Ransomware Infects a Hotel's Key System (dailymail.co.uk) 203
An anonymous reader writes:
A luxury hotel "paid "thousands" in Bitcoin ransom to cybercriminals who hacked into their electronic key system. The "furious" hotel manager says it's the third time their electronic system has been attacked, though one local news site reports that "on the fourth attempt the hackers had no chance because the computers had been replaced and the latest security standards integrated, and some networks had been decoupled." The 111-year-old hotel is now planning to remove all their electronic locks, and return to old-fashioned door locks with real keys. But they're going public to warn other hotels -- some of which they say have also already been hit by ransomware.
UPDATE: The hotel's managing director has clarified today that despite press reports, "We were hacked, but nobody was locked in or out" of their rooms.
UPDATE: The hotel's managing director has clarified today that despite press reports, "We were hacked, but nobody was locked in or out" of their rooms.
Yay, connectivity and IoT (Score:5, Insightful)
Who thought it was a good idea for essential systems like this to be online in the first place?!
This is why the Internet of Things is such a horrible concept. Most things don't need to be online and connected to everything else, and the cost of trying to be trendy is huge increases in risks to the privacy, security and reliability of everyday items.
Closed networks do just fine for these kinds of systems, don't actually need to cost that much more, and have none of the vulnerabilities.
Re:Yay, connectivity and IoT (Score:4, Interesting)
Probably the network the hotel was connected to was already reasonably firewalled or maybe even inside some virtual chain intranet. But such networks are still very easy to hack because of shitty update policies, microsoft windows, and attachment.zip.exe.
It doesn't need to be "thing that talks with cloud and you talk with cloud to talk with thing" like IOT to be hackable.
Re:Yay, connectivity and IoT (Score:4, Interesting)
... easy to hack because of shitty update policies, [...], and attachment.zip.exe.
Agree, and it's because the hotel thinks the bottom line is accounts payable/accounts receivable where revenue exceeds expenses.
Loss-prevention is a cost of doing business.
Hotels can pay for that up front, or pay for it later.
Delay is expensive.
As discussed in TFS, they have to pay the ransom and then go back and pay to harden the system.
Re: Yay, connectivity and IoT (Score:3)
Plus you don't have a situation like this where three guests died waiting for the BTC confirmation.
Re: (Score:2)
Who thought it was a good idea for essential systems like this to be online in the first place?!
Hackers - duh.
Re:Yay, connectivity and IoT (Score:4, Insightful)
That's not the failure here. The failure here is that there's no way of manually unlocking the door from the inside. That has to be some sort of firecode violation.
The fact that the computer that ran that was also connected to the internet just compounds the problem. People should always be able to get out, no matter what's going on with the computer system.
Re: (Score:3)
Obviously there should be physical safeguards for when the tech screws up, but I don't think that diminishes the scale of the original screw up.
Re: (Score:2)
/Checks where this took place... Austria. /Considers the possiblity for off-color jokes....
No kidding (Score:4, Informative)
We have electronic locks at work, and they are on the Internet. They are VLAN'd and firewalled off but they are still on the Internet because the company that administers them is remote. You can argue we should do it our self and I'd agree, but that is the arrangement. However every single one can be overridden on the inside the the handle. The locking mechanism is just that it basically unlocks the door frame so you can push it open from the outside with the electronic lock. Inside, you can always use the handle to override.
The reason is, as you say, fire code. All our doors always open towards the outside, no matter what. Old lock and key doors are the same. You will find a door with a Medeco lock on the outside that can't be permanently unlocked, only turned to move the bolt, but on the inside ti is just a bar you push to open it up. No matter where you are in the building, you can always get out just by following the doors that will open manually with no key/code. The locks are for locking people out, not in.
IoT Profit! (Score:2)
Works for me - I rarely go out (living in what amounts to the Garden of Eden will do that for ya) - and no one gets my data if I don't want them to.
BUT! Now let
Re: (Score:2)
Who thought it was a good idea for essential systems like this to be online in the first place?
Hacking doesn't have to happen from the internet. The locks are in communication with the central system, which makes each lock a potential point of entry for hacking the system.
Re: (Score:2)
Well, yes. People with physical access to closed systems can potentially attack them in ways that people with only remote access can't. News at 11.
That's not an argument against minimizing the attack surface by avoiding unnecessary remote access, though, is it?
Re: (Score:2)
That's not an argument against minimizing the attack surface by avoiding unnecessary remote access, though, is it?
No, it's an argument against thinking systems become safe by detaching them from the internet.
And from my experience, it's often easier to find vulnerabilities on local and required networks. Manufacturers tend to put very little thought into securing its own devices from each other.
Trust is the big evil in security.
Re: (Score:2)
No, it's an argument against thinking systems become safe by detaching them from the internet.
There's no such thing as "safe". That's not how security works, Detaching systems from the internet makes them safer, and that's a Good Thing.
In this case, I applaud moving back to mechanical keys. It's a mature security system, the weaknesses and their mitigations are well understood, and it matches people's expectations about what behaviors are safe. I also suspect it's not particularly expensive at any sort of scale (once it makes sense to cut your own keys, and have staff trained to do that - it's n
Re: (Score:3)
That's not the normal English language use of the word "safe".
Let's check a dictionary [merriam-webster.com]
1: free from harm or risk
: unhurt
2 : secure from threat of danger, harm, or loss
It doesn't mean "absolutely, perfectly free of risk of harm". It's a relative term.
Your private definition of "safe" is not in common use, I'm afraid. I think you want "safer", which means what you want it to mean.
Re:Yay, connectivity and IoT (Score:4, Interesting)
Who thought it was a good idea for essential systems like this to be online in the first place?!
Someone who understands their most profitable customers: business customers. If your business customers can check-in online through the app and be assigned a room which they can unlock from their phone without ever interacting with the front desk.
"Thank you Samantha for picking Great Hotel again. Your room number is 352. Click here to unlock the door. If you have any problems or questions please dial ## or stop by the front desk."
Obviously the devil is in the details but NFC keycards aren't going anywhere (no changing locks and lost keys) and internet aware locks are the obvious next step of convenience and cost cutting.
Re: (Score:3)
Obviously the devil is in the details but NFC keycards aren't going anywhere (no changing locks and lost keys)
OK, I'm with you so far.
and internet aware locks are the obvious next step of convenience and cost cutting.
::boggle::
Even some of the cheaper hotel chains here in the UK now routinely have machines that let you check in without staff intervention, including coding your keycards for you. It takes a few moments. It is not at all obvious to me that Internet-enabling anything about this process would be either more convenient or cheaper for anyone.
Re: (Score:2)
Closed networks solve SOME of the problems inherent in an electronic solution. They sure don't solve all of them. This sounds like a power outage would also have locked everyone in their rooms, e.g.
Re: (Score:2)
Maybe. The article doesn't say, but if the attack truly did lock the doors from inside then clearly they have other problems, for sure. At that point, you're not talking about vulnerabilities to hostile parties any more, you're talking about basic reliability and safety concerns.
Re: (Score:3)
Re: Yay, connectivity and IoT (Score:5, Insightful)
I know nothing about Austrian law, but in America this lock system would have been ILLEGAL, and I am astonished that something like this was ever designed and installed. It is a blatant violation of every fire code I have ever seen. Locking people out is fine, but you NEVER NEVER NEVER lock people IN, nor do you ever design something where human safety depends on software or electricity. Egress should always be possible using only mechanical means.
EU law is rarely softer than US law when it comes to consumer safety, so I doubt they were actually trapped. The problem is probably that this was tied into breaking the glass and setting off the fire alarm with sirens and unlocking all the rooms. While you could silence the sirens, everything would be open to theft and also you wouldn't have a working alarm in case of an actual fire so they probably asked their guests to stay while they tried to resolve it some other way. There's no requirement that the emergency exit should be functional as a backup system.
Re: Yay, connectivity and IoT (Score:3, Insightful)
Indeed, fire code, building code, you name it. I am yet to come across a hotel here in Europe where you would have to use your key card to go out of the room.
This story is clearly overstating what happened. Yes it sucks of you're a hotel owner, and your card system gets hacked but if your guests could potentially get trapped in case of some malfunction, you're in deep trouble.
Re: Yay, connectivity and IoT (Score:4, Informative)
What *are* you on about with the breaking glass bullshit? Next time you're in a hotel room close the door and put the card in your pocket. Then slowly turn the handle. At about 30 or so degrees you'll feel a bit of resistance. That's the mechanical override (I assume it's a lever or cam[1]) engaging. Turn it some more and hey presto, the door unlocks.
[1] I'll take a set of screwdrivers on my next road trip.
Re: Yay, connectivity and IoT (Score:4, Interesting)
The article doesn't specify the exact system or how it was compromised, so unless you have some other source to share, none of us know whether the devices that were compromised in this specific case were directly Internet-connected. Some modern hotel systems are. It could also be that the repeated hacks in this case accessed the room key system indirectly via some other system that was compromised first. The fundamental issues raised are the same either way.
Re: (Score:2)
If it wasn't connected to the Internet in some way, how in the hell would someone compromise it remotely?
Dial up? That's how ATM hacking used to work - heck, maybe it still does. Dial-up connections are still used in a variety of embedded applications for remote maintenance, perhaps because it gives the illusion of not being on a publicly accessible network (despite being on the oldest such network).
Comment removed (Score:4, Insightful)
Re: Yay, connectivity and IoT (Score:5, Insightful)
The free market simply will not correct this situation, because it has no mechanism to do so.
Yes it does: Civil law torts.
Until the IoT is regulated, shit like this is just going to keep happening
Regulation means that the spec is written by government bureaucrats, or (even worse) a congressional committee. That will lead to ossification and a focus on compliance checklists rather than real security.
This hotel had their card system hacked THREE TIMES, yet still had it connected to the Internet. You can't regulate away that level of stupidity.
Re: (Score:3)
Torts will do little to nothing. Every IoT device has a EULA or ToS with it forcing arbitration and absolving the device maker of all blame should something happen with the item. Even with torts, the IoT company likely has a good number of lawyers who will just steamroll over anyone bringing lawsuits, or just stall the lawsuit until the plaintiff has to drop it due to lack of funds.
For the little guy, the civil system only will bankrupt them, so it is no real check.
Because IoT makers view security as havi
Re: (Score:3)
Why don't people understand... (Score:5, Informative)
Critical infrastructure DOESN'T NEED ACCESS TO A PUBLIC INTERNET.
Governments, utility providers, MILLITARIES! All of them have publicly accessible computers. WHY?
Re: (Score:3)
Because its more convenient and it "works" until cases like these, but they are very exceptional. Most people only want computers to work, "security" is a strange and unknown concept to them.
But yeah, its trivial to get rid of this vulnerability by simply having two computers, one for the door locking management system, NOT CONNECTED, and the second one to write emails with, etc.
Re: (Score:3)
Because you don't hire a programmer nor security consultant to install these systems. You buy the system, and an installer gets the job done with a minimum of extra work.
You're buying a modernization package, not a security solution. And it will stay this way until people mark up the contract and send it back signed, with additions. But the sale will be voided, the security won't be enforced, until the business has enough customers demanding security.
The military aspect is kinda vague, I'm not going to addr
Re: (Score:2)
Problems have solutions ...
Some solutions to some problems is litigation.
Apparently, the hotel didn't purchase a turnkey (see what I did there) technical system.
The evidence is in the part where they went BACK and hardened the system.
There is an obvious point of failure in the procurement, implementation, and maintenance of the system.
Who, exactly, is responsible for that?
Whoever it is needs a good spanking in court.
For reference, see fire-related litigation that resulted in ordinances requiring occupancy levels, extinguishers, sprin
Re: (Score:2)
Governments, utility providers, MILLITARIES!
A "millitary" doesn't seem very powerful. My country has a megatary, I'm just saying...
Re: (Score:2)
The focus of my job, nor my companies is security. However if someone is on the lan with DDC (Digital Data Control) and other systems, access control for instance, they have an even better shot of pulling something like this off. For all you know, they had a default system with default security credentials and no Vlans or any other of even the most basic controls. I get your point, but it could have easily been an inside job, by even say, a gue
Re: (Score:2)
Those Hotel key systems should have been "air-gapped" from the billing system. All they needed to do was put a NFC reader on the doors, minibar, etc and then have the front-desk tap the key to their billing system to change what door is unlocked by it. Essentially the "key" would be a number that matches the door, and the cryptoprocessor on the card would look up what door asked for a key, and if there is no key on the card, the door goes, go away.
Thus speaks an armchair expert with no experience with hacking or hotels.
Customers lose their keys. With transactions stored on the key, then the transactions are lost too.
Then there's emergencies, where doors should open without a key. That requires a remote system.
The locks need to be autonomous, and not change their behaviour based on whether authentication is available or not (or anyone can DoS the system quite easily), yet still be programmable from a remote station.
Re: (Score:2)
Until you want to express check in with your smartphone app, and use the NFC on your phone as the key.
Re: (Score:2)
How about "There should be no external write access."?
I don't think I can read over a set of specs and decide that it will be secure under all circumstances unless it's trivially simple. This particular failure mode is only one case where electronic locks are a bad idea. What effect would a power outage have? A close lightning strike on the power lines? An EMP? Etc.
Traditional key and lock has a lot going for it, but I can see the attraction also of a system that's easily changed. But I think that cou
Common Sense At Work (Score:4, Funny)
Welp folks, since we're not willing to use common sense in deploying our electronic systems to ensure their security and integrity, we're going to abandon digital and go back to mechanical.
With this challenge out of the way, we're looking at resolving the parking lot conundrum by bringing back horse buggies. To prevent our central heating and air from being hacked, we're uninstalling it and putting fireplaces and fans in all the rooms.
Re:Common Sense At Work (Score:4, Insightful)
I think you're trying to condemn their decision, but personally, that sounds great to me. Horses, fireplaces, and physical security... not much to complain about... Given that your alternatives are cheap automobiles, dependence on fossil fuels for heating, and a security system that can track your every moment, and still get hacked and end up locked in (or out) of your room.
I'll take a wired home phone instead of a cell phone and eat food that was harvested locally as well.
Re:Common Sense At Work (Score:5, Informative)
I used to work at a hotel and helped select one of these key card systems for purchase (I wasn't around for the installation). You're supposed to keep it on a separate and isolated network specifically to prevent problems like this. The system is completely self-contained and internal. Nothing else needs access to it, and you don't need to have access to anything else from it. The person using the key card server doesn't need to be able to browse their Facebook page on it. The only data being entered into it should be the front desk staff keying in the guest's name and dates of stay so that a new key card can be generated and the lock for that room reprogrammed.
Physical keys at hotels were/are a huge problem because anyone can make a copy of the key. Theoretically a guest could make a copy to access the room at a later date. But more commonly, one of the maids (who have master keys so they can access all rooms) makes a copy, gives it to someone else, who then goes into the rooms and steals stuff when the maid is off-duty (so as not to arouse suspicion as to who copied their key). Changing the locks is expensive and doesn't help, because the corrupt maid simply makes a copy of the new key. It's cheaper to make a copy of a physical key than it is to change all the physical locks. OTOH, it's cheaper to change all the electronic lock keys than it is to make a copy of the newer RFID key cards. Switching back to physical keys is huge step backwards in security.
Re: (Score:2)
Also, a proper backup policy could completely eliminate this failure mode. Ironically you could *more easily* secure this with *more* internet integration. Have the backups be incremental and off-site. Setup the off-site service to keep backups for 7 days no matter what. If at any point someone hacks your system, physically insert a "RESET" DVD. Format *everything* back to factory defaults. Load the latest good database and you should be back in business in half an hour.
Re: (Score:2)
I used to work at a hotel and helped select one of these key card systems
If key cards are being used, why choose a system that requires the locks be networked?
Sure, there is a convenience in the front desk being able to remotely update the stay duration rather than having the guests come to desk to have their kay cards re-written, but is that really worth the problems? I recently attended a convent held in the Intercontinental Hotel in Dallas - a 5 star, luxury hotel. Although I couldn't afford a room in that hotel, some of the convention attendees did. And some of those extende
Re: Common Sense At Work (Score:2)
Burning wood or coal in a fireplace is NOT, in any way, shape, or form, a "green" alternative. Fireplaces are the reason cities like London & Paris were choked in smog decades before industry & transportation were even significant contributors. Compared to lumber & coal burning in 10-20 million fireplaces, oil, natural gas, and nuclear fission are almost pure ideal green goodness.
Re: (Score:2)
Re: (Score:2)
Horses, fireplaces, and physical security... not much to complain about.
I don't think you understand how bad horses can smell (and how much mess they can make). Also, fireplaces put out a lot of pollution (and are usually just for looks: a wood stove is what will really generate some heat for you).
Re: (Score:2)
And death to all cities of any size as they drown in a wave a sickness and horse shit. Cars may pollute but its in the air and blows away. The amount of horse shit from that number of horses will choke a decent size city in a matter of days.
Re:Common Sense At Work (Score:5, Informative)
Welp folks, since we're not willing to use common sense in deploying our electronic systems to ensure their security and integrity, we're going to abandon digital and go back to mechanical.
"Common sense" is not very "common" at all when it comes to electronic systems, and it's even less common when it comes to computer security. The vast majority of people -- even those running big businesses -- simply have no clue how computers or networks or whatever work in any detail. So how can they have "common sense" about them?
And I think it's only getting worse. Interfaces on computers and electronics keep getting "simpler" with more information hidden from the end user. These changes are often pushed by companies that have a strong interest in keeping their users ignorant of things like security, because it allows them to continuously steal their users' data and information. So, a normal "user" who encounters technology on an everyday basis is going to get dumber about security if trends of the past couple decades continue. "Common sense" about such things will get even more rare.
Seriously -- obviously an air-gapped system is a easy solution here, but do you realize that most people don't even understand what that means? I've had lots of conversations with people who still can't even tell the difference between local applications/data and the internet... and cloud interactions are further blurring such distinctions all the time, so there's little benefit for most people in trying to understand such distinctions. All the people working at the hotel are going to say is, "Huh? Why can't I check my email on this computer?? It's broken!"
Which is why *everyone* should code them (not) (Score:2)
> "Common sense" is not very "common" at all when it comes to electronic systems, and it's even less common when it comes to computer security. The vast majority of people -- even those running big businesses -- simply have no clue how computers or networks or whatever work in any detail.
Which is why it's a great idea for absolutely everyone to be writing code for these internet-connected devices. Security? What's that? Who cares, I just wrote a Facebook app to connect my fire sprinklers to my Facebo
Re: (Score:2)
An air-gapped system only solves part of the problem Where's your fine electronic system when the power goes out? You say you've got battery blackup power...did you read about how that worked out for Note7 owners?
I'm not convinced that electronic locks on hotel room doors are a good idea. I know it's convenient, and avoids certain failure modes (customers making a copy of the key and then sneaking back later for some nefarious deed), and sometimes cheaper, but that doesn't immediately translate into bett
Ransomware locks hotel guests out of their Rooms (Score:4, Insightful)
"Unless this is all just a big publicity stunt to advertise their new door locks."
Yea, that's it, a hotel would try and drum up business by advertising that its electronic door locks can be compromised.
Re: (Score:2)
Woosh.
Fire (Score:5, Insightful)
Re: (Score:2)
I can understand people being locked out of their rooms. But if they're being locked in they're in massive violation of fire safety laws.
They probably weren't physically trapped, but without being able to re-enter they couldn't leave if they wanted to keep their belongings.
As for manual keys as backup for staff entry, most hotel theft - just like most retail theft - is perpetrated by staff. The electronic doors keep track of which employees are in which rooms so they can investigate complaints of theft.
Re: (Score:3)
They probably weren't physically trapped, but without being able to re-enter they couldn't leave if they wanted to keep their belongings.
First off, if that were true, then all the reporting is erroneous, since that's "locked out" of rooms, NOT "locked in."
Second... well, we can just RTFA:
Hotel management said that they have now been hit three times by cybercriminals who this time managed to take down the entire key system. The guests could no longer get in or out of the hotel rooms and new key cards could not be programmed.
Or read the other article:
Mr Brandstaetter said they had been hit three times by the cybercriminals, who managed to lock all the doors, trapping many guests inside and some outside their rooms.
One doesn't usually use the word "trapping" when someone can just walk out a door voluntarily. Obviously if your scenario were true, guests could simply pick up all their belongings and check out. Or they could prop the door open or something. Both of the linked stories imply this was NOT the case. (One even says explicitly th
Re: (Score:2)
Fire code regulations all over the globe mandate that electronic key locks to open manually from the inside, which means no guest was locked inside their rooms. Additionally, electronic key systems are also created to handle power failures, so there was a way to open the doors from the outside, meaning no one was locked out either. According to Austrian news site ORF, the hotel was fully-booked with 180 guests. According to hospitality news site Allgemeine Hotel- und Gastronomie-Zeitung, at the time the ransomware took root, all the hotel's guests were on the local ski slopes.
Re: (Score:2)
I suspect that no one thought to cut power to unlock the doors, otherwise they wouldn't have had breaking down the doors as their alternate solution.
Re: (Score:2)
in some systems power lost = doors unlock (Score:3)
in some systems power lost = doors unlock (the ones that have the push to exit button) as the power is needed to hold them locked. Also the fire system can trigger the unlock.
Re: (Score:2)
Re: (Score:2)
Most hotel locks, at least on the rooms, are battery powered. Often by AA batteries.
Re: (Score:2)
Exactly, The article is grossly over-reacting, or the hotel management is. The key locks in the invididual doors are simply battery-operated and have absolutely no connection to any other system whatsoever. They are simply pre-programmed with a hardcoded ID. The key cards inserted must match this id, and the time, and that will open the door. Programming of the key happens at the reception, and that's where this hotel was clearly vulnerable, probably by connecting it to the internet. When this system is com
Re: (Score:2)
Re: (Score:2)
But if power is needed to unlock them from the inside, even if that power is batteries, that's a really serious design failure.
Shame... (Score:2)
Following me once, shame on you. Fool me twice, shame on me.
Three times? Really?
I can't imagine (Score:2)
a sane locking system that would not have an override on the inside so that occupants can leave the room whatever the state of the electronic lock.
Fail-safe instead of fail-secure would have to be mandatory in these cases. What if there was a fire?
LOL! ... IOT is big steaming pile of doo-doo. (Score:2)
This is type-a classic prankster penetration, now under the guise of "IOT" because SOCs have become so cheap you can stick them into anything, add a shoddy non-updateable web-thingie to it that is 5 version behind and has holes in it so big you can drive a mac truck through it. Or, more likely, default access codes that a 12-year old can look up on the intarweb in less than 15 seconds.
This is freakin' hilarious and really quite funny.
Did anyone of you guys see this coming? I certainly did.
IOT is one big pil
Re: (Score:3)
"Did anyone of you guys see this coming? I certainly did."
EVERYONE with a clue saw this coming. Unfortunately that excludes the marketdroids trying to sell IoT and the Oooh Shiny! idiots who buy it.
Daily Mail? Seriously? (Score:4, Insightful)
Wait...locked IN? (Score:2)
Re: (Score:2)
What it meant is that they would take a couple of hours to open all the doors, and they probably paid in the stop to avoid more trouble and upsetting even more the guests.
Re: (Score:2)
While I doubt people were locked in their rooms, there were not old fashioned door locks and the master key is tied to the same electronic system. Unlocking all the doors without a key would require cutting power if they were designed properly or breaking down the door if they were not.
Re: (Score:2)
Perhaps if the locks are constantly getting hit with the lock command, the knob can't be turned?
Smashing the thing and disconnecting the battery would let you out in that case (the batteries are typically stored on the inside part of the unit, otherwise it's a pretty shitty lock).
Character flaw (Score:2)
Must be a character flaw.
Tenacious and bargain-priced! (Score:2)
Hotel management said that they have now been hit three times by cybercriminals who this time managed to take down the entire key system. The guests could no longer get in or out of the hotel rooms and new key cards could not be programmed.
Bahaha, and I hadn't even seen this yet. They're hard working, too! And they only demanded 1,500 EUR? Hell, the hotel should pay them more than that for security auditing services.
Also, who the hell designs an electronic lock that can lock people in the room if it goes down? Is that even legal in Austria?
Yet according to the hotel, the hackers left a back door open in the system, and tried to attack the systems again.
See, they even offered you a free security audit checkup to verify that you fixed things properly. Try as I might, I just cannot bring myself to dislike these guys.
Brandstaetter said: "We are planning at the next room refurbishment for old-fashioned door locks with real keys. Just like 111 years ago at the time of our great-grandfathers.
Yeah, high security mechanical locks
Re: (Score:3)
I'm going to throw a brick through your window. And then charge you 1500 EUR for auditing the physical security of your home. I presume that's okay with you.
How does this "high security" lock prevent a previous guest from having made a copy of the key? It doesn't, mechanical keys are the wrong tool for the j
Re: (Score:2)
How does this "high security" lock prevent a previous guest from having made a copy of the key?
Dynamically re-keyable mechanical locks have been around for ages. Even Kwikset has one these days. The maid could do it in under 10 seconds. Requires a tiny bit of planning to set it up to be idiot-resistant, but basically on the maids' carts you'd have a series of small labeled boxes, one for each room number, that contain a partition with two keys: the old one and the new one.
I'm going to throw a brick through your window. And then charge you 1500 EUR for auditing the physical security of your home. I presume that's okay with you.
I'm going to install a lock that locks you in your hotel room if it's hacked or loses power, so you'll stand a much increased cha
Wait I thought they couldn't use physical keys (Score:2)
How much longer... (Score:2)
It's just weird. Not that anyone with some common sense wouldn't know that all these idiotic new fangled IoT devices will end up having their own problems with vulnerabilities and hacking, we basically have proof every single week or day on how easily those can be defeated... yet we keep seeing big companies investing on stuff like that as if nothing was happening.
Save yourselves the headache guys, and do not buy any IoT devices whatsoever in which usefulness do not trample security concerns and overall pro
Wait, did they say locked *IN*? (Score:3)
What kind of fucking stupid design is that where that is even physically possible? It should run afoul of absolutely every kind of fire regulation imaginable that a door lock can even *POSSIBLY* lock a person in their unit.
The mechanism to unlatch the door should be *PHYSICALLY* tied to the turning of the handle or knob on the inside of the unit such that the only way to potentially lock someone in would be to physically damage the latch first... either by welding it into position or otherwise gutting the innards so that it did not work.
Re: (Score:2)
heck as a fail safe they should have the hinges set with pins that can be yanked out with Pliers (sitting next to the Gideon Bible in the top dresser drawer)
Re: (Score:2)
It's not a stupid design at all, just a stupid Daily Mail reporter.
Makes Perfect Sense (Score:2)
I would never trust anything I own and absolutely need to work to an electronic lock. Not that I'm a luddite ... far from it ... but because I know what can go wrong, and in some circumstances absolutely nothing can be allowed to go wrong. So no electronic locks on my home's entry doors, and no home safes with electronic locks (includes gun safes).
Hotels ... I can see huge advantages for a hotel to have electronic locks on rented rooms. They will also have staff who can defeat said locks if need be. Downsid
Re: (Score:2)
The more I learn about physical locks, the less I'm convinced they are up to the job. I don't think locks should be all electric, but a lot of locks that use physical keys are laughably insecure.
Locked IN? (Score:2)
In what world is it considered a sane design decision that it is possible for guests to be locked in a hotel room? It seems like the sort of thing that should be a fire code violation at least.
Article wrong, not locks (Score:5, Informative)
"We were hacked, but nobody was locked in or out," said the hotel's Managing Director Christopher Brandstaetter. "For one day we were not able to make new keycards." "Since the locking system must work even in the event of power failure, the guests in the hotel almost did not notice the incident," the manager also added. "We simply could not issue new keycards because the computers were encrypted."
Ahhh... That makes much more sense (Score:2)
I was seriously wondering how people could get locked in their rooms. I mean that is such a massive fire code violation and commercial buildings care, a lot, about fire code because you can be sued in to oblivion.
Incorrect clickbait headline. Now that makes much more sense :D.
I call BS on this one (Score:2)
I call BS on this one. Locking guests out of their rooms, sure. Locking guests into their rooms? Uh no. Basic fire code requires that all electronic locks always allow egress, regardless of their lock state or powered/unpowered. Basically, the mechanical locking mechanism can always be opened from the inside, regardless of how the electronic locks are hacked or malfunction.
Re: (Score:2)
Read the quote right above your post. No one got locked in... the room-card-writing computer got hit with ransomware. That's all.
The summary is almost totally wrong, in other words.
GOOD! (Score:2)
All these insecure systems need to be attacked and exposed for the garbage that they are. Everyone that knows about computer systems or security has been screaming that IoT systems are bad and are not to be trusted. Despite all of this, plenty of fools in management went ahead because they are arrogant pricks who don't give a shit about what other people think. At this point, getting hit with ransomware is your wage, as in, you have gone out of your way to earn it.
You reap what you sow.
really? (Score:3)
>""on the fourth attempt the hackers had no chance because the computers had been replaced and the latest security standards integrated, and some networks had been decoupled." The 111-year-old hotel is now planning to remove all their electronic locks, "
Yeesh. If you decide to not go back to physical keys, at least consider these next time:
1) Don't connect your door/key system to the Internet, at all.
2) Isolate the machine on your network to just the needed functionality.
3) Isolate the machine physically- nobody but specialized staff should have physical access.
4) Restrict root/admin access to the machine.
5) If possible, get a system not run by any MS-Windows machines.
6) Make, test, and retain good, redundant, and incremental backups.
7) Perhaps hire or contract with I.T. staff that can set up and maintain your systems properly.
Computer systems are not like ice makers or or other appliances at a hotel. They need to be designed, setup, and maintained properly to work well. And, unfortunately, they are rarely a one-time expense. This, more than anything, is what gets companies into trouble. These types of failures being reported are more about management failure than failures of technology.
Locked *in*? (Score:2)
Rubbish. I've never stayed in a hotel with key cards where the inside handle didn't override/bypass the lock.
Because they're constantly generating new keys. (Score:2)
Re:Because they're constantly generating new keys. (Score:5, Interesting)
If, and yes, I mean "if", this were a key card only system then the lock doesn't need to communicate with the key making system at all. It just needs a token that increments with each next guest's card. When the token increments, the key cards from the prior guest stop working. When I worked at a hotel this is how the system worked. The key-making system was completely isolated. The desk person poked the room number on a key pad and the key programming box spit out a key. All it did was open that room's door.
The system in the article is what happens when you want to use your key card for all the other stuff in a hotel, like the restaurant, gift shop, etc, to be charged using the key. All the comments about key card systems not needing to be connected miss this detail. The hotel in question was almost certainly using an integrated billing-via-key card system, not just a key card system. The integrated system needs to communicate outside to approve credit cards, email a copy of your receipt, etc, etc, and thus the security weakness.
Re: (Score:2)
Re: (Score:2)
I have no idea how the system is built in practice. But the lock does not HAVE TO be on the network if you use a public key encryption system.
The lock could read an encrypted stream of bits from the keycard, decypher it with the lock's public key and check the expiration date of the keycard (encoded in the stream of bits) against its internal clock.
Now, that has drawback, in particular it prevents easily baning a keycard after it was emitted (since you would need to be able to tell the lock which is not on
Re: (Score:3)
The thing is, smart people are no exception to the rule that "people are morons".
A friend of mine who's a management consultant puts it this way: Every action you take has both intended and unintended consequences. Once a group of people become committed to a certain course of action, the intended consequences seem much more real to them and the unintended consequences seem unreal.
It's emotional involvement that makes you blind to unintended consequences, even if you're very smart. That's why the old Stoi
Re: (Score:2)
Yes. Just to make it really easy on everybody, a quote from TFA:
Nobody got locked in their rooms
.
Now, everybody can calm down, maybe skip that next expresso and move along to not reading the next FA.
Re: (Score:2)
It hardly matters when the problem is the idiot sitting there opening suspicious email attachments.
Re: (Score:2)