Ransomware Infects a Hotel's Key System

An anonymous reader writes: A luxury hotel "paid "thousands" in Bitcoin ransom to cybercriminals who hacked into their electronic key system. The "furious" hotel manager says it's the third time their electronic system has been attacked, though one local news site reports that "on the fourth attempt the hackers had no chance because the computers had been replaced and the latest security standards integrated, and some networks had been decoupled." The 111-year-old hotel is now planning to remove all their electronic locks, and return to old-fashioned door locks with real keys. But they're going public to warn other hotels -- some of which they say have also already been hit by ransomware.
UPDATE: The hotel's managing director has clarified today that despite press reports, "We were hacked, but nobody was locked in or out" of their rooms.

Yay, connectivity and IoT

[Anonymous+Brave+Guy]

Who thought it was a good idea for essential systems like this to be online in the first place?!

This is why the Internet of Things is such a horrible concept. Most things don't need to be online and connected to everything else, and the cost of trying to be trendy is huge increases in risks to the privacy, security and reliability of everyday items.

Closed networks do just fine for these kinds of systems, don't actually need to cost that much more, and have none of the vulnerabilities.

Re: Yay, connectivity and IoT

This has nothing to do with IoT.

Re:Yay, connectivity and IoT

[NotInHere]

Probably the network the hotel was connected to was already reasonably firewalled or maybe even inside some virtual chain intranet. But such networks are still very easy to hack because of shitty update policies, microsoft windows, and attachment.zip.exe.

It doesn't need to be "thing that talks with cloud and you talk with cloud to talk with thing" like IOT to be hackable.

Re: Yay, connectivity and IoT

[Going_Digital]

Was it connected to the internet? Was it a thing capable of being controlled using that internet connection? So why then is it not an Internet Thing?

Re: Yay, connectivity and IoT

You miss the point nimrod. Wait till they get bored with locking out hotel guests and start focusing on IoT devices.

Re: Yay, connectivity and IoT

[Anonymous+Brave+Guy]

The article doesn't specify the exact system or how it was compromised, so unless you have some other source to share, none of us know whether the devices that were compromised in this specific case were directly Internet-connected. Some modern hotel systems are. It could also be that the repeated hacks in this case accessed the room key system indirectly via some other system that was compromised first. The fundamental issues raised are the same either way.

Re:Yay, connectivity and IoT

retarded marketing execs wanting to sell you shit

Re: Yay, connectivity and IoT

Were you born a douche?

Re: Yay, connectivity and IoT

[bill_mcgonigle]

Plus you don't have a situation like this where three guests died waiting for the BTC confirmation.

Re: Yay, connectivity and IoT

Yes. Yes I was, brother twin.

Re:Yay, connectivity and IoT

[fahrbot-bot]

Who thought it was a good idea for essential systems like this to be online in the first place?!

Hackers - duh.

Re:Yay, connectivity and IoT

That's not the failure here. The failure here is that there's no way of manually unlocking the door from the inside. That has to be some sort of firecode violation.

The fact that the computer that ran that was also connected to the internet just compounds the problem. People should always be able to get out, no matter what's going on with the computer system.

Re:Yay, connectivity and IoT

[arth1]

Who thought it was a good idea for essential systems like this to be online in the first place?

Hacking doesn't have to happen from the internet. The locks are in communication with the central system, which makes each lock a potential point of entry for hacking the system.

Re:Yay, connectivity and IoT

[CaptainDork]

... easy to hack because of shitty update policies, [...], and attachment.zip.exe.

Agree, and it's because the hotel thinks the bottom line is accounts payable/accounts receivable where revenue exceeds expenses.

Loss-prevention is a cost of doing business.

Hotels can pay for that up front, or pay for it later.

Delay is expensive.

As discussed in TFS, they have to pay the ransom and then go back and pay to harden the system.

Re: Yay, connectivity and IoT

"...some networks had been decoupled."

Re: Yay, connectivity and IoT

[geoskd]

This has nothing to do with IoT.

This has everything to do with IoT. Its the same principles being used to design hardware and software that gets connected to the Internet. The root of the problem here is that the IoT is entirely unregulated. Anyone who wants to know what unregulated industry looks like: This is it. The free market simply will not correct this situation, because it has no mechanism to do so. Until the IoT is regulated, shit like this is just going to keep happening and escalating until something truly lethal happens, and then, *then* people will go "Oh my god, this needs some kind of regulation!".

Re:Yay, connectivity and IoT

[Anonymous+Brave+Guy]

Obviously there should be physical safeguards for when the tech screws up, but I don't think that diminishes the scale of the original screw up.

Re:Yay, connectivity and IoT

[Anonymous+Brave+Guy]

Well, yes. People with physical access to closed systems can potentially attack them in ways that people with only remote access can't. News at 11.

That's not an argument against minimizing the attack surface by avoiding unnecessary remote access, though, is it?

Re:Yay, connectivity and IoT

[arth1]

That's not an argument against minimizing the attack surface by avoiding unnecessary remote access, though, is it?

No, it's an argument against thinking systems become safe by detaching them from the internet.

And from my experience, it's often easier to find vulnerabilities on local and required networks. Manufacturers tend to put very little thought into securing its own devices from each other.
Trust is the big evil in security.

Re: Yay, connectivity and IoT

If it wasn't connected to the Internet in some way, how in the hell would someone compromise it remotely?

Re: Yay, connectivity and IoT

[ShanghaiBill]

Was it connected to the internet?

Apparently. According to TFA, the hackers were able to lock all the doors, trapping some guests in their rooms. I don't see how they could have done that if the locks were not accessible over the internet.

I know nothing about Austrian law, but in America this lock system would have been ILLEGAL, and I am astonished that something like this was ever designed and installed. It is a blatant violation of every fire code I have ever seen. Locking people out is fine, but you NEVER NEVER NEVER lock people IN, nor do you ever design something where human safety depends on software or electricity. Egress should always be possible using only mechanical means.

Re: Yay, connectivity and IoT

[lgw]

If it wasn't connected to the Internet in some way, how in the hell would someone compromise it remotely?

Dial up? That's how ATM hacking used to work - heck, maybe it still does. Dial-up connections are still used in a variety of embedded applications for remote maintenance, perhaps because it gives the illusion of not being on a publicly accessible network (despite being on the oldest such network).

Re: Yay, connectivity and IoT

[ShanghaiBill]

The free market simply will not correct this situation, because it has no mechanism to do so.

Yes it does: Civil law torts.

Until the IoT is regulated, shit like this is just going to keep happening

Regulation means that the spec is written by government bureaucrats, or (even worse) a congressional committee. That will lead to ossification and a focus on compliance checklists rather than real security.

This hotel had their card system hacked THREE TIMES, yet still had it connected to the Internet. You can't regulate away that level of stupidity.

Re:Yay, connectivity and IoT

[lgw]

No, it's an argument against thinking systems become safe by detaching them from the internet.

There's no such thing as "safe". That's not how security works, Detaching systems from the internet makes them safer, and that's a Good Thing.

In this case, I applaud moving back to mechanical keys. It's a mature security system, the weaknesses and their mitigations are well understood, and it matches people's expectations about what behaviors are safe. I also suspect it's not particularly expensive at any sort of scale (once it makes sense to cut your own keys, and have staff trained to do that - it's not like key blanks are expensive).

Re:Yay, connectivity and IoT

attachment.zip.exe

Microsoft: Let's make it so that users don't see those pesky file extensions because apparently they keep changing the extension, which makes windows unable to open the file with the correct program, and we don't want to fix our broken default program code.

IT Guys: NOOOOO!!!!! That will make it even easier to hide malware!

Microsoft: OK fine, so let's bury the option to turn it off on the advanced tab in an obscure dialog box that no-one will ever open that defaults to a tab with options for making the GUI act like a web browser.

All it takes is a little masking and ignorance to hide malicious intent.

Re:Yay, connectivity and IoT

It does diminish the scale of the original screw up. If that hotel had caught on fire, EVERYONE would have died locked in their rooms. A bunch of people burning to dead through no fault of their own is far worse than poor IT security on what's supposed to be a non-life critical system. If their locking system wasn't a firecode violation it soon will be.

Re: Yay, connectivity and IoT

[Kjella]

I know nothing about Austrian law, but in America this lock system would have been ILLEGAL, and I am astonished that something like this was ever designed and installed. It is a blatant violation of every fire code I have ever seen. Locking people out is fine, but you NEVER NEVER NEVER lock people IN, nor do you ever design something where human safety depends on software or electricity. Egress should always be possible using only mechanical means.

EU law is rarely softer than US law when it comes to consumer safety, so I doubt they were actually trapped. The problem is probably that this was tied into breaking the glass and setting off the fire alarm with sirens and unlocking all the rooms. While you could silence the sirens, everything would be open to theft and also you wouldn't have a working alarm in case of an actual fire so they probably asked their guests to stay while they tried to resolve it some other way. There's no requirement that the emergency exit should be functional as a backup system.

Re:Yay, connectivity and IoT

[im_thatoneguy]

Who thought it was a good idea for essential systems like this to be online in the first place?!

Someone who understands their most profitable customers: business customers. If your business customers can check-in online through the app and be assigned a room which they can unlock from their phone without ever interacting with the front desk.

"Thank you Samantha for picking Great Hotel again. Your room number is 352. Click here to unlock the door. If you have any problems or questions please dial ## or stop by the front desk."

Obviously the devil is in the details but NFC keycards aren't going anywhere (no changing locks and lost keys) and internet aware locks are the obvious next step of convenience and cost cutting.

Re:Yay, connectivity and IoT

Agreed.
IoT is simply a misnomer, it should be IdioT. The concept is only driven by the "needs" of the parts manufacturers, it has very limited utility.
Putting simple devices on the net can only lead to massive disappointment, that should be proven by now.

Re:Yay, connectivity and IoT

[HiThere]

Closed networks solve SOME of the problems inherent in an electronic solution. They sure don't solve all of them. This sounds like a power outage would also have locked everyone in their rooms, e.g.

Re:Yay, connectivity and IoT

That has to be some sort of fire code violation

Not just fire but any kind of emergency. If hackers could disable the doors so could a random bug. It's no surprise the GP added "publicity stunt".

Re:Yay, connectivity and IoT

[Anonymous+Brave+Guy]

Maybe. The article doesn't say, but if the attack truly did lock the doors from inside then clearly they have other problems, for sure. At that point, you're not talking about vulnerabilities to hostile parties any more, you're talking about basic reliability and safety concerns.

Re:Yay, connectivity and IoT

[Anonymous+Brave+Guy]

Obviously the devil is in the details but NFC keycards aren't going anywhere (no changing locks and lost keys)

OK, I'm with you so far.

and internet aware locks are the obvious next step of convenience and cost cutting.

::boggle::

Even some of the cheaper hotel chains here in the UK now routinely have machines that let you check in without staff intervention, including coding your keycards for you. It takes a few moments. It is not at all obvious to me that Internet-enabling anything about this process would be either more convenient or cheaper for anyone.

Re: Yay, connectivity and IoT

That's not the normal English language use of the word "safe". It doesn't mean "absolutely, perfectly free of risk of harm". It's a relative term.

Re: Yay, connectivity and IoT

Indeed, fire code, building code, you name it. I am yet to come across a hotel here in Europe where you would have to use your key card to go out of the room.
This story is clearly overstating what happened. Yes it sucks of you're a hotel owner, and your card system gets hacked but if your guests could potentially get trapped in case of some malfunction, you're in deep trouble.

Re:Yay, connectivity and IoT

[whoever57]

/Checks where this took place... Austria. /Considers the possiblity for off-color jokes....

Re: Yay, connectivity and IoT

[Hognoxious]

What *are* you on about with the breaking glass bullshit? Next time you're in a hotel room close the door and put the card in your pocket. Then slowly turn the handle. At about 30 or so degrees you'll feel a bit of resistance. That's the mechanical override (I assume it's a lever or cam[1]) engaging. Turn it some more and hey presto, the door unlocks.

[1] I'll take a set of screwdrivers on my next road trip.

Re: Yay, connectivity and IoT

Would that be the same torts that the deregulation crowd wants to "reform" to decrease their effectiveness?

Re: Yay, connectivity and IoT

Yeah, Civil law torts. Civil law torts destroyed the General Aviation aircraft market in the 80's and 90's until the feds passed the General Aviation Revitalization Act of 1994 to somewhat shield the manufacturers from well heeled lawyers and plaintiffs suing over crashes of 40 year old airplanes. I'll take my chances with the bureaucrats and a compliance checklist over the plaintiff's lawyers who can sue for anything, anytime. And fear of lawsuits has lead to plenty of ossification.

Re: Yay, connectivity and IoT

[lgw]

That's not the normal English language use of the word "safe".

Let's check a dictionary

1: free from harm or risk
: unhurt
2 : secure from threat of danger, harm, or loss

It doesn't mean "absolutely, perfectly free of risk of harm". It's a relative term.

Your private definition of "safe" is not in common use, I'm afraid. I think you want "safer", which means what you want it to mean.

Re:Yay, connectivity and IoT

the hotel owner needs to invest in a real IT person that will tell the owner what the hotel needs and the owner will...pay...

Re:Yay, connectivity and IoT

Except when room keys goes missing, you don't just cut a new key. You change the cylinder. Anything else is irresponsible and subject for liability.

Occupants in that room expect that they (and hotel staff) are the only ones with access to that room, THAT is the expectation people have. Not that former hotel guests may still have access to that room.

Re:Yay, connectivity and IoT

[rtb61]

Most countries laws demand electronic locks, unlock upon power failure and people can not be locked in. I find it very unusual that when they admitted to locking in guests, they were not immediately visited by the applicable regulatory agency and immediately penalised, heavily.

Re: Yay, connectivity and IoT

[houghi]

To me it has nothing to do with IoT. What I see has happened is that they hacked the computers of the hotel. One of these computers is the system that writes the cards. That system does the verification if the card is valid or not.

These types of system are many, many years old and pre-date the IoT by a large margin. It is basically the same as the badge you have in your wallet.

That does not mean IoT is a good or bad thing. It just means that this has nothing to do with IoT as these doors are not IoT.

Re: Yay, connectivity and IoT

[mlts]

Torts will do little to nothing. Every IoT device has a EULA or ToS with it forcing arbitration and absolving the device maker of all blame should something happen with the item. Even with torts, the IoT company likely has a good number of lawyers who will just steamroll over anyone bringing lawsuits, or just stall the lawsuit until the plaintiff has to drop it due to lack of funds.

For the little guy, the civil system only will bankrupt them, so it is no real check.

Because IoT makers view security as having no ROI, we will keep seeing this over and over. In fact, having devices that are unable to be updated brings more money, because it forces consumers to buy the 1.1 or 2.0 version of the same IoT device.

This is why government has to step in. There is no mechanism to make IoT makers give a rat's ass about security whatsoever. The same exact thing is why we have UL listings. Companies don't make money by spending extra to have appliances that don't electrocute the end user, so government mandates UL listings in order to have a safe standard. Perhaps the same should be done with regards to security, since security mandates will not be coming from the private sector, as it does not benefit them. "A lock makes no money for anyone other than the lock maker and the locksmith."

I applaud the hotel for moving back to keys. Ideally, the system for the card readers should be a closed, air-gapped system that has zero network connectivity (almost all hotels had exactly this in the 80s and early 90s so it isn't a must have for door locks to be connected to the Internet), but moving back to a completely mechanical system isn't a bad thing either. Even with a high security locks like Abloy or Evva MKS, the cost of cutting a new key and repinning a hotel cylinder can likely far cheaper than having to maintain/update/replace a keycard system anyway.

Re:Yay, connectivity and IoT

[DarkOx]

I wonder though. I assume lots of these locks get a signal and trigger a solenoid to move the lock mechanism internally. You can move the mechanism with the handle ordinarily to return it to the unlocked state but if the hackers are constantly sending the 'lock' command, and keeping the solenoid energized that might not be possible. I wonder if cutting the power might have been a solution for enable people to get out of the rooms.

Re:Yay, connectivity and IoT

There was an update stating that guests were not locked in their rooms. And even if it's not on the Internet it's still possible to compromise the system. The OP has a valid point (and I say this as a technology integrator), some things just shouldn't be computerized. The risk vs reward analysis just isn't there. How many times have you had a key that just flat didn't work? Sure people lose them. They lose the cards too. Hire a locksmith. It's cheaper and more reliable.

Re:Yay, connectivity and IoT

That's not the failure here. The failure here is that there's no way of manually unlocking the door from the inside. That has to be some sort of firecode violation.

From the article http://www.thelocal.at/2017012... : "...Correction: Due to a misunderstanding, it was stated that guests were locked in their rooms. This was not the case, as guests were free to leave at any time, however they were unable to re-enter their rooms. The story has been edited accordingly..."

Re:Yay, connectivity and IoT

[lgw]

Sure, but it's also not that expensive to swap the room lock with a new one, if you have someone on staff that does that (and especially if you buy doors and lock designed to facilitate this). The old cylinder can eventually go into some other, random door, after all.

Re:Yay, connectivity and IoT

[tlhIngan]

Who thought it was a good idea for essential systems like this to be online in the first place?!

This is why the Internet of Things is such a horrible concept. Most things don't need to be online and connected to everything else, and the cost of trying to be trendy is huge increases in risks to the privacy, security and reliability of everyday items.

Closed networks do just fine for these kinds of systems, don't actually need to cost that much more, and have none of the vulnerabilities.

And guests perhaps want the convenience of using their phones as room keys, perhaps?

Some hotels do offer it as an option - you can get 1 room key, and/or choose to link your phone to the room.

Customers do like it as they don't have to carry their room key with them, and it offers the chance to have a room key for everyone linked to what they already have with them anyhow, especially if they step out and forget to collect the key.

It's the same reason why hotels moved away from keys to electronic keys - first, the keys no longer bear the room number (a good idea these days to prevent people from rummaging with a found room key), second, the key cards are decoupled from the rooms and can be activated and deactivated remotely. Some guests, after all, do copy keys.

Yes, IoT has security issues, but to dismiss it as "we don't need it" really eliminates any sort of discussion as to why people are using it in the first place.

Re:Yay, connectivity and IoT

[Anonymous+Brave+Guy]

I didn't dismiss it entirely -- I just said most things don't need to be online.

I'm always open to genuinely useful ideas, but for example in the case you gave, most likely any phone app to do that would be using NFC or some similar technology, so there would still be no need for remote access to the whole key system from outside the hotel.

Re: Yay, connectivity and IoT

[david_thornley]

Actually, the Underwriters Laboratories (UL) is a private organization, and is only one of a list of companies the US Government will accept for certification. As it got popular, people and businesses started demanding the UL label enough that it was easier for a manufacturer to just get UL approval than try to sell without it. So far, it doesn't seem to have become a rubber stamp for sufficient money, hasn't become much of a market barrier, and still retains its reputation. The UL is the libertarian's dream in the open market, but it appears to be the exception rather than the rule.

Re:Yay, connectivity and IoT

[Coren22]

What are you going to make koala and kangaroo jokes?

Why don't people understand...

[iCEBaLM]

Critical infrastructure DOESN'T NEED ACCESS TO A PUBLIC INTERNET.

Governments, utility providers, MILLITARIES! All of them have publicly accessible computers. WHY?

Re:Why don't people understand...

[NotInHere]

Because its more convenient and it "works" until cases like these, but they are very exceptional. Most people only want computers to work, "security" is a strange and unknown concept to them.

But yeah, its trivial to get rid of this vulnerability by simply having two computers, one for the door locking management system, NOT CONNECTED, and the second one to write emails with, etc.

Re:Why don't people understand...

Bingo.

Those Hotel key systems should have been "air-gapped" from the billing system. All they needed to do was put a NFC reader on the doors, minibar, etc and then have the front-desk tap the key to their billing system to change what door is unlocked by it. Essentially the "key" would be a number that matches the door, and the cryptoprocessor on the card would look up what door asked for a key, and if there is no key on the card, the door goes, go away. The billing system would only care if the person didn't check out, in which case the front desk/housekeeping could tap their card to the door and bar and then to a portable billing terminal to "download" the history log. Store everything in NVRAM.

Instead, most electronic locks are the other way around, there is a "key number" on the card, and the door systems communicate with the front desk to look up the key. They're insecure primarily because the keys use magnetic stripes, thus anyone can rewrite the card, and copy other keys using nothing more than a microphone. Those samsung phones with the magstripe emulator? Those can hack the magstripe hotel keys. If you've ever had a cassette tape recorder you would know this. Turn the volume down (eg mute it) and then play the tape, you can still hear it being generated off the play head.

Re:Why don't people understand...

[Bite+The+Pillow]

Because you don't hire a programmer nor security consultant to install these systems. You buy the system, and an installer gets the job done with a minimum of extra work.

You're buying a modernization package, not a security solution. And it will stay this way until people mark up the contract and send it back signed, with additions. But the sale will be voided, the security won't be enforced, until the business has enough customers demanding security.

The military aspect is kinda vague, I'm not going to address each scenario, but there is an answer, and rarely is it just incompetence, ignorance, or some other magic word to wave away the details.

Problems have solutions, and as long as we identify both specifically they can be fixed. Rhetorical questions never solved anything, it is far more effective to identity and resolve.

Re:Why don't people understand...

You are a PENIS.

Re:Why don't people understand...

[bluegutang]

Governments, utility providers, MILLITARIES!

A "millitary" doesn't seem very powerful. My country has a megatary, I'm just saying...

Re:Why don't people understand...

[CaptainDork]

Problems have solutions ...

Some solutions to some problems is litigation.

Apparently, the hotel didn't purchase a turnkey (see what I did there) technical system.

The evidence is in the part where they went BACK and hardened the system.

There is an obvious point of failure in the procurement, implementation, and maintenance of the system.

Who, exactly, is responsible for that?

Whoever it is needs a good spanking in court.

For reference, see fire-related litigation that resulted in ordinances requiring occupancy levels, extinguishers, sprinklers, exits, smoke detectors, alarms, building codes, fire lane parking, etc.

A lot of people died before court decisions made these features a part of the cost of doing business.

Re:Why don't people understand...

[arth1]

Those Hotel key systems should have been "air-gapped" from the billing system. All they needed to do was put a NFC reader on the doors, minibar, etc and then have the front-desk tap the key to their billing system to change what door is unlocked by it. Essentially the "key" would be a number that matches the door, and the cryptoprocessor on the card would look up what door asked for a key, and if there is no key on the card, the door goes, go away.

Thus speaks an armchair expert with no experience with hacking or hotels.
Customers lose their keys. With transactions stored on the key, then the transactions are lost too.
Then there's emergencies, where doors should open without a key. That requires a remote system.

The locks need to be autonomous, and not change their behaviour based on whether authentication is available or not (or anyone can DoS the system quite easily), yet still be programmable from a remote station.

Re:Why don't people understand...

[EETech1]

Until you want to express check in with your smartphone app, and use the NFC on your phone as the key.

Re:Why don't people understand...

Well for utilities it is critical to remotely get operating data. This can be securely done of course. See NERC-CIP. So it's false to say there should be no access.

Re:Why don't people understand...

[n3r0.m4dski11z]

Critical infrastructure DOESN'T NEED ACCESS TO A PUBLIC INTERNET

The focus of my job, nor my companies is security. However if someone is on the lan with DDC (Digital Data Control) and other systems, access control for instance, they have an even better shot of pulling something like this off. For all you know, they had a default system with default security credentials and no Vlans or any other of even the most basic controls. I get your point, but it could have easily been an inside job, by even say, a guest in the hotel.

Most small businesses i see, have zero vlans and access their cameras, pos, hvac, and access control from the same network that is available in the wall ports. Sure a hotel SHOULD have better security than that, but realistically, do they?

Re:Why don't people understand...

[HiThere]

How about "There should be no external write access."?

I don't think I can read over a set of specs and decide that it will be secure under all circumstances unless it's trivially simple. This particular failure mode is only one case where electronic locks are a bad idea. What effect would a power outage have? A close lightning strike on the power lines? An EMP? Etc.

Traditional key and lock has a lot going for it, but I can see the attraction also of a system that's easily changed. But I think that could be done mechanically with a plastic key. (Sorry, those keys wouldn't be reusable, since they would be mechanically shaped.) And a variable combination lock is a well worked-out technology. With a ten position lock 4 or five digits would be plenty for this use. And have an easy way to leave the room in a hurry.

Re: Why don't people understand...

Airgapping. I mean, I get it, there's a good reason to keep critical systems off the Internet. What I don't understand is why all this virtualization tech, containers and isolation isn't working? We need operating systems that subscribe to isolation from the get go, but I guess that doesn't go in favor of the vendor that wants your data.

If you make it hard to get in, you make it hard for Acme-IoT to get out. Fuck, I had to open an online account to use my router. My TV has a login. What next? The stove?

Re:Why don't people understand...

Critical infrastructure DOESN'T NEED ACCESS TO A PUBLIC INTERNET.

Governments, utility providers, MILLITARIES! All of them have publicly accessible computers. WHY?

Actually, access to the Internet is irrelevant, as if the attacker is determined enough they can jump air gaps:

https://en.wikipedia.org/wiki/Stuxnet
https://en.wikipedia.org/wiki/Air_gap_(networking)#Limitations

Re:Why don't people understand...

[iCEBaLM]

Oh no, I typed an extra letter. Congratulations, you're "that guy".

Re:Why don't people understand...

[iCEBaLM]

I'm interested, why is it critical to remotely get operating data? Did we not have power generation and transmission before the internet existed?

Re:Why don't people understand...

[iCEBaLM]

Ransomware by design has to connect to a control server to dump the generated encryption keys. Otherwise nobody would pay the ransom if they couldn't get their shit decrypted.

Re:Why don't people understand...

Some of us - who understand the risks - have been warning against these stupidities for years. All of London's road and Underground Railway tunnels use Windows computers for their SCADA monitoring and control - and all of them are connected to the public internet. There are some minor attempts at firewalls, but they're complete nonsense. It's just a matter of time until they're attacked in one way or another.

Re:Why don't people understand...

[houghi]

Because they have some computers that need access to the Internet and thus linking things indirectly to the Internet.
Hotels need access to the Internet. This to get the reservations and to see where they send people if they overbook.

The computer that handles the reservation is thus connected to the Internet. This will be connected to a computer at the reception for the check-in and check-out. That is also the same computer that they use to enter and print-out the card for your room. That system is also connected so it will be able to do your card verification, so another connection is done.

So a virus or most likely a Trojan has been opened at some PC that has access to the network. Could be the manager. Could be reception that gets an email at their info address.

So yes, these computers do need (indirect) contact to the Internet. Having it completely separated would mean that they have two PCs and need to type in everything from the screen on one of them onto the screen of the other.

That also means that NO updates can ever be done to ANY of the systems, EVER! Because that would mean that somewhere along the line there is a PC that must have an Internet connection.

No idea I ever needed to explain the basic workings of a network to somebody that has such a low ID.

Re:Why don't people understand...

[LordWabbit2]

Most people only want computers to work, "security" is a strange and unknown concept to them.

Or at best it's an irritant that they don't want (or think they don't).

Re:Why don't people understand...

[EndlessNameless]

The drama is strong with this one.

Governments, utility providers, MILLITARIES! All of them have publicly accessible computers. WHY?

As we learned from the Clinton email scandal, there are non-internet government networks---and it is illegal to move certain bits of information off of those networks.

But you'd be surprised how much information needs to be routed somewhere else, and SSL/TLS tunnels are much cheaper and more flexible than dedicated backhaul.

Security costs money, and good security costs a lot of money. Not just infrastructure costs either. The people with the skills to build secure applications and run secure networks are paid a lot more than your average IT drone.

Governments usually understand the risks, and the recent high-profile US government breaches were the result of known inadequacies. In some cases, the responsible party resigned rather than waiting for the axe to fall. E.g., Archuleta after the OPM breach went public.

Re:Why don't people understand...

[EndlessNameless]

But yeah, its trivial to get rid of this vulnerability by simply having two computers, one for the door locking management system, NOT CONNECTED

That is likely impossible. The fact that you suggest air-gapping is a strong indication that you have no experience in IT security. While air gaps are ideal, they are almost never workable.

The door locks are managed by the same system that assigns rooms, which probably needs to communicate with the booking/reservation system. Even if it doesn't communicate for reservations, it probably deals with the billing system---and billing needs outbound connectivity. So the door locks most likely must be on a network that has some degree of intern

In this situation, appropriate switch ACLs and host firewalls are likely the best feasible security measures. The lock management systems should be on private networks with minimal routes to other company subnets.

But even with these measures in place, it is possible for an attacker to compromise another system on the network and find the lock management systems. I would say that 99% of the time, good security makes something exceedingly difficult rather than impossible.

While I doubt the hotel implemented reasonable security measures (most hotels are terrible), I am almost certain they could not completely isolate the lock management system from the internet.

Common Sense At Work

[Notabadguy]

Welp folks, since we're not willing to use common sense in deploying our electronic systems to ensure their security and integrity, we're going to abandon digital and go back to mechanical.

With this challenge out of the way, we're looking at resolving the parking lot conundrum by bringing back horse buggies. To prevent our central heating and air from being hacked, we're uninstalling it and putting fireplaces and fans in all the rooms.

Re:Common Sense At Work

Well the hotel is not really in the business of developing locks. If its the third time and whoever sold them the lock system still hasn't managed to fix the problem, well anyone would rather go back to what is guaranteed to work and probably sue the lock provider for damages while they are at it.

Re:Common Sense At Work

[torqer]

I think you're trying to condemn their decision, but personally, that sounds great to me. Horses, fireplaces, and physical security... not much to complain about... Given that your alternatives are cheap automobiles, dependence on fossil fuels for heating, and a security system that can track your every moment, and still get hacked and end up locked in (or out) of your room.

I'll take a wired home phone instead of a cell phone and eat food that was harvested locally as well.

Re:Common Sense At Work

It's really more like replacing a Nest with a mechanical thermostat after the Nest fails a few times in the dead of winter.

Re:Common Sense At Work

The problem is when places modernize they don't want to spend the money to ensure it is done properly. They don't take into account the cost required to maintain a system on convenience such as digital locks. Then situations like this happen...

It's the reason electrical and plumbing codes exist. Our industry has yet to catch up however.

Re:Common Sense At Work

[AthanasiusKircher]

Welp folks, since we're not willing to use common sense in deploying our electronic systems to ensure their security and integrity, we're going to abandon digital and go back to mechanical.

"Common sense" is not very "common" at all when it comes to electronic systems, and it's even less common when it comes to computer security. The vast majority of people -- even those running big businesses -- simply have no clue how computers or networks or whatever work in any detail. So how can they have "common sense" about them?

And I think it's only getting worse. Interfaces on computers and electronics keep getting "simpler" with more information hidden from the end user. These changes are often pushed by companies that have a strong interest in keeping their users ignorant of things like security, because it allows them to continuously steal their users' data and information. So, a normal "user" who encounters technology on an everyday basis is going to get dumber about security if trends of the past couple decades continue. "Common sense" about such things will get even more rare.

Seriously -- obviously an air-gapped system is a easy solution here, but do you realize that most people don't even understand what that means? I've had lots of conversations with people who still can't even tell the difference between local applications/data and the internet... and cloud interactions are further blurring such distinctions all the time, so there's little benefit for most people in trying to understand such distinctions. All the people working at the hotel are going to say is, "Huh? Why can't I check my email on this computer?? It's broken!"

Re:Common Sense At Work

[Solandri]

The problem wasn't the electronic key system. The problem was the hotel stupidly made their electronic key system (or at least the server) accessible from the public Internet.

I used to work at a hotel and helped select one of these key card systems for purchase (I wasn't around for the installation). You're supposed to keep it on a separate and isolated network specifically to prevent problems like this. The system is completely self-contained and internal. Nothing else needs access to it, and you don't need to have access to anything else from it. The person using the key card server doesn't need to be able to browse their Facebook page on it. The only data being entered into it should be the front desk staff keying in the guest's name and dates of stay so that a new key card can be generated and the lock for that room reprogrammed.

Physical keys at hotels were/are a huge problem because anyone can make a copy of the key. Theoretically a guest could make a copy to access the room at a later date. But more commonly, one of the maids (who have master keys so they can access all rooms) makes a copy, gives it to someone else, who then goes into the rooms and steals stuff when the maid is off-duty (so as not to arouse suspicion as to who copied their key). Changing the locks is expensive and doesn't help, because the corrupt maid simply makes a copy of the new key. It's cheaper to make a copy of a physical key than it is to change all the physical locks. OTOH, it's cheaper to change all the electronic lock keys than it is to make a copy of the newer RFID key cards. Switching back to physical keys is huge step backwards in security.

Re: Common Sense At Work

[Miamicanes]

Burning wood or coal in a fireplace is NOT, in any way, shape, or form, a "green" alternative. Fireplaces are the reason cities like London & Paris were choked in smog decades before industry & transportation were even significant contributors. Compared to lumber & coal burning in 10-20 million fireplaces, oil, natural gas, and nuclear fission are almost pure ideal green goodness.

Re:Common Sense At Work

[dtmancom]

"And furthermore, peace, love, grass."

Re:Common Sense At Work

[phantomfive]

Horses, fireplaces, and physical security... not much to complain about.

I don't think you understand how bad horses can smell (and how much mess they can make). Also, fireplaces put out a lot of pollution (and are usually just for looks: a wood stove is what will really generate some heat for you).

Re:Common Sense At Work

[im_thatoneguy]

Also, a proper backup policy could completely eliminate this failure mode. Ironically you could *more easily* secure this with *more* internet integration. Have the backups be incremental and off-site. Setup the off-site service to keep backups for 7 days no matter what. If at any point someone hacks your system, physically insert a "RESET" DVD. Format *everything* back to factory defaults. Load the latest good database and you should be back in business in half an hour.

Re:Common Sense At Work

[HiThere]

An air-gapped system only solves part of the problem Where's your fine electronic system when the power goes out? You say you've got battery blackup power...did you read about how that worked out for Note7 owners?

I'm not convinced that electronic locks on hotel room doors are a good idea. I know it's convenient, and avoids certain failure modes (customers making a copy of the key and then sneaking back later for some nefarious deed), and sometimes cheaper, but that doesn't immediately translate into better. Electronic systems have their own failure modes.

Re: Common Sense At Work

When I got a computer I was prepared for the burden of maintaining it. This was before the Internet. Over time my burden has increased. Now the burden exceeds the perceived value of owning the machine. I didn't sign up for that, but it eventually got to that via a few EULAs (which is also a tragic mess).

Maintenance can be always be made more frequent, harder, and more prone to error. Maintenance can be made so hard that it's just not worth it. Proscribing maintenance doesn't help jack shit if your organization is kicking IoT problems over the cube for your users to sort out. Because it's based on Linux it will do this, because this is the Linux mindset. You're supposed to sell products that solve problems, not to create more problems.

Re:Common Sense At Work

[Harlequin80]

And death to all cities of any size as they drown in a wave a sickness and horse shit. Cars may pollute but its in the air and blows away. The amount of horse shit from that number of horses will choke a decent size city in a matter of days.

Re:Common Sense At Work

The problem wasn't the electronic key system. The problem was the hotel stupidly made their electronic key system (or at least the server) accessible from the public Internet.

 

Actually, it was a problem with key system: why would you use one that you could not open from the inside?

I can understand if they had a system where it was hacked in such a way that people couldn't get into rooms, but not being able to get out seems like a fire code violation. The physical mechanism should always be connect from the inside IMHO. Perhaps there are variants that you need to to have access going in either direction, but in a hotel room, the "inside" should not need that.

Re:Common Sense At Work

How do you get updates done to it? It's almost impossible to be completely isolated from the Internet... you usually have to transfer files to it via USB or some other devices that were previously plugged in an online computer...

Re:Common Sense At Work

[UnderCoverPenguin]

I used to work at a hotel and helped select one of these key card systems

If key cards are being used, why choose a system that requires the locks be networked?

Sure, there is a convenience in the front desk being able to remotely update the stay duration rather than having the guests come to desk to have their kay cards re-written, but is that really worth the problems? I recently attended a convent held in the Intercontinental Hotel in Dallas - a 5 star, luxury hotel. Although I couldn't afford a room in that hotel, some of the convention attendees did. And some of those extended their stay y a night. They all had to have their key cars re-written at the front desk. Also, one attendee had problems with the lock on his room. Some one had to go to the room and plug a device in to the lock to fix it. Also, even though the lock failed, he was not stuck in his room.

Re:Common Sense At Work

[fisted]

..and hacked again five minutes later.

Re:Common Sense At Work

[Grishnakh]

Fireplaces (burning wood) just make smoke. They don't make (AFAIK) nasty stuff like NOx emissions that you get from diesel engines, or all the nasty stuff you get from coal. Also importantly, wood doesn't create global-warming pollution, unless you were planning on sticking all that wood in a sealed-off coal mine or something. Burning the wood releases its carbon into the atmosphere, but leaving the wood to rot on the ground will do the same, just a little slower. Burning fossil fuels is bad because you're releasing carbon that's been locked up underground for eons, whereas with burning wood you're just releasing carbon that was only relatively recently captured from the air and turned into plant matter.

The problem with the smoke from fireplaces is if there's too many people in the area burning wood; obviously too much smoke is a respiratory hazard. So in cities, yeah, lots of fireplaces are a bad thing. But if you live out in the sticks, I fail to see how a wood-burning fireplace is really a problem.

Re:Common Sense At Work

How much you wanna bet the manager wanted to be able to monitor the system from home? Or some such foolishness?

Re:Common Sense At Work

[LunaticTippy]

Burning wood makes lots of particulate emissions, especially very small particles that cause asthma, heart disease, cancer. A modern diesel bus emits less particulate pollution than a fireplace.

NOx is irritating and can cause acid rain and ground level ozone, but particles in smoke are worse for human health.

Re:Common Sense At Work

[Cramer]

That's exactly how they SHOULD work. Nothing about it is on a network. Each lock is its own little island. The keycard holds a series of access codes that match what the lock internally generates. The front desk knows the serial number of the lock and thus can generate the correct codes for the card. When you want to stay longer, they have to write more codes to your card. If the clock or batteries in the lock fail, someone has to physically fix it. These types of systems CANNOT be remotely attacked. (rather easily defeated locally, but that's a different problem.)

There are so many problems with networked door locks. Hackers getting into the system is but one of the smaller ones.

Re:Common Sense At Work

[Grishnakh]

The problem you seem to have is that you're assuming people are going to breathe them. I specifically said in my post that I was assuming the use of fireplaces in rural areas.

Particulates are bad on roads because they're breathed in by people in other vehicles, and by pedestrians, as particulate emissions settle to the ground relatively quickly. This is a big problem with diesel buses because they're used in urban areas around pedestrians, and why they should be banned. Fireplaces aren't used on roads, so their emissions are only bad around their immediate area, which is either a residential area, or around the fireplace user's home itself. The former only applies in municipalities usually, and the latter is their own problem.

Re:Common Sense At Work

[LunaticTippy]

The plume from a chimney doesn't go very high and the particles come down ranging for many miles. Anyone downwind from the chimney is breathing deadly particles.

I love woodfires and the nice smell, but understand how harmful they are. I even burn wood understanding how awful it is, but I'm not in denial about it.

Ransomware locks hotel guests out of their Rooms

[khz6955]

What was the name of the ransomware, what was the name of the company that designed the locks, what OS did the reservation system run on, what OS did the cash desk system run on?

"Unless this is all just a big publicity stunt to advertise their new door locks."

Yea, that's it, a hotel would try and drum up business by advertising that its electronic door locks can be compromised.

Fire regulations???

That's crap you usually hear from "3rd-world-countries" like india or pakistan ("30 burned to death because emergency exits where locked")!

I can only hope the Fire-Marshall or whatever they call them there is going to kick the Hotel's ass!

Re:Fire regulations???

[aaarrrgggh]

Yeah... being locked in the room doesn't pass the smell test. The mechanical lever should always allow free egress if the thing is listed by UL or their ilk. If the hotel installed something that was not listed, they should face legal consequences.

Re:Fire regulations???

[Lehk228]

or Rhode Island, or California, or New York

Fire

[Patent+Lover]

I can understand people being locked out of their rooms. But if they're being locked in they're in massive violation of fire safety laws.

Re:Fire

And why there were no mechanical bypass in and outside of the rooms for the guests and staff to use? Electricity goes out very fast during a large fire.

Re:Fire

Not if the hotel has a permit for a correctional facility.

Re:Fire

[RamenJunkie]

As one of the comments on the article points out, they may not have been actually locked in other than the idea that once they leave, they won't be able to get back in, and in to their belongings. So they were effectively trapped. I also have to wonder why there aren't just regular keys as a back up option to the electronic locks. So the hotel staff can get in regardless of the situation.

Re:Fire

[JaredOfEuropa]

All the electronic hotel locks I have seen, ever, can be unlocked manually from the inside using a knob, with or without power

Re:Fire

[drew_kime]

I can understand people being locked out of their rooms. But if they're being locked in they're in massive violation of fire safety laws.

They probably weren't physically trapped, but without being able to re-enter they couldn't leave if they wanted to keep their belongings.

As for manual keys as backup for staff entry, most hotel theft - just like most retail theft - is perpetrated by staff. The electronic doors keep track of which employees are in which rooms so they can investigate complaints of theft.

Re: Fire

No, that would be locked out. Locked in means you can't open the door from the inside.

Re:Fire

[dugancent]

Most hotel locks, at least on the rooms, are battery powered. Often by AA batteries.

Re:Fire

[AthanasiusKircher]

They probably weren't physically trapped, but without being able to re-enter they couldn't leave if they wanted to keep their belongings.

First off, if that were true, then all the reporting is erroneous, since that's "locked out" of rooms, NOT "locked in."

Second... well, we can just RTFA:

Hotel management said that they have now been hit three times by cybercriminals who this time managed to take down the entire key system. The guests could no longer get in or out of the hotel rooms and new key cards could not be programmed.

Or read the other article:

Mr Brandstaetter said they had been hit three times by the cybercriminals, who managed to lock all the doors, trapping many guests inside and some outside their rooms.

One doesn't usually use the word "trapping" when someone can just walk out a door voluntarily. Obviously if your scenario were true, guests could simply pick up all their belongings and check out. Or they could prop the door open or something. Both of the linked stories imply this was NOT the case. (One even says explicitly that their only choice if they didn't pay the ransom was to go around the hotel and start breaking down doors.)

In which case, I have to agree with GP that there's a bigger story here -- which is that they had a system installed that could trap people in their rooms, PERIOD. Whether fire or whatever other emergency, there should ALWAYS be a manual override.

Re:Fire

[Brama]

Exactly, The article is grossly over-reacting, or the hotel management is. The key locks in the invididual doors are simply battery-operated and have absolutely no connection to any other system whatsoever. They are simply pre-programmed with a hardcoded ID. The key cards inserted must match this id, and the time, and that will open the door. Programming of the key happens at the reception, and that's where this hotel was clearly vulnerable, probably by connecting it to the internet. When this system is compromised, hotel staff is no longer able to write to the key cards, which is disastrous enough for them to cave in to the blackmailers.

Anyone in a hotel room can, at any time, open the door however. You'll never get systems passed by fire safety rules if they didn't.

Here's a manual of such a system: http://www.elock2u.net/wp-content/uploads/2016/04/Hotel-Lock-System-Manual.pdf

Re:Fire

Exactly. That is why this story is probably bogus. What is more likely is that no one could get into their room.

Re:Fire

At least some of them use proprietary or hard to get batteries. I attended a conference once where the night before the start, the conference hotel found out that several of their door lock batteries were dead and they ran out of spares. They said it would take 2-3 days to get new batteries rush shipped to them, so at least half a dozen attendees (maybe more, those are just from people I know) got put up at another, nicer hotel since there were no longer enough functional rooms. Maybe it was a BS excuse, but whatever happened affected several rooms at least.

Re:Fire

[phantomfive]

According to this article, they were not locked in their rooms. But most people were out skiing at that time, so almost everyone was locked out.

Fire code regulations all over the globe mandate that electronic key locks to open manually from the inside, which means no guest was locked inside their rooms. Additionally, electronic key systems are also created to handle power failures, so there was a way to open the doors from the outside, meaning no one was locked out either. According to Austrian news site ORF, the hotel was fully-booked with 180 guests. According to hospitality news site Allgemeine Hotel- und Gastronomie-Zeitung, at the time the ransomware took root, all the hotel's guests were on the local ski slopes.

Re:Fire

[JohnFen]

But if power is needed to unlock them from the inside, even if that power is batteries, that's a really serious design failure.

Re:Fire

[lloy0076]

Whoever translated that manual didn't do a good job - or the writer wasn't very good at English :P

Re:Fire

Exactly, The article is grossly over-reacting...

Of course it is, it's from the Daily Mail.

Re:Fire

[aaarrrgggh]

Don't some of the key systems have centralized reporting-- what time the maid used their key, etc. I thought some allowed the locks to get updated master keys OTA as well.

Re:Fire

[Imrik]

I suspect that no one thought to cut power to unlock the doors, otherwise they wouldn't have had breaking down the doors as their alternate solution.

Re:Fire

[phantomfive]

No, the doors weren't locked. Read that article: it was the machine that was used to re-program the keys that got encrypted.

Re:Fire

Well this shows the failure of that kind of policy. At the very least maintenance or housekeeping have to be able to get into any room, regardless of the software/battery status of the lock. This is needed for example when the guest passes away in the room with the door locked.

Re:Fire

[drew_kime]

They probably weren't physically trapped, but without being able to re-enter they couldn't leave if they wanted to keep their belongings.

First off, if that were true, then all the reporting is erroneous, since that's "locked out" of rooms, NOT "locked in."

According to the update, yup, that.

so....

So, back to picks and rakes then?

Shame...

[bradley13]

Following me once, shame on you. Fool me twice, shame on me.

Three times? Really?

Re:Shame...

If the hacking was coming from an insider, I could see that it might be difficult to secure the network especially if weren't any security policies in place to begin with.

I can't imagine

[Xenna]

a sane locking system that would not have an override on the inside so that occupants can leave the room whatever the state of the electronic lock.

Fail-safe instead of fail-secure would have to be mandatory in these cases. What if there was a fire?

Re:I can't imagine

[szy]

Every single electronic lock I've seen in a hotel has a classical handle on the inside that is not dependent on a lock. Regardless of the state of the lock you can always get out of the room, it's getting back in that is the challenge in this case.

People are morons

And no one saw this coming. Just wait till the focus becomes IoT and I will laugh my ass off at all you dofusses.

Re:People are morons

[hey!]

The thing is, smart people are no exception to the rule that "people are morons".

A friend of mine who's a management consultant puts it this way: Every action you take has both intended and unintended consequences. Once a group of people become committed to a certain course of action, the intended consequences seem much more real to them and the unintended consequences seem unreal.

It's emotional involvement that makes you blind to unintended consequences, even if you're very smart. That's why the old Stoic philosophers taught their students to consider things like wealth and reputation as "indifferent". It's not that these things are bad or shouldn't be pursued, but feeling you can't live without them leads to irrationality.

LOL! ... IOT is big steaming pile of doo-doo.

[Qbertino]

This is type-a classic prankster penetration, now under the guise of "IOT" because SOCs have become so cheap you can stick them into anything, add a shoddy non-updateable web-thingie to it that is 5 version behind and has holes in it so big you can drive a mac truck through it. Or, more likely, default access codes that a 12-year old can look up on the intarweb in less than 15 seconds.

This is freakin' hilarious and really quite funny.

Did anyone of you guys see this coming? I certainly did.
IOT is one big pile of trash and hype about it will disappear faster than the first dot-com boom.
That's my humble opion anyway. My toaster doesn't need a webserver and certainly my freakin' doorlock doesn't either!

I hope this is over soon, if only for the sake of public safety.
Meanwhile we will get some neat laughs and see some hilarious pranks by bored highschoolers.

Re:LOL! ... IOT is big steaming pile of doo-doo.

[Viol8]

"Did anyone of you guys see this coming? I certainly did."

EVERYONE with a clue saw this coming. Unfortunately that excludes the marketdroids trying to sell IoT and the Oooh Shiny! idiots who buy it.

Re:LOL! ... IOT is big steaming pile of doo-doo.

What said marketroids didnt see it coming? What said they have to CARE? Their job is to create demand. People are stupid. Without that stupidity whole swaths of industry wouldnt exist. Like advertising/marketing/retail/manufacturing/living...the list goes on. Jesus, seriously, think before you make blanket statements like:

EVERYONE with a clue saw this coming. Unfortunately that excludes the marketdroids trying to sell IoT and the Oooh Shiny! idiots who buy it.

Go outside and start railing at your neighbors about how stupid they are for wanting things to be easier, and live in a Western-style society where its encouraged to be Joe Sixpack because Joe Sixpack won't rebel as their rights and freedoms are slowly taken away by corporate greed thats protected by governments. Joe Sixpack wants his beer and TV. Quit trying to educate him. If he wanted education, he'd have asked for it.

Let us know how your neighborhood re-education is working.

Great Idea!

Let's connect EVERYTHING to the internet!

Daily Mail? Seriously?

[szy]

Daily Mail? Seriously? Out of all the media that covered this story extensively over the past couple of days, you picked to link to the daily mail as the source? Also including the clickbait phrase of "paid thousands" to refer to 2 bitcoins? The only hope is that slashdot community does what it's best at: does not read the article.

Re:Daily Mail? Seriously?

Daily Mail isn't so bad, at least compared to other so-called "reputable" sources lately.

>Also including the clickbait phrase of "paid thousands" to refer to 2 bitcoins?

According to Google, 1.74 Bitcoins exchanges for 1499.5211 euros right now, so the article isn't wrong.

Re:Daily Mail? Seriously?

The article i read is more down to earth. For ransomware news, go on bleepingcomputer... they've been covering it for ages

in some systems power lost = doors unlock

[Joe_Dragon]

in some systems power lost = doors unlock (the ones that have the push to exit button) as the power is needed to hold them locked. Also the fire system can trigger the unlock.

NonUS

Ya know there is a world outside the United States and sometimes the laws there are different.

Maybe Austria doesn't have US fire safety laws or 100+ y.o. hotels have waivers?

Wait...locked IN?

[BlytheBowman]

I thought electronic door locks could stil be overridden manualy with old fashioned knobs and handles on the room side of the door. I wonder what the city's code enforcement and fire department thinks about this?

Re:Wait...locked IN?

[ruir]

Exactly my thoughts. The notice seems a bit sensationalistic. While maybe they are idiots enough to not allow the guests, I pretty much doubt there are not old fashioned door locks and a master key.
What it meant is that they would take a couple of hours to open all the doors, and they probably paid in the stop to avoid more trouble and upsetting even more the guests.

Re:Wait...locked IN?

[PrimaryConsult]

Perhaps if the locks are constantly getting hit with the lock command, the knob can't be turned?

Smashing the thing and disconnecting the battery would let you out in that case (the batteries are typically stored on the inside part of the unit, otherwise it's a pretty shitty lock).

Re:Wait...locked IN?

[Imrik]

While I doubt people were locked in their rooms, there were not old fashioned door locks and the master key is tied to the same electronic system. Unlocking all the doors without a key would require cutting power if they were designed properly or breaking down the door if they were not.

Character flaw

[Shane_Optima]

Sometimes, try as I might, I simply cannot prevent myself from cheering wholeheartedly for the criminal.

Must be a character flaw.

Enough

Why do Hotel door locks need To be connected to a network? Use keys.

Ransomware Locks A Hotel's Guests In Their Rooms

with Russian prostitutes, films entire thing, demands Presidency.

Wait I thought they couldn't use physical keys

[NotSoHeavyD3]

Something about it's actually less secure to use physical keys and virtual ones. I mean even years ago they switched away from physical keys to cards because in the past you only needed to have the key copied and then it was good for that room until they thought to change the locks. (Which given they're physical wasn't going to happen because that cost money.) The new key system they basically generate a new key and put it on the card and publish it to the lock in your room every single time a new guest checks in.(So you take the key card with you when you leave? Good luck getting back into your old room because the system knows the key is expired.) Sure you can swipe the key card and copy it but that will only work until the guest checks out or asks the manager to put a new code on the lock.

How much longer...

[XSportSeeker]

It's just weird. Not that anyone with some common sense wouldn't know that all these idiotic new fangled IoT devices will end up having their own problems with vulnerabilities and hacking, we basically have proof every single week or day on how easily those can be defeated... yet we keep seeing big companies investing on stuff like that as if nothing was happening.

Save yourselves the headache guys, and do not buy any IoT devices whatsoever in which usefulness do not trample security concerns and overall problems. Your fridge shouldn't be connected to the Internet, your dishwasher, your washer/drier, your home security cameras, your thermostats, your home lamps, your fancy bathtubs, your pet feeding machines.. basically anything that isn't computers/tablets/smartphones and perhaps a home server. If you can find a way to work around some of these to stay into the local network or simply disconnected from everything, it'll be better in the long run. The slight convenience they promise more often than not already doesn't go over all the trouble they bring with setting up, updating, configuring, solving bugs, going through glitches and all the extra work that comes with anything that is Internet connected, let alone worries about security and privacy.

Get over the hype, the promises, the ads, the control everything with your smartphone crap, the unrealistic idealized scenarios and all that - and bring things down to real world usage and real world experience. It's not that much of an exercise for the imagination. Folks buying IoT crap because it's shiny and new are no different from delusional compulsive shopping addicts. A device being connected to the Internet is not an advantage, but something to be treaded carefully.

I won't even mention AI assistants. People think they know how invasive and how bad these things are, but they don't. And I'm tired of discussing this with hard headed folks who willingly pay for and put these devices in their homes. I'll just laugh at the flurry of problems that comes from those when things start falling apart.

I'd think that by now, if societies were smart enough, we'd be thinking of ways to add convenience to everyday appliances while keeping them offline, not by ramdonly connecting things. But it just seems people haven't waken up to that.

Because they're constantly generating new keys.

[NotSoHeavyD3]

When you check in the front desk literally generates a new key. That key gets put on your card and gets put on the lock on your room. If it wasn't on the network then they'd have to send someone up and go through the process of putting the key code on the lock so your card would work.

Re:Because they're constantly generating new keys.

[magarity]

If, and yes, I mean "if", this were a key card only system then the lock doesn't need to communicate with the key making system at all. It just needs a token that increments with each next guest's card. When the token increments, the key cards from the prior guest stop working. When I worked at a hotel this is how the system worked. The key-making system was completely isolated. The desk person poked the room number on a key pad and the key programming box spit out a key. All it did was open that room's door.
 
The system in the article is what happens when you want to use your key card for all the other stuff in a hotel, like the restaurant, gift shop, etc, to be charged using the key. All the comments about key card systems not needing to be connected miss this detail. The hotel in question was almost certainly using an integrated billing-via-key card system, not just a key card system. The integrated system needs to communicate outside to approve credit cards, email a copy of your receipt, etc, etc, and thus the security weakness.

Re:Because they're constantly generating new keys.

[NotSoHeavyD3]

Very informative. Sounds like the key card system I was working on was a bit different since those things were on the network. Actually it sounds as though with the one you mentioned if the database containing the token-room pairing got encrypted by ransomware they'd have issues generating new keys though. Or do you mean all the tokens were the same for all cards and only the increment changed?

Re:Because they're constantly generating new keys.

[godrik]

I have no idea how the system is built in practice. But the lock does not HAVE TO be on the network if you use a public key encryption system.
The lock could read an encrypted stream of bits from the keycard, decypher it with the lock's public key and check the expiration date of the keycard (encoded in the stream of bits) against its internal clock.
Now, that has drawback, in particular it prevents easily baning a keycard after it was emitted (since you would need to be able to tell the lock which is not on the network). But the lock does not have to be network connected.

Re:Because they're constantly generating new keys.

[houghi]

When the token increments, the key cards from the prior guest stop working.

I think that would be part of it. I would assume there is some other security in place. It will have a start date (Most likely the day itself) and an enddate (Till when the reservation runs) and also the ability to block the card at checkout before the new guest arrives.
Perhaps even a warning or a complete block to prevent a check-in before a check-out happened.

Wait, did they say locked *IN*?

[mark-t]

What kind of fucking stupid design is that where that is even physically possible? It should run afoul of absolutely every kind of fire regulation imaginable that a door lock can even *POSSIBLY* lock a person in their unit.

The mechanism to unlatch the door should be *PHYSICALLY* tied to the turning of the handle or knob on the inside of the unit such that the only way to potentially lock someone in would be to physically damage the latch first... either by welding it into position or otherwise gutting the innards so that it did not work.

Re:Wait, did they say locked *IN*?

[laurencetux]

heck as a fail safe they should have the hinges set with pins that can be yanked out with Pliers (sitting next to the Gideon Bible in the top dresser drawer)

Re:Wait, did they say locked *IN*?

Hotel door lock systems cannot lock someone IN a room, that would violate fire codes and be a stupid design. It most likely disabled the key authorization system at the front desk and prevented new keys from being made. But every hotel have multiple copies of key cards with more access authorizations, from housekeeping, to maintenance to a superuser card that opens everything, including the deadbolts.

The front desk staff could have physically walked guests to their room and used the manager key to let them in as a temporary solution. Guests would need to return to the front desk once the system was recovered from the backup.

From my experience working hurricanes, I'll request my lock be turned into a "common" lock that can be opened without a key and rely on the deadbolt for security when I am actually sleeping. If/when the hotel loses power, I can still access my room, even if I need to extend my stay. After I check out the next guest's card will return the room to a normal state. Any personal items are with me when I am working so theft isn't a worry.

Re:Wait, did they say locked *IN*?

[thegarbz]

It's not a stupid design at all, just a stupid Daily Mail reporter.

Tenacious and bargain-priced!

[Shane_Optima]

Hotel management said that they have now been hit three times by cybercriminals who this time managed to take down the entire key system. The guests could no longer get in or out of the hotel rooms and new key cards could not be programmed.

Bahaha, and I hadn't even seen this yet. They're hard working, too! And they only demanded 1,500 EUR? Hell, the hotel should pay them more than that for security auditing services.

Also, who the hell designs an electronic lock that can lock people in the room if it goes down? Is that even legal in Austria?

Yet according to the hotel, the hackers left a back door open in the system, and tried to attack the systems again.

See, they even offered you a free security audit checkup to verify that you fixed things properly. Try as I might, I just cannot bring myself to dislike these guys.

Brandstaetter said: "We are planning at the next room refurbishment for old-fashioned door locks with real keys. Just like 111 years ago at the time of our great-grandfathers.

Yeah, high security mechanical locks have been around for at least two hundred years now.

And we've known for decades that electronic does not equal high security. Is anyone still selling passive RFID door locks? What about that one expensive electronic lock that could be easily defeated with a $50 magnet?

I'm not sure I could feel any less sympathy for the hotel if they next decided to replace all of their locks with aggressively positioned anti-theft feng shui decorations. I mean, at least that system wouldn't lock guests inside their rooms, possibly killing them if there's a fire.

Re:Tenacious and bargain-priced!

[munch117]

And they only demanded 1,500 EUR? Hell, the hotel should pay them more than that for security auditing services.

I'm going to throw a brick through your window. And then charge you 1500 EUR for auditing the physical security of your home. I presume that's okay with you.

Yeah, high security mechanical locks have been around for at least two hundred years.

How does this "high security" lock prevent a previous guest from having made a copy of the key? It doesn't, mechanical keys are the wrong tool for the job. Keycards are the right tool, although of course you have to implement it correctly and not connect it to the internet.

Re:Tenacious and bargain-priced!

[Shane_Optima]

How does this "high security" lock prevent a previous guest from having made a copy of the key?

Dynamically re-keyable mechanical locks have been around for ages. Even Kwikset has one these days. The maid could do it in under 10 seconds. Requires a tiny bit of planning to set it up to be idiot-resistant, but basically on the maids' carts you'd have a series of small labeled boxes, one for each room number, that contain a partition with two keys: the old one and the new one.

I'm going to throw a brick through your window. And then charge you 1500 EUR for auditing the physical security of your home. I presume that's okay with you.

I'm going to install a lock that locks you in your hotel room if it's hacked or loses power, so you'll stand a much increased chance of dying in a fire (and the fire itself may well cause the locks to fail.)

Also, you need to adjust the cost of that window as a percentage of my income comparable to the 1500 EUR vs. the hotel's income. What is that going to come out to? $2.71 or something? Yeah, if I did something extremely stupid and dangerous, I wouldn't mind incurring a very small cost that instantly fixes the inconvenience whilst making me aware of the underlying problem.

I'm not saying we legalize all hacking. I am saying that in this specific case, the hackers have done good on the whole. But yes, I'm one of those radicals who thinks that multimillion dollar corporations shouldn't be able to use their own astonishing incompetence as an excuse for fuckups.

Keycards are the right tool, although of course you have to implement it correctly and not connect it to the internet.

A lot of keycards I've seen appear to be passive RFID as well (tap instead of swipe). This is also moronic design, just waiting for a group of tenacious, technically minded criminals to come along to perfect the art of reading from your pocket at a distance.

Also, they shouldn't even be on an LAN, either. Have the maid do it. The minor convenience of putting it on a LAN is not worth having a single point of failure for all locks in the hotel.

Re:Tenacious and bargain-priced!

[munch117]

Dynamically re-keyable mechanical locks have been around for ages. [...] Also, they shouldn't even be on an LAN, either. Have the maid do it.

Dynamically re-keyable mechanical locks have the same security properties as magnetic strip keycards: Either way, if your reprogrammer/re-keyer or your locks are network connected, then the lock may be comprised through that communication channel. You can have no network and re-key on location with a keycard as well.

The only real difference is that dynamically re-keyable mechanical locks are more expensive and prone to mechanical failure.

Re:Tenacious and bargain-priced!

[Shane_Optima]

The only real difference is that dynamically re-keyable mechanical locks are more expensive

$15 for a deadbolt, $20 for a knob on Amazon. Admittedly, I have no experience with Kwikset's smartkey lock, but the promotional material makes it sound nice enough and there are presumably nicer brands if it's junk.

Either way, if your reprogrammer/re-keyer or your locks are network connected, then the lock may be comprised through that communication channel.

The network is an additional channel. The maids are *always* a potential attack vector, regardless of whether or not they can rekey.

and prone to mechanical failure.

I've never had a regular pin tumbler lock fail for any reason. (Though I don't know offhand whether the internals of a rekeyable are more fragile.) And it has to be compared to the failure modes of electronic locks.

You can have no network and re-key on location with a keycard as well.

Yes, I said that. This is probably the way to go for people truly concerned about security but really want electronic locks. A compromise option could be available if a network existed to determine the status of locks, but not remotely change them.

Dynamically re-keyable mechanical locks have the same security properties as magnetic strip keycards

Can you install a reader device to intercept the key code from the mechanical key? (Granted, this is harder to do with most modern insert-and-remove slots, but criminals managed to do this with the old constant movement ones.)

I'm not a Luddite about this. A carefully designed, properly installed and properly used electronic key system could be cheaper/more secure, yes, but there are a ton of issues to consider and they clearly haven't been, so at this time anyone who cares about robustness and security should seriously look into mechanical options. It's very similar to the argument against electronic voting machines. It's not that it's impossible to do them correctly; it's that there are many more concerns and the industry isn't self-policing and the local governments buying these machines are clueless... and at the end of the day, what are they actually offering that's better than an optical scanning system that leaves a paper trail? It's just technology for technology's sake.

At this time, the only real-world consideration that might be a persuasive, although depressing, argument against mechanical locks is if the guests are turned off by them, thinking them old-fashioned or lower security. Or if they are a piece of shit compared to non-dynamically-rekeyable locks. I haven't looked into them extensively--yes, some people are bitching that they're cheaply made, but Kwikset has always been the cheap and sloppy option in their traditional locks as well. I suspect that if the traditional house key pin tumbler form factor were abandoned, it would be simple enough to develop a robust dynamically rekeyable mechanism.

Re:Tenacious and bargain-priced!

[munch117]

Can you install a reader device to intercept the key code from the mechanical key?

You mean except from using cameras, or radar, or magnetic sensors, or microphones, or pressure sensors?

Re:Tenacious and bargain-priced!

[Shane_Optima]

You'd need a five figure budget and months of development time at minimum for any of those to reliably work, vs. simply installing a $10 magnetic swipe sensor next to the existing one and 3d printing a $3 piece of plastic to go over the thing and make it look normal-ish. As I said, it's been done before.

Re:Tenacious and bargain-priced!

[munch117]

I need a five figure budget to photograph a key with a zoom lens?

Re:Tenacious and bargain-priced!

[Shane_Optima]

To reliably photograph keys with a well hidden camera that you can position and deploy (without drawing attention to yourself) and remotely retrieve images from, yes you need a bit of a budget (though that's probably the cheapest of the ones you mentioned). If you're going to personally stand in the hallway with a zoom lens aimed at the doorknob that may be cheaper, but a tad less stealthy.

Re:Tenacious and bargain-priced!

[munch117]

You know, as an attacker I'm just going to do whatever turns out to be the simplest. You can't judge the risk of attack on average difficulty. So what if some of the items on my initial brainstorm were a bit mission impossible? I could certainly come up with a simple attack plan where the risk of getting caught is much smaller than for someone installing a shim.

Try pointing your imagination that way. You try figuring out a way to get a picture of the key without arousing suspicion. You've got phone cameras, pinpoint cameras and professional-grade zoom lenses at your disposal. If you can't come up with 10 different ideas in 15 minutes, you're not trying.

Just to be clear, I'm not going to share my ideas and I don't want to hear yours.

Fake news, better report

The source of the story, at the bottom of TheLocal article, is Central European News, which BuzzFeed proved to be a source of fake news: https://www.buzzfeed.com/alanw... There's an accurate report here, with statements from the hotel's manager: https://www.bleepingcomputer.c...

Re:Fake news, better report

[ColdWetDog]

Yes. Just to make it really easy on everybody, a quote from TFA:

Nobody got locked in their rooms

.

Now, everybody can calm down, maybe skip that next expresso and move along to not reading the next FA.

Which ransomware?

[Cyphase]

Was it Locky?

Re:Ransomware locks hotel guests out of their Room

[Known+Nutter]

Yea, that's it, a hotel would try and drum up business by advertising that its electronic door locks can be compromised.

Woosh.

There should be a startup

[dschiptsov]

secure digital locks.com

What OS?

[Miser]

I assume this abomination of a software runs on Windows? (for the record, I did not read the article)

Re:What OS?

> (for the record, I did not read the article)

For the record, it's other way around on /. you mention that you have read the article. Not reading it is assumed to be the default behaviour.

Re:What OS?

[ArchieBunker]

It hardly matters when the problem is the idiot sitting there opening suspicious email attachments.

IoT Profit!

[DCFusor]

Because of this I'm building a LAN of things for my own use. I have no need to stoke or control my woodstove from on the road anyway, but I do like to have as much as possible on my homestead automated and monitored - verily, even stuffed into a database so I can see what the weather has been like at such and such a time over the years and so on.

Works for me - I rarely go out (living in what amounts to the Garden of Eden will do that for ya) - and no one gets my data if I don't want them to.
BUT! Now let's look at why things are the way they are. Artificial scarcity of both IPv4 addresses and um, profits. No one wants to settle for the margin they can get selling you something just once, now. Oh no, we all have to subscribe to almost everything (I Avoid this like the Plague - and do without if I hve to).
.

So they have to insert themselves in the loop by owning a static IP and domain. Yeah, some of them are free NOW - how long before you get charged rent to even make your own home work? I'll ignore the snooping for the purpose of making this point. You're willingly handing over control via IoT and anything subscription model. Period. You might not like the eventual results.

You have been warned!

Re:IoT Profit!

[CaptainDork]

How does your one-in-7-billion unique experience extrapolate to scale?

Re:IoT Profit!

You need to see a doctor. There's something wrong with you.

Makes Perfect Sense

[gordguide]

I would never trust anything I own and absolutely need to work to an electronic lock. Not that I'm a luddite ... far from it ... but because I know what can go wrong, and in some circumstances absolutely nothing can be allowed to go wrong. So no electronic locks on my home's entry doors, and no home safes with electronic locks (includes gun safes).

Hotels ... I can see huge advantages for a hotel to have electronic locks on rented rooms. They will also have staff who can defeat said locks if need be. Downsides? Could be a problem if fire breaks out, but as I understand it (my ex worked for a Federal Prison System) a proper electronic lock must by law fail open, so that would be the type found in hotels.

The only exemptions are for prison locks, which fail closed, and those models are subject to strict controls, only available to bona fide law enforcement or prison purchasing agents, not the general public.

In this case the locks probably hadn't failed so much as were programmed to operate in a closed manner. I wonder if (voluntarily) cutting power could have opened the doors? That would take some effort ... almost certainly the hotel had backup generators that would have to be defeated, so definitely a job for the hotel support staff, but from there it should result in open doors.

Re:Makes Perfect Sense

[CastrTroy]

The more I learn about physical locks, the less I'm convinced they are up to the job. I don't think locks should be all electric, but a lot of locks that use physical keys are laughably insecure.

Which is why *everyone* should code them (not)

[raymorris]

> "Common sense" is not very "common" at all when it comes to electronic systems, and it's even less common when it comes to computer security. The vast majority of people -- even those running big businesses -- simply have no clue how computers or networks or whatever work in any detail.

Which is why it's a great idea for absolutely everyone to be writing code for these internet-connected devices. Security? What's that? Who cares, I just wrote a Facebook app to connect my fire sprinklers to my Facebook!

Locked IN?

[JohnFen]

In what world is it considered a sane design decision that it is possible for guests to be locked in a hotel room? It seems like the sort of thing that should be a fire code violation at least.

Article wrong, not locks

[phantomfive]

According to this article, it was not the locks that were encrypted. The computers they used to make new card keys got encrypted. I'd bet that it was just a bog-standard Windows box with a dongle attached, maybe running Windows XP if the drivers couldn't be updated. Here is a quote from the hotel manager:

"We were hacked, but nobody was locked in or out," said the hotel's Managing Director Christopher Brandstaetter. "For one day we were not able to make new keycards." "Since the locking system must work even in the event of power failure, the guests in the hotel almost did not notice the incident," the manager also added. "We simply could not issue new keycards because the computers were encrypted."

I call BS on this one

[LeftCoastThinker]

I call BS on this one. Locking guests out of their rooms, sure. Locking guests into their rooms? Uh no. Basic fire code requires that all electronic locks always allow egress, regardless of their lock state or powered/unpowered. Basically, the mechanical locking mechanism can always be opened from the inside, regardless of how the electronic locks are hacked or malfunction.

Re:I call BS on this one

[93+Escort+Wagon]

Read the quote right above your post. No one got locked in... the room-card-writing computer got hit with ransomware. That's all.

The summary is almost totally wrong, in other words.

Locked IN? WTF?

Really? If that is the case someone really screwed up here and its a death trap. This hotel needs to be shut down, as is their supplier of door locks.

Dumbest Shit Evar

It makes no sense for a lot of things to be electronic or connected to a computer. A good example of this IS A FUCKING DOOR KEY. Why in the world you accept all the risks involved in having something that is near freely hackable by anyone, from anywhere prone to electrical failures. At least with a physical key you have A) Somebody trying to pick the lock *publicly* cameras rolling in the hallway or B) Someone kicking the door down.*publicly* cameras rolling in the hallway.

I got locked out of my hotel room on one of these electronic card readers. They had to unscrew it from the door so I could get in. Makes absolutely ZERO F****** sense to not even allow a physical key to open it. People. Are. Becoming. More. Stupid.

Everything doesn't need to be on the Internet!

And why the fuck is infrastructure like this connected to the Internet in the first place?

GOOD!

[Gravis+Zero]

All these insecure systems need to be attacked and exposed for the garbage that they are. Everyone that knows about computer systems or security has been screaming that IoT systems are bad and are not to be trusted. Despite all of this, plenty of fools in management went ahead because they are arrogant pricks who don't give a shit about what other people think. At this point, getting hit with ransomware is your wage, as in, you have gone out of your way to earn it.

You reap what you sow.

really?

[markdavis]

>""on the fourth attempt the hackers had no chance because the computers had been replaced and the latest security standards integrated, and some networks had been decoupled." The 111-year-old hotel is now planning to remove all their electronic locks, "

Yeesh. If you decide to not go back to physical keys, at least consider these next time:

1) Don't connect your door/key system to the Internet, at all.
2) Isolate the machine on your network to just the needed functionality.
3) Isolate the machine physically- nobody but specialized staff should have physical access.
4) Restrict root/admin access to the machine.
5) If possible, get a system not run by any MS-Windows machines.
6) Make, test, and retain good, redundant, and incremental backups.
7) Perhaps hire or contract with I.T. staff that can set up and maintain your systems properly.

Computer systems are not like ice makers or or other appliances at a hotel. They need to be designed, setup, and maintained properly to work well. And, unfortunately, they are rarely a one-time expense. This, more than anything, is what gets companies into trouble. These types of failures being reported are more about management failure than failures of technology.

Re:really?

5) If possible, get a system not run by any MS-Windows machines.

Most modern building control systems are going to be running on a PCB with an embedded OEM solution that is usually web based, and proprietary. Some of these vendors do make control systems that can be installed on Windows. But most often, it is more likely to be a PCB in a JBox right next to the Alarm System. They are even less secure than Windows, and you would be surprised how easy it is to add any HID card number to one of these using nothing more than the vendor's default credentials.

Re:really?

[markdavis]

We can be pretty sure (99%?) that their system (at the hotel) was running MS-Windows.

Best practices

You can't secure a crappy system.

Locked *in*?

[Hognoxious]

Rubbish. I've never stayed in a hotel with key cards where the inside handle didn't override/bypass the lock.

Airgap vs. practical

If the system is air gaped, there would have to be a stand alone terminal for programing the locks. Have none of you been to a big hotel? There might be 12 clerks checking people in continuously. That one airdropped terminal would be a huge bottleneck, adding significant minutes to checking in each guest. So you're talking about adding many stand alone terminals, which is not just the computers, it's also the desk space and power outlets and network drops and IT maintenance ... it's no small increase in cost. Initial and ongoing. Compared to the cost of just keeping an image of the 'server' and a good backup of the database, I can't blame a hotel for going that route.

The real lack of common sense in the story, is not having a way to recover quickly from the infection.

IoT

[TheOuterLinux]

Whst dumbass connected the electronic keys to the Internet? They don't need regular keys, they just need an actual 4 pin keypad and set it up so when the password is entered incorrectly 3 or more times, the desk gets alerted. A hotel like that could put a guard on each floor. The maids and security could have a master pin that resets every 6 hours. Or, the guest could have the option as well and have the code texted to them. Put an old fashioned deadbolt in each one for those that are sleeping in their rooms. Problem solved.

No kidding

[Sycraft-fu]

We have electronic locks at work, and they are on the Internet. They are VLAN'd and firewalled off but they are still on the Internet because the company that administers them is remote. You can argue we should do it our self and I'd agree, but that is the arrangement. However every single one can be overridden on the inside the the handle. The locking mechanism is just that it basically unlocks the door frame so you can push it open from the outside with the electronic lock. Inside, you can always use the handle to override.

The reason is, as you say, fire code. All our doors always open towards the outside, no matter what. Old lock and key doors are the same. You will find a door with a Medeco lock on the outside that can't be permanently unlocked, only turned to move the bolt, but on the inside ti is just a bar you push to open it up. No matter where you are in the building, you can always get out just by following the doors that will open manually with no key/code. The locks are for locking people out, not in.

Ahhh... That makes much more sense

[Sycraft-fu]

I was seriously wondering how people could get locked in their rooms. I mean that is such a massive fire code violation and commercial buildings care, a lot, about fire code because you can be sued in to oblivion.

Incorrect clickbait headline. Now that makes much more sense :D.

Re: Because they're constantly generating new keys

[magarity]

The little server running the key card system back where I worked was connected to four things: three key makers with numeric pads and the wall power outlet. After the installer finished setting it up, he hauled off the keyboard and monitor. So there wasn't any hacking the database unless the hacker brought his own IO devices. Presumable the same applied to a repair tech but the thing just worked.

It's Always good to have a backup.

[0ryn]

My Gosh, you'd have thought that after the 1st time this happened they'd have gone out and bought a backup or set of backup HDD's. It's not rocket science.
I wonder if the system is running XP?

Re:Common Sense Overridden by Convenience

Supposedly the keyserving-system could be air-gapped; but medium and large hotels usually have plenty more systems (and often only one computer/monitor in the lobby). Hotels have online bookings, they must be able to check/import those into their billing/accounting systems; the lobby nightshift is supposed to scan Tripadvisor and such sites for comments.
There's often a separate system to monitor minibar-usage and another for non-free TV entertainment channels (read pr0n), both of which have info dumped straight into the billing system. Information and images from movement sensors and surveillance cameras may also pop up on the lobby monitor.

How would you separate such critical systems (critical for hotel management)?

Not IoT regulation - EULA reguation

[zerofoo]

We don't need the government regulating IoT devices. What we do need is legal recourse when IoT devices fail.

A EULA should never indemnify the manufacturer from the liability of manufacturing a defective product. A EULA should not be permitted to restrict your rights to sue for damages.

This is how IoT gets fixed. Hold manufacturers responsible for the crap they produce.