WE all double lock our hotel room doors at night – but it seems there’s still a way to get in without a key.
An alarming video shows just how easy it is to shimmy open a door – using just a piece of paper.
4
In the video, a man is seen opening a hotel door - using a takeaway menuIn the video, taken at a hotel in Tampa, Florida, a man manages to open both locks on a door in under 30 seconds.
First of all he slides paper – in this case a takeaway menu – between a hotel door and the door frame.
He is able to quickly ease open the door’s lock and handle, before moving onto the safety latch above.
He is also able to open this within just a few seconds by wiggling the paper so that it interrupts the latch’s mechanism.
4
The takeaway menu is slipped between the door and the door frame and used to open the door's lock4
The man is then able to walk into the room – and is seen smiling as he enters.
A caption for the video reads: “Using only the paper pizza menus that were pushed under our door during the day, I can shim open our hotel room door defeating both the striker and the top swing arm latch in under 30 seconds.
“Faster times can be achieved if you aren't trying to video.”
Even if your hotel room door lock can be opened, there are a number of ways to keep safe from intruders.
4
The man is into the room within 30 secondsA cheap doorstop could be the ultimate way to stay safe - and they can cost less than a pound.
The simple rubber stop can be used while staying at every hotel room to stop unwanted intruders from breaking and entering.
MOST READ IN TRAVEL
While most hotel rooms doors are fairly secure, even the strongest intruder would struggle to break through a door with a doorstop wedged from the other side.
Flight attendants have also revealed that they use travel door alarms which monitor movement near to hotel doors to stay safe when they're away from home.
If a door handle is moved during the night, the alarm hanging from the handle will sound - alerting the sleeping guest and hopefully scaring off the intruder.
An expert has also revealed his tips for guarding against terrorist attacks when staying in a hotel.
About |
Most security news is about insecurity, hacking and cyber threats, bordering on scary. But when security is done right, it's a beautiful thing...sexy even. Security IS sexy.
At DEF CON, a researcher will unveil a small $6 device which can be used to duplicate every keycard in a hotel, so an attacker could break into every room, as well as to infect point-of-sale systems.
If a hacker wants into your hotel room, it’s a done deal.
Previously, Cody Brocious showed how to pick a hotel door lock in 200 milliseconds – less time than it takes to blink; inspired by that, other researchers developed devices to pick Onity keycard-protected hotel locks; the smallest was disguised as a dry erase marker.
Last year, Samy Kamkar showed off MagSpoof, which can wirelessly read the data stored on a card’s magnetic stripe, be that a credit card or a hotel keycard. Well now, with just $6 of hardware, there’s a way to brute force every keycard for a hotel in a relatively short period of time.
Weston Hecker, a senior security engineer at Rapid7, was inspired by Kamkar’s MagSpoof. Not only can his creation snag the data off one hotel keycard, it also can be used to duplicate every hotel keycard and open every door.
IDG’s Lucian Constantin reported:
Hecker estimates that brute forcing a typical room lock in a hotel with 50 to 100 rooms would take around 18 minutes. Brute forcing a special key, like those used by housekeeping and other staff, would take around a half an hour.
Hecker’s device, which is about the size of a deck of cards, can make 48 guesses per minute. It brute forces possible number combinations stored on a hotel keycard’s magnetic stripe. That data is usually unencrypted and the identification number was sequentially assigned.
Forbes explained:
If malicious, a hacker would take information from their own hotel room key. This would typically include the encoded output of their folio number (essentially an ID record that’s supposed to be unique but isn’t), the hotel room number and checkout date. They would then know what data fields needed to be guessed for a key copy to be found. The hacker could then walk up to a hotel room, hold Hecker’s tool close to the card reader, and it would run through every possible combination of those details, before spewing out the encoded data (i.e. the key).
If an attacker chose to, he could leave the device working and be notified via his smartphone when the right combination was found.
The problem is a design flaw in the magstripes. Hecker said, “The brute force susceptibility appears to affect most any property management system that uses magstripe key cards, so it's multi vendor.” It could be rectified by adding more data stored on the keycard stripe, by assigning the numbers randomly and by using encryption.
Hecker told The Hill, “For now, there’s not a whole lot consumers can do around this. Stay alert, use a hotel safe, maybe even put a chair against the door.”
Same device can be used to hack and infect point-of-sale systems
Hecker’s device is not limited to breaking into hotel rooms; it can also potentially inject malicious code to compromise point-of-sale (PoS) systems and “pop open cash registers.”
An attacker armed with such a device could hold it close to the PoS system with a magstripe reader and start injecting malicious keystrokes. While it might seem like someone would notice the device, it is small enough to be hidden under an attacker’s sleeve, left in an empty phone case, etc.
An attacker could, for example, leave the hidden device near a PoS system – near as in really close, like no more than four-and-a-half inches from the reader, and then “remotely open a command prompt on the system and then use it to download and install memory scraping malware through the necessary keyboard commands.”
Unfortunately, such an attack would work on most Windows-based PoS systems that are designed to work with a keyboard. It would also work on systems that accept reward program points. Rapid7 disclosed the vulnerabilities to US-CERT.
Hecker, who also made cash spit out of an ATM during a Black Hat presentation, will present “Hacking Hotel Keys and Point of Sale Systems: Attacking Systems Using Magnetic Secure Transmission” at DEF CON on August 7.
Darlene Storm (not her real name) is a freelance writer with a background in information technology and information security.
Copyright © 2016 IDG Communications, Inc.