break-In

Filed under Crime, Guest Issues, Liability, Maintenance, Management And Ownership, Risk Management, Theft

Hospitality Industry Security Risks: Hotel Electronic Door Locks In "Various Stages Of Being Repaired"; "Mechanical Caps And Security Screws" Provided To Block Hackers

In October, hotel insurance-related company Petra Risk Solutions issued its hotel clients an alert headlined, “Crime Alert – Onity Guestroom Door hackers are for real.”

Onity Electronic LockIn Florida, Petra loss prevention expert Todd Seiders said he received reports that a hacker had been seen carrying a laptop and using a key card – possibly connected to the laptop – to open locked guestroom doors.

The locks on more than 1 million guestroom doors are in various stages of being repaired, following the revelation this summer that they may be vulnerable to hackers.

The New York Marriott Marquis, the biggest hotel in Manhattan, for instance, just completed updating all of its nearly 2,000 door locks. The hotel is one of thousands of properties with guestroom locks manufactured by Onity, a division of United Technologies. An Onity website also shows Sheraton, Hyatt, Holiday Inn, Fairmont, Radisson and other well-known hotels from Paris to Perth as also having its locks updated.

The hacking tool, according to Petra’s alert, could be made for about $50 in easy-to-acquire electronic parts.

“Please train and notify your hotel staff that these burglaries are spreading across the country,” Petra’s alert cautioned hoteliers. “Hotel staff should be vigilant while they are on the guest floors and paying attention to guests walking through hallways…Take time to watch guests walking through your hallways to ensure they are going to a room and entering it. Be very suspicious of someone carrying a laptop or small bag wandering the hallways. Greet guests and ask them if they need assistance.”

Onity did not immediately return an e-mail seeking comment about the issue. But in a statement updated for December on its website, Onity says that as of Nov. 30, it has shipped hardware to fix 1.4 million hotel door locks. The hardware includes mechanical caps and security screws that “block physical access to the lock ports that hackers use to illegally break into hotel rooms.”

For more:  http://www.usatoday.com/story/hotelcheckin/2012/12/14/hotels-fixing-flaw-that-made-room-locks-vulnerable-to-hackers/1769081/

Comments Off on Hospitality Industry Security Risks: Hotel Electronic Door Locks In "Various Stages Of Being Repaired"; "Mechanical Caps And Security Screws" Provided To Block Hackers

Filed under Crime, Guest Issues, Liability, Maintenance, Management And Ownership, Risk Management, Technology, Theft

Hospitality Industry Security Risks: Recent Texas Hotel Room Robberies Linked To "Electronic Lock Hacking"; Thefts Involving Digital Devices Expected To "Explode Nationally"

“…the Houston Hyatt may not be the only site hit with the Onity hack. An alert published by the insurance firm Petra Risk Solutions in October claimed that “several” hotels in Texas have had their locks opened with Brocious’ technique. Todd Seiders, a former Marriott security director who now works as director of risk management at Petra, says he spoke with the general manager of one of those hotels, who knew of at least three Texas hotels affected in total…”

“…hotels with Onity locks need to either shell out for Onity’s circuit board fix or at least block access to their locks’ ports, says Todd Seiders of Petra Risk Solutions–he estimates that more than 80% of his customers have implemented a fix since August, but says that many more hotels around the world may not have been so careful…”

Whoever robbed Janet Wolf’s hotel room did his work discreetly. When Wolf returned to the Hyatt in Houston’s Galleria district last September and found her Toshiba laptop stolen, there was no sign of a forced door or a picked lock. Suspicions about the housekeeping staff were soon ruled out, too—-Wolf says the hotel management used a device to read the memory of the keycard lock and told her that none of the maids’ keys had been used while she was away.

Two days after the break-in, a letter from hotel management confirmed the answer: The room’s lock hadn’t been picked, and hadn’t been opened with any key. Instead, it had been hacked with a digital tool that effortlessly triggered its opening mechanism in seconds. The burglary, one of a string of similar thefts that hit the Hyatt in September, were real-world cases of a theoretical intrusion technique researchers had warned about months earlier—one that may still be effective on hundreds of thousands or millions of locks protecting hotel rooms around the world.

Last month Houston police arrested 27-year-old Matthew Allen Cook and charged him with theft in a September 7th break-in at the Hyatt House Galleria. Police also listed Cook as a suspect in the theft from Wolf’s room four days later and that of another guest at the hotel. Cook, who has a prior history of arrests for thefts and burglary, was identified when an HP laptop stolen from one of the hotel rooms was found in a local pawn shop, where staff helped police to identify him.

For more:  http://www.forbes.com/sites/andygreenberg/2012/11/26/security-flaw-in-common-keycard-locks-exploited-in-string-of-hotel-room-break-ins/?goback=.gde_76056_member_189780979

Comments Off on Hospitality Industry Security Risks: Recent Texas Hotel Room Robberies Linked To "Electronic Lock Hacking"; Thefts Involving Digital Devices Expected To "Explode Nationally"

Filed under Crime, Guest Issues, Insurance, Liability, Maintenance, Management And Ownership, Technology, Theft

Hospitality Industry Security Risks: "Hacking Hotel Locks In Seconds With Cheap Tools" (ABC News Video)

[youtube=http://www.youtube.com/watch?v=6jlkxDikeiI]

Why 100’s of thousands of tourists are vulnerable to theft or worse.

Comments Off on Hospitality Industry Security Risks: "Hacking Hotel Locks In Seconds With Cheap Tools" (ABC News Video)

Filed under Guest Issues, Liability, Maintenance, Management And Ownership, Risk Management, Technology, Theft

Hospitality Industry Security Risk Management: Hotels Face Increased Risk Of "Guestroom Burglaries" From Electronic Door Lock Hacking Devices

By Todd Seiders, CLSD

http://www.petrarisksolutions.com/

As many of you may have heard, the computer “hacking” community has made a small device that can open Onity hotel guestroom door locks. It costs approximately $50 in readily available electronic parts, and the device has been concealed in an iPhone case and a Dry Erase marking pen body (yes, the felt tipped dry erase pen used on whiteboards).

The hacking device plugs into the door locks, and opens the door. It shows up on the lock readout as a “portable programmer” use, but no serial number for the portable programmer is noted.

**We are now experiencing actual guestroom burglaries and guest thefts by use of these devices in Texas. Multiple rooms have been hit at several hotels. An arrest was made in Houston on some of these burglaries, so I hope to have additional info on that very soon.

**I am also receiving reports from hotels in Florida that a similar “hacker” has been seen carrying a laptop computer and using a key card (possibly connected to the laptop) to open guestroom door locks. There have been several guestroom burglaries and actual witnesses who saw the suspect with his laptop, using a key card to access locked guestrooms.

Please TRAIN and notify your hotel staff that these burglaries are spreading across the country. Hotel staff should be vigilant while they are on the guest floors and paying attention to guests walking through hallways. Take time to watch guests walking through your hallways to ensure they are going to a room and entering it. Be very suspicious of someone carrying a laptop or small bag wandering the hallways. Greet guests and ask them if they need assistance. If they appear nervous, or cannot tell you what room they are looking for, escort them to the lobby, or escort them to where a security camera is, so you can get a picture of them. If they leave the hotel, follow them and try and write down a vehicle license plate on their vehicle. Your hotel staff has to be more active on your guest floors when they see people walking around.

Onity locks is not accepting liability for the defect in their hotel locks, and have offered a software fix for the problem. Onity is charging hotels to supply the fix.

I’m sorry to say that this burglary issue will only get bigger as the hackers share their tales and their build your own device details in the future.

I’ll keep you posted on this topic…..

Todd Seiders, CLSD
Director of Risk Management

Email: ToddS@PetraRiskSolutions.com
Phone: (800) 466-8951 ext 207

Direct: (562) 623-0976
Fax: (800) 494-6829
Lic #0817715

 

Comments Off on Hospitality Industry Security Risk Management: Hotels Face Increased Risk Of "Guestroom Burglaries" From Electronic Door Lock Hacking Devices

Filed under Guest Issues, Insurance, Liability, Maintenance, Management And Ownership, Risk Management, Theft, Training

Hospitality Industry Security Risks: Hotel "Electronic Room Locks" Opened With "Hacking Device" Tool Disguised As "Dry Erase Marker" (Video)

[youtube=http://www.youtube.com/watch?v=QyN-8CeNSZg]

A trio of hackers have built a tool that appears to be an innocent dry erase marker, but when inserted into the port on the bottom of a common form of hotel room keycard lock triggers the lock’s open mechanism in a fraction of a second.

The security researchers who spend their days breaking into clients’ systems to find and fix security vulnerabilities often call themselves “penetration testers,” or “pentesters.” But one group of hotel lock hackers just gave the term “pentest” a very different meaning.

The inconspicuous lock hacking device is an adaption of one demonstrated at the Black Hat security conference in July by Cody Brocious, a hacker and software developer for Mozilla, who discovered and exploited a vulnerability in Onity locks, a cheap and popular hotel room lock that the company says are used on at least four million hotel rooms worldwide. Through the port on the bottom of the lock intended for a device that hotels can use to set master keys, Brocious found he was able to read the lock’s memory, including a decryption key stored on the locks that gave him access to their opening mechanism.

2 Comments

Filed under Crime, Guest Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Hospitality Industry Security Risks: Electronic Hotel Room Locks Shown To Be Vulnerable To "Hardware Gadgets"

The system’s vulnerability arises, Brocious says, from the fact that every lock’s memory is entirely exposed to whatever device attempts to read it through that port. Though each lock has a cryptographic key that’s required to trigger its “open” mechanism, that string of data is also stored in the lock’s memory, like a spare key hidden under the welcome mat.

At the Black Hat security conference Tuesday evening, a Mozilla software developer and 24-year old security researcher named Cody Brocious plans to present a pair of vulnerabilities he’s discovered in hotel room locks from the manufacturer Onity, whose devices are installed on the doors of between four and five million hotel rooms around the world according to the company’s figures. Using an open-source hardware gadget Brocious built for less than $50, he can insert a plug into that DC port and sometimes, albeit unreliably, open the lock in a matter of seconds. “I plug it in, power it up, and the lock opens,” he says simply.

The ability to access the devices’ memory is just one of the two vulnerabilities Brocious says he found in Onity’s locks. He says the company also uses a weak encryption scheme that allows him to derive the “site code”–a unique numerical key for every facility–from two cards encoded one after another for the same room. By reading the encrypted data off of two cards and testing thousands of potential site codes against both cards until the decoded data displays a predictable interval between the two, he can find the site code and use it to create more card keys with a magnetizing device. But given that he can only create more cards for the same room as the two keys he’s been issued, that security flaw represents a fairly low risk compared with the ability to open any door arbitrarily.

For more:  http://www.forbes.com/sites/andygreenberg/2012/07/23/hacker-will-expose-potential-security-flaw-in-more-than-four-million-hotel-room-keycard-locks/

6 Comments

Filed under Crime, Guest Issues, Liability, Maintenance, Management And Ownership, Technology

Hospitality Industry Guest Security Risks: Denver Hotel's "Room Key System" Malfunctions Locking Guests Out Of Rooms For Three Hours

“Shortly after midnight on New Year’s Eve, the hotel experienced a malfunction of the electronic room lock system. Once we became aware of the situation, we contacted the manufacturer of the system who provided technical support…”

Due to the inconvenience, the hotel gave guests refunds for the room.

Guests at the 628-room Denver Tech Center Marriott were locked out of their rooms when the clock struck midnight New Years. A room key malfunction kept guests out of their rooms from midnight until about 3 a.m.

Crowds of people packed into the lobby hoping to get key cards that worked. Others went to sleep in hallways. Hotel guests say it got pretty wild. “It was like a madhouse in there. It was crazy. I thought riots were going to start,” said Kyle Novak.

Denver Police say an officer called for assistance around 12:40 after a large disturbance in the parking lot. There were numerous reports of assaults and property damage.

In response to the incident Jennifer Atkins, the hotel’s general manager released the following statement.

 “We are sorry for the inconvenience this caused and are providing the night’s lodging free of charge to all registered guests. We will continue to work closely with the manufacturer of the lock system to better understand what may have caused the malfunction and will do what we can to prevent a similar malfunction from happening in the future.”

For more:  http://www.kwgn.com/news/kdvr-nye-guests-locked-out-of-denver-marriott-201211,0,7988711.story

Comments Off on Hospitality Industry Guest Security Risks: Denver Hotel's "Room Key System" Malfunctions Locking Guests Out Of Rooms For Three Hours

Filed under Guest Issues, Liability, Maintenance, Management And Ownership, Privacy, Technology