Fancy resort thinking about going back to mechanical locks

[Jacob Morgan]

https://mobile.nytimes.com/2017/01/30/world/europe/hotel-austria-bitcoin-ransom.html

Thought that some people here might find this amusing. A posh Austrian ski resort is hacked and guest cards will not unlock doors until a ransom is paid to the hackers.

From the NYT article:

"To guard against future attacks, however, he said the Romantik Seehotel Jaegerwirt was considering replacing its electronic keys with old-fashioned door locks and real keys of the type used when his great-grandfather founded the hotel."

“'The securest way not to get hacked,'” he said, “'is to be offline and to use keys.'”

That, or air-gap the card system. Funny if being handed a brass key at check-in becomes the mark of a high-class hotel. All this attack did was keep people out of their hotel rooms. Think about all the places people swipe cards, and what would happen if none of them worked.

[Tyler J. Thomas]

Hope they have mechanical override.

[Ralph_Goodman]

Thank you so much for sharing! I would have missed this story without you.

Absolutely fascinating.

I worry about prison locks for this same reason. A year or so back, some white hat hackers found a remote access point for all of the locks in an entire prison facility. If they had not found it first, this type of issue could have been even more horrific.

My problem with these types of systems is this exact vulnerability. A lock picker needs to have time with the lock. But they need to be there with it physically. But if the lock is remote, then it can be tested from anywhere, at any time. Then you have the issue of prosecuting these criminals. Because these are remote attacks, they don't have to be carried out from the same country or even continent.

Crime is sure to get a whole lot weirder as people continue to figure this stuff out.

[billdeserthills]

I'm so glad to hear that sanity may be slowly returning. Electronic anything is just a future problem waiting to happen

[dontlook]

So this got corrected, they cannot make new cards until the ransom is paid.

and while it is all good and well that the manager says on the next room upgrade they are going mechanical, he doesn't give a time frame. That could be a number of years, and the decision may change/not stick.

Backups, backups, backups.

[peterwn]

I'm so glad to hear that sanity may be slowly returning. Electronic anything is just a future problem waiting to happen

Maintaining mechanical keys in a hotel is a pain and there is a risk that a lost or stolen key (especially a masterkey or emergency key) could be improperly used. A masterkey could be improperly converted to an emergency key. The cost and effort of changing out locks when a key goes missing is such that management may not bother until there is a nasty incident.
Perhaps the management of that hotel forgot what a pain mechanical keys were. They also seemed to have no contingency plan for such an incident.
Wonder how often any other hotel card systems have fallen over. It must be extremely rare otherwise it would have made more news than this one instance.

[peterwn]

Hope they have mechanical override.

They generally seem to. The cylinder is sometimes visible or presumably it is behind a removable cover. I think I am correct in thinking that these cylinders have an auxiliary bible so they can be given a limited number of re-keys by removing the old key in the 'auxiliary' position then inserting the new key thus leaving master wafers behind.
I read somewhere that in one type of lock the over-ride cylinder was being eliminated and hotel engineering staff be given instructions how to get a failed lock open which I presume would be by drilling out a sacrificial component. Having to drill all the locks if the card system falls over would be time consuming and a real pain.

[Jacob Morgan]

I'm so glad to hear that sanity may be slowly returning. Electronic anything is just a future problem waiting to happen

Maintaining mechanical keys in a hotel is a pain and there is a risk that a lost or stolen key (especially a masterkey or emergency key) could be improperly used. A masterkey could be improperly converted to an emergency key. The cost and effort of changing out locks when a key goes missing is such that management may not bother until there is a nasty incident.
Perhaps the management of that hotel forgot what a pain mechanical keys were. They also seemed to have no contingency plan for such an incident.
Wonder how often any other hotel card systems have fallen over. It must be extremely rare otherwise it would have made more news than this one instance.

Ransomware attacks are a fairly recent phenomena, and nearly all companies hit by it do not want publicity. I have a relative who works at a consulting firm that serves rural telephone companies. A new service they offer is testing electronic security. Some customers do that, and then patch the vulnerabilities found. Others do not take advantage of the service, and then call up a few months later asking what bitcoins are and where to get some--i.e., they were vulnerable and someone broke into their network and encrypted their accounting files for ransom, etc. I am sure that few in those communities knew what happened down at the local phone co-op. This is the first known time it involved electronic locks, but now that the idea is out there it will probably not be the last. The resort in question did not have a mechanical key override, and I have been in a lot of hotels that did not have mechanical overrides. In the case of the resort in question, I think they would rather put up with the occasional hassle of mechanical locks, then suffer a catastrophic loss in business when their patrons pass on them next season because of that time none of the doors would open and it screwed up all their plans that day.

Some hotels do still use mechanical locks (stayed at a motel last spring that used them), and if there is demand for it, some improved changeable mechanical locks could be developed. Maybe something in principle like the Kwikset deadbolt that has the resettable "Smartkey" in the bottom and a separate lock (for the "master" key in the top) such that staff could quickly change combinations on the lower keys and have a housekeeping key (the top key way) http://www.kwikset.com/Products/Details/Deadbolts/816-3-SMT.aspx. Preferably something with more strength than a "Smartkey" lock and more durability than Kwikset, but If there is demand for it a company might develop it. Nearly all of the hotels stampeded to electronic locks what, 20 - 25 years ago, but maybe some clever mechanical locks might be due for a come back, it is not like mechanical locks have stood still in those 25 years.

[Tyler J. Thomas]

I have seen smaller motels utilize the Kwikset Smart Key. I'll give it to Kwikset. It was a garbage product at the beginning but through a lot of trial and error they seem to be refining and improving it.

I'm not a fan of the whole "online" access control craze taking over. It's mere convienence at a tremendous cost to security. Customers want that ability (and rarely use it).

I don't have a dog in any fight; I can work on mechanical or electrical. My preference would be to keep mechanical systems, or at least offline systems with mechanical override. I'm almost to the point of adopting a policy of not selling or offering systems with embedded servers or online capabilities. If they want to access their system online, install a Remote Desktop software and utilize your own security, which you are liable and responsible for, not me.

Most companies just use it as a sales tool. "Look what you can do!" For me, I just see a nightmare waiting to happen.

[peterwn]

Preferably something with more strength than a "Smartkey" lock and more durability than Kwikset, but If there is demand for it a company might develop it. Nearly all of the hotels stampeded to electronic locks what, 20 - 25 years ago, but maybe some clever mechanical locks might be due for a come back, it is not like mechanical locks have stood still in those 25 years.

Another option - BEST. Stayed at a New Orleans hotel (down to mid market) years ago and it had Best cylinders on the rooms. Gave me the message that they took guest security seriously.

[RedE]

Preferably something with more strength than a "Smartkey" lock and more durability than Kwikset, but If there is demand for it a company might develop it. Nearly all of the hotels stampeded to electronic locks what, 20 - 25 years ago, but maybe some clever mechanical locks might be due for a come back, it is not like mechanical locks have stood still in those 25 years.

Another option - BEST. Stayed at a New Orleans hotel (down to mid market) years ago and it had Best cylinders on the rooms. Gave me the message that they took guest security seriously.

Best makes a good lock for sure, but all of their stuff is easy to get blanks for, unless it's the newest CORMAX line. I agree that an interchangeable or removable core system would be crucial to maintaining security if keys went missing.

[Ralph_Goodman]

Best makes a good lock for sure, but all of their stuff is easy to get blanks for, unless it's the newest CORMAX line. I agree that an interchangeable or removable core system would be crucial to maintaining security if keys went missing.

Missing keys or people using blanks for unauthorized duplication are certainly issues, but it is much simpler to guard against/detect than these internet based attacks.

You can find out about missing keys much easier than you can find out about ransomware being installed covertly/remotely. And someone using a physical key can be discovered by surveillance as they need to actually use it in the real world.

Once you find the issue, your chances of prosecuting the criminal are much higher, because your security forces them to be physically present during the crime.

With digital attacks, you may never find the person responsible because there are no finger prints to leave behind (and they probably know more about masking their online identity than any standard investigator). But even if you do find out where these people are, you better hope that they aren't in a different country.

[GWiens2001]

If the hotel frequently swaps the cores on the doors, then it would be harder to find the lock your copies key fits.

Gordon

[Ralph_Goodman]

If the hotel frequently swaps the cores on the doors, then it would be harder to find the lock your copies key fits.

Gordon

That is genius! If they don't do that already, then they certainly should.

Seems like it would be a lot better than rekeying, especially if there is a master key system.

If someone was going to do this, then they should randomize the core swapping process. Any type of system that is repeated can be compromised with insider knowledge or just a bit of trial and error.

[billdeserthills]

I have seen smaller motels utilize the Kwikset Smart Key. I'll give it to Kwikset. It was a garbage product at the beginning but through a lot of trial and error they seem to be refining and improving it.

I'm not a fan of the whole "online" access control craze taking over. It's mere convienence at a tremendous cost to security. Customers want that ability (and rarely use it).

I don't have a dog in any fight; I can work on mechanical or electrical. My preference would be to keep mechanical systems, or at least offline systems with mechanical override. I'm almost to the point of adopting a policy of not selling or offering systems with embedded servers or online capabilities. If they want to access their system online, install a Remote Desktop software and utilize your own security, which you are liable and responsible for, not me.

Most companies just use it as a sales tool. "Look what you can do!" For me, I just see a nightmare waiting to happen.

I agree that Kwikset has refined their crummy SmartKey product, but I still find it to be a crummy
product, if only because if a person puts the wrong key into a smartylock and tries to turn it too hard,
that's the end of the lock. I have seen this many times, even more so with clients who have extra keys
made where the key machines are not correctly calibrated. This out of spec key can cause a total
failure of the smartkey lock, which is just too junky for me to stock this product