Is your room safe?

[Wizzard419]

Actually, I don't care.

Anyway, next time you're at a hotel, check to see if your room has a lock like the one noted.

http://www.forbes.com/sites/andygreenbe ... ard-locks/

It's actually really easy to break into a hotel room, but that way is a little more subtle than using a keycard generator. The one drawback to electronic locks vs keyed ones is that they frequently have a data port or some other weakpoint on the outside in the event the lock stops working properly.

[Amy]

Hmmm, interesting...

[cy1229]

Another reason to leave nothing of value in the hotel room - even the safe is not reliable. Someone can get into the room, slip the "DND" sign on the door, and sit there literally for hours trying codes until it pops open. They run the risk of being caught doing this, but I'm sure there's a science to the codes people choose for hotel safes.

What bothers me most about this article is that the guy posted everything on his website. Seriously? Why not post an offer to make it available to law enforcement and hotel security staff, but not to the general public, especially the bored geeky types who have nothing better to do with their time?

[Amy]

Another reason to leave nothing of value in the hotel room - even the safe is not reliable. Someone can get into the room, slip the "DND" sign on the door, and sit there literally for hours trying codes until it pops open. They run the risk of being caught doing this, but I'm sure there's a science to the codes people choose for hotel safes.

What bothers me most about this article is that the guy posted everything on his website. Seriously? Why not post an offer to make it available to law enforcement and hotel security staff, but not to the general public, especially the bored geeky types who have nothing better to do with their time?

I noticed that too - nothing like making it easier for criminals

[dstrawn9889]

this is what black-hats do, instigate change post-facto, and create a little mayhem in the process.. white hats work with the company and try to mitigate a disaster from happening...

[Wizzard419]

This is where I would normally make a comment like "Reading is fun-DUH-mental!" but as you may not be up to speed on the terms I will have to let it pass.

A black hat is a hacker that breaks into systems with a somewhat more malicious goal and often sells the info to the companies under threat of wide release. The conversation can be something like "I found a weakness in your system, give me money and I will tell you what it is and won't tell/will delay in sharing the info with everyone else." If they do not comply, then they will have to take the risk of people exploiting the system until they can fix it.

There are also white hats, works for good, and grey hats that are a mix of both.

The problem with sharing the info with law enforcement or hotel security is that they cannot do anything anyway short of injecting epoxy into the holes which then may prevent the lock from working at all. It sounds like the device also won't leave any useful data on the lock since it's not trying to disguise itself as a key.

Hotel room locks' universal format for the cards also has another interesting problem, apparently (its rare) room keys will work at different hotels. It most likely isn't at hotel heavy locations, such as WDW or Las Vegas. Since there isn't any real security on the codes they may end up working in the same room numbers at different places.

[cy1229]

The problem with sharing the info with law enforcement or hotel security is that they cannot do anything anyway short of injecting epoxy into the holes which then may prevent the lock from working at all. It sounds like the device also won't leave any useful data on the lock since it's not trying to disguise itself as a key.

Hotel room locks' universal format for the cards also has another interesting problem, apparently (its rare) room keys will work at different hotels. It most likely isn't at hotel heavy locations, such as WDW or Las Vegas. Since there isn't any real security on the codes they may end up working in the same room numbers at different places.

I will disagree about the helplessness of cop-types. If they're having a string of problems, they can install little closed-circuit cameras in hallways to see if they have a problem with in-house staff or an outsider using a similar device. And the people I meant to include the lock manufacturing companies on my list of people to inform. I blame the Sudafed.

I wonder if a Hilton card from Chicago would work in the Hilton in NY. Not about to find out, mind you, too much work. I just wonder.

[Wizzard419]

Larger scale hotels generally have security in the halls (partially for theft mostly for insurance) but this is a crime that won't set off any alarms until you're long gone. Since the police can only be reactive, they are helpless in this case since the problem is a hardware fault. Whatever the fix is going to be, it most likely is going to be slow and expensive and may require that each of those 4-5 million locks be worked on individually. There is also the chance that they will simply do nothing to fix it, kind of like the biometric locks that can be opened with a paperclip.

They do inform the companies, but they want compensation for their... consulting.

I would say try the elevator, if it requires a card, that way you won't risk an awkward conversation with someone when you open the door to their room.

[GeoffS]

The benefit of public release is that a company may see it as a PR disaster, and change rapidly to fix the situation. Unfortunately, hotel safety usually takes some violent crime to be publicized via major media to result in a change.

We're all responsible for safeguarding our own valuables. If you don't trust the in-room safe, ask the front desk about the hotel safe. They assume higher liability, and therefore protect it more strictly.

[Wizzard419]

I remember something about the "hotel safe" from years ago, in some cases hotels elect to not put guests items in their vault (which they also may not have) and instead just keep them in the manager's office. General rule is that if it is something that you cannot replace (such as sensitive data) or cannot afford to replace, don't bring it with you.

[Wizzard419]

This was apparently one of the trivia contest questions from the hacker event this year.

[cy1229]

This was apparently one of the trivia contest questions from the hacker event this year.

HAHAHAHAHAHAHAHA!!!!!

Too funny.

[Chuckus95]

Good to know. Then again, I always use the chain and deadbolt when I'm in the room and do not take valuables with me on trips.

[Wizzard419]

Ah, that chain isn't exactly secure...

http://www.youtube.com/watch?v=D0zO9Qfr5Mk

I am always amazed when I hear people taking confidental stuff with them on vacation, including laptops with source code, files, etc.

[Amy]

Ah, that chain isn't exactly secure...

http://www.youtube.com/watch?v=D0zO9Qfr5Mk

I am always amazed when I hear people taking confidental stuff with them on vacation, including laptops with source code, files, etc.

Boy would they be disappointed if they stole my laptop. Lots of pictures...not much else