Hotels – WindowsTechs.com

Security Vulnerability in Saflok’s RFID-Based Keycard Locks

Posted on March 27, 2024 by Bruce Schneier

Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries. By exploiting weaknesses in both Dormakaba’s encryption and the underlying RFID system Dormakaba uses, known as MIFARE Classic, Carroll and Wouters have demonstrated just how easily they can open a Saflok keycard lock. Their technique starts with obtaining any keycard from a target hotel—say, by booking a room there or grabbing a keycard out of a box of used ones—then reading a certain code from that card with a $300 RFID read-write device, and finally writing two keycards of their own. When they merely tap those two cards on a lock, the first rewrites a certain piece of the lock’s data, and the second opens it…

Continue reading Security Vulnerability in Saflok’s RFID-Based Keycard Locks→

Hotels Remain a Prime Target for Hackers

Posted on December 11, 2020 by Chinmai Sharma

Although all industries have felt the strain from COVID-19, the hotel sector has been particularly hard hit. As hotels move to bring occupancy rates up, they should use this time to examine another pressing problem: protecting customer data, which has… Continue reading Hotels Remain a Prime Target for Hackers→

Marriott Was Hacked — Again

Posted on April 2, 2020 by Bruce Schneier

Marriott announced another data breach, this one affecting 5.2 million people: At this point, we believe that the following information may have been involved, although not all of this information was present for every guest involved: Contact Details (e.g., name, mailing address, email address, and phone number) Loyalty Account Information (e.g., account number and points balance, but not passwords) Additional… Continue reading Marriott Was Hacked — Again→

Details of an Airbnb Fraud

Posted on November 6, 2019 by Bruce Schneier

This is a fascinating article about a bait-and-switch Airbnb fraud. The article focuses on one particular group of scammers and how they operate, using the fact that Airbnb as a company doesn’t do much to combat fraud on its platform. But I am more interested in how the fraudsters essentially hacked the complex sociotechnical system that is Airbnb. The whole… Continue reading Details of an Airbnb Fraud→

Marriott Hack Reported as Chinese State-Sponsored

Posted on December 13, 2018 by Bruce Schneier

The New York Times and Reuters are reporting that China was behind the recent hack of Marriott Hotels. Note that this is still uncomfirmed, but interesting if it is true. Reuters: Private investigators looking into the breach have found hacking tools, techniques and procedures previously used in attacks attributed to Chinese hackers, said three sources who were not authorized to… Continue reading Marriott Hack Reported as Chinese State-Sponsored→

Marriott Hotels Announces Data Breach of 500 Million Customers

Posted on November 30, 2018 by Joseph Cox

The data stolen from the company’s Starwood properties includes passport numbers, and for some customers, potentially compromised payment card information. Continue reading Marriott Hotels Announces Data Breach of 500 Million Customers→

Security Vulnerabilities in VingCard Electronic Locks

Posted on April 30, 2018 by Bruce Schneier

Researchers have disclosed a massive vulnerability in the VingCard eletronic lock system, used in hotel rooms around the world: With a $300 Proxmark RFID card reading and writing tool, any expired keycard pulled from the trash of a target hotel, and a … Continue reading Security Vulnerabilities in VingCard Electronic Locks→

Security Vulnerabilities in VingCard Electronic Locks

Posted on April 30, 2018 by Bruce Schneier

Researchers have disclosed a massive vulnerability in the VingCard eletronic lock system, used in hotel rooms around the world: With a $300 Proxmark RFID card reading and writing tool, any expired keycard pulled from the trash of a target hotel, and a set of cryptographic tricks developed over close to 15 years of on-and-off analysis of the codes Vingcard electronically… Continue reading Security Vulnerabilities in VingCard Electronic Locks→

Watch Someone Break Into a Hotel Room Using Just a Paper Menu

Posted on March 26, 2018 by Samantha Cole

Proof that you should always deadbolt the damn door. Continue reading Watch Someone Break Into a Hotel Room Using Just a Paper Menu→

Hyatt Hit By Credit Card Breach, Again

Posted on October 13, 2017 by Tom Spring

Hyatt said its payment systems have been breached, exposing credit card data from 41 hotels in 11 countries between March and July this year. Continue reading Hyatt Hit By Credit Card Breach, Again→