Tag Archives: Hacking Tool

Hospitality Industry Security Risks: Hotels Should Employ “Motherboard Fix” To Make Electronic Door Locks Secure From Hacking And Break-In

“It’s the older Onity locks that are subject to hacking,” Seiders said. “With the old locks, which were the best at the time, the encryption code that authorizes the lock to open has been installed on all of those individual Onity Electronic Locklocks. The hacking device, when it’s plugged into the lock, fools the lock into thinking it’s an authorized programmer. The newer locks don’t have the encryption code in each one; the code is issued at the front desk.”

Following a robbery at a Houston hotel in which thieves exploited security flaws in Onity locks first revealed at the Black Hat conference in July, Hotel Management spoke with Todd Seiders, director of risk management at Petra Risk Solutions and former director of loss prevention at Marriott, for tips on how hoteliers can keep their rooms secure.

“[Onity] immediately started offering the caps and screens to block the port that causes the vulnerability, but I don’t think that’s a very valuable option, because if you block these terminal ports and you have an emergency in the room and the lock has failed, you have to be able to plug in the portable programmer or you’ll have liability issues,” Seiders said. “The thing to take advantage of now is the motherboard switch out. If you mail it in within a reasonable amount of time they’ll replace it for free. The motherboard fix, that’s what these hotels should be doing.”

While Seiders noted that the recession has meant less money available for full-time security staff and new equipment like cameras, he emphasized the importance of staff training in hotel security. “My advice is to go walk the halls and if you see a person standing in the hallway go and look at him for 60 seconds. He’ll either go to a room, or, if not, approach him and say ‘what’s up,’ find out if you can help him. Customer service is the best security.”

Seiders also pointed out that the newer models are not as vulnerable to hacking.

In a statement from Onity, the company said, “Over the next several weeks, we will ensure all hotel properties in our database receive the mechanical solution. These mechanical caps and security screws block physical access to the lock ports that hackers use to illegally break into hotel rooms. The mechanical solution remains free of charge to customers. Technical solutions vary depending on the age, model and deployment of locks at properties.”

For more: http://www.hotelmanagement.net/operations-management/keep-your-rooms-secure-from-door-lock-hackers

Comments Off on Hospitality Industry Security Risks: Hotels Should Employ “Motherboard Fix” To Make Electronic Door Locks Secure From Hacking And Break-In

Filed under Crime, Guest Issues, Liability, Maintenance, Management And Ownership, Risk Management, Theft

Hospitality Industry Security Risks: Hotel Electronic Door Locks In "Various Stages Of Being Repaired"; "Mechanical Caps And Security Screws" Provided To Block Hackers

In October, hotel insurance-related company Petra Risk Solutions issued its hotel clients an alert headlined, “Crime Alert – Onity Guestroom Door hackers are for real.”

Onity Electronic LockIn Florida, Petra loss prevention expert Todd Seiders said he received reports that a hacker had been seen carrying a laptop and using a key card – possibly connected to the laptop – to open locked guestroom doors.

The locks on more than 1 million guestroom doors are in various stages of being repaired, following the revelation this summer that they may be vulnerable to hackers.

The New York Marriott Marquis, the biggest hotel in Manhattan, for instance, just completed updating all of its nearly 2,000 door locks. The hotel is one of thousands of properties with guestroom locks manufactured by Onity, a division of United Technologies. An Onity website also shows Sheraton, Hyatt, Holiday Inn, Fairmont, Radisson and other well-known hotels from Paris to Perth as also having its locks updated.

The hacking tool, according to Petra’s alert, could be made for about $50 in easy-to-acquire electronic parts.

“Please train and notify your hotel staff that these burglaries are spreading across the country,” Petra’s alert cautioned hoteliers. “Hotel staff should be vigilant while they are on the guest floors and paying attention to guests walking through hallways…Take time to watch guests walking through your hallways to ensure they are going to a room and entering it. Be very suspicious of someone carrying a laptop or small bag wandering the hallways. Greet guests and ask them if they need assistance.”

Onity did not immediately return an e-mail seeking comment about the issue. But in a statement updated for December on its website, Onity says that as of Nov. 30, it has shipped hardware to fix 1.4 million hotel door locks. The hardware includes mechanical caps and security screws that “block physical access to the lock ports that hackers use to illegally break into hotel rooms.”

For more:  http://www.usatoday.com/story/hotelcheckin/2012/12/14/hotels-fixing-flaw-that-made-room-locks-vulnerable-to-hackers/1769081/

Comments Off on Hospitality Industry Security Risks: Hotel Electronic Door Locks In "Various Stages Of Being Repaired"; "Mechanical Caps And Security Screws" Provided To Block Hackers

Filed under Crime, Guest Issues, Liability, Maintenance, Management And Ownership, Risk Management, Technology, Theft

Hospitality Industry Security Risks: Recent Texas Hotel Room Robberies Linked To "Electronic Lock Hacking"; Thefts Involving Digital Devices Expected To "Explode Nationally"

“…the Houston Hyatt may not be the only site hit with the Onity hack. An alert published by the insurance firm Petra Risk Solutions in October claimed that “several” hotels in Texas have had their locks opened with Brocious’ technique. Todd Seiders, a former Marriott security director who now works as director of risk management at Petra, says he spoke with the general manager of one of those hotels, who knew of at least three Texas hotels affected in total…”

“…hotels with Onity locks need to either shell out for Onity’s circuit board fix or at least block access to their locks’ ports, says Todd Seiders of Petra Risk Solutions–he estimates that more than 80% of his customers have implemented a fix since August, but says that many more hotels around the world may not have been so careful…”

Whoever robbed Janet Wolf’s hotel room did his work discreetly. When Wolf returned to the Hyatt in Houston’s Galleria district last September and found her Toshiba laptop stolen, there was no sign of a forced door or a picked lock. Suspicions about the housekeeping staff were soon ruled out, too—-Wolf says the hotel management used a device to read the memory of the keycard lock and told her that none of the maids’ keys had been used while she was away.

Two days after the break-in, a letter from hotel management confirmed the answer: The room’s lock hadn’t been picked, and hadn’t been opened with any key. Instead, it had been hacked with a digital tool that effortlessly triggered its opening mechanism in seconds. The burglary, one of a string of similar thefts that hit the Hyatt in September, were real-world cases of a theoretical intrusion technique researchers had warned about months earlier—one that may still be effective on hundreds of thousands or millions of locks protecting hotel rooms around the world.

Last month Houston police arrested 27-year-old Matthew Allen Cook and charged him with theft in a September 7th break-in at the Hyatt House Galleria. Police also listed Cook as a suspect in the theft from Wolf’s room four days later and that of another guest at the hotel. Cook, who has a prior history of arrests for thefts and burglary, was identified when an HP laptop stolen from one of the hotel rooms was found in a local pawn shop, where staff helped police to identify him.

For more:  http://www.forbes.com/sites/andygreenberg/2012/11/26/security-flaw-in-common-keycard-locks-exploited-in-string-of-hotel-room-break-ins/?goback=.gde_76056_member_189780979

Comments Off on Hospitality Industry Security Risks: Recent Texas Hotel Room Robberies Linked To "Electronic Lock Hacking"; Thefts Involving Digital Devices Expected To "Explode Nationally"

Filed under Crime, Guest Issues, Insurance, Liability, Maintenance, Management And Ownership, Technology, Theft

Hospitality Industry Security Risks: "Hacking Hotel Locks In Seconds With Cheap Tools" (ABC News Video)

[youtube=http://www.youtube.com/watch?v=6jlkxDikeiI]

Why 100’s of thousands of tourists are vulnerable to theft or worse.

Comments Off on Hospitality Industry Security Risks: "Hacking Hotel Locks In Seconds With Cheap Tools" (ABC News Video)

Filed under Guest Issues, Liability, Maintenance, Management And Ownership, Risk Management, Technology, Theft

Hospitality Industry Security Risks: Hotel "Electronic Room Locks" Opened With "Hacking Device" Tool Disguised As "Dry Erase Marker" (Video)

[youtube=http://www.youtube.com/watch?v=QyN-8CeNSZg]

A trio of hackers have built a tool that appears to be an innocent dry erase marker, but when inserted into the port on the bottom of a common form of hotel room keycard lock triggers the lock’s open mechanism in a fraction of a second.

The security researchers who spend their days breaking into clients’ systems to find and fix security vulnerabilities often call themselves “penetration testers,” or “pentesters.” But one group of hotel lock hackers just gave the term “pentest” a very different meaning.

The inconspicuous lock hacking device is an adaption of one demonstrated at the Black Hat security conference in July by Cody Brocious, a hacker and software developer for Mozilla, who discovered and exploited a vulnerability in Onity locks, a cheap and popular hotel room lock that the company says are used on at least four million hotel rooms worldwide. Through the port on the bottom of the lock intended for a device that hotels can use to set master keys, Brocious found he was able to read the lock’s memory, including a decryption key stored on the locks that gave him access to their opening mechanism.

2 Comments

Filed under Crime, Guest Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft