Friday, October 12, 2012

Hotel locks easily bypassed

This is an update to a post from last August where some security researchers came up with a way to bypass security on the electronic locks used in hotels world wide.  Back then, the gear to crack the lock was bulky and suspicious, and would attract attention.  They've miniaturized the gear and hidden it in a dry erase marker:
Well, depending on what type of key system is used at the hotel you’re staying in, it might be possible for someone with a “dry erase marker” to bypass the door key system and walk right in. No, you can’t circumvent hotel door security with an actual dry erase marker, but security researchers recently demonstrated a tool disguised as a dry erase marker, which can be used to access some hotel door locks.

The locks in question are used in more than four million rooms, found in 22,000 hotels around the world. Is your preferred hotel chain one of them? Perhaps. The manufacturer of the affected lock system has promised to fix it ASAP.
I'd recommend that you assume that your lock can be opened by anyone who wants to, carrying items that won't trip any suspicions.  Use the deadbolt and chain/latch which are physical and provide more layers of security.  Don't leave valuables in your room when you're out (I don't like the in-room safes either; just like web sites have password reset features the hotels will likely have the "quick open" magic combo for people who've forgotten the combo they set).  I think I've only once used the hotel master safe, and so can't say whether that's a good bet or not.

2 comments:

  1. Well, bugger. I'm traveling to Norfolk in a couple of weeks for several days, and I won't be able to haul my laptop with me every time I leave the room, but I will need it. I hope the cable lock for it will be good enough.

    ReplyDelete
  2. "I lost my room key. It's 107"

    They gave me a replacement. Different clerk. Didn't ask for ID.

    ReplyDelete

Remember your manners when you post. Anonymous comments are not allowed because of the plague of spam comments.