Security Flaw In Common Keycard Locks Exploited In String Of Hotel Room Break-Ins

[InfoSec News <alerts () infosecnews org>]

http://www.forbes.com/sites/andygreenberg/2012/11/26/security-flaw-in-common-keycard-locks-exploited-in-string-of-hotel-room-break-ins/

By Andy Greenberg
Forbes Staff
Security
11/26/2012

Whoever robbed Janet Wolf’s hotel room did his work discreetly.

When Wolf returned to the Hyatt in Houston’s Galleria district last 
September and found her Toshiba laptop stolen, there was no sign of a 
forced door or a picked lock. Suspicions about the housekeeping staff 
were soon ruled out, too -- Wolf says the hotel management used a device 
to read the memory of the keycard lock and told her that none of the 
maids’ keys had been used while she was away.

With the mystery unexplained, the Hyatt tried to give its guests a sense 
of security by posting a guard in its lobby. But Wolf couldn’t shake the 
notion that a thief could re-enter her room at any time. “I had dreams 
about it for many nights,” says Wolf, a 66-year-old Dell IT services 
consultant traveling in Houston for business. “I’d wake up and think I 
saw someone standing there at my desk.”

Two days after the break-in, a letter from hotel management confirmed 
the answer: The room’s lock hadn’t been picked, and hadn’t been opened 
with any key. Instead, it had been hacked with a digital tool that 
effortlessly triggered its opening mechanism in seconds. The burglary, 
one of a string of similar thefts that hit the Hyatt in September, was a 
real-world case of a theoretical intrusion technique researchers had 
warned about months earlier -- one that may still be effective on 
hundreds of thousands or millions of locks protecting hotel rooms around 
the world.

[...]

______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org