Hotel Hacker Exposes E-Vulnerabilities

Sections of this topic

    Modern technology creates crisis management risk

    While our never-ending quest for modernization has simplified many common tasks, it’s also spawned a new breed of crises related specifically to vulnerabilities in technology. The most common involve computer hacking, either as straight out attacks or a means of professional or amateur espionage, but it’s easy to forget that much more than PC’s and laptops are run on processors and microchips these days.

    Take your average hotel room for example. When’s the last time you used a physical key in your door? Now all of the locks are operated via electronic keycard, which makes it very easy for ownership to replace or recode for guests as needed. You might think this is even more secure system as well, no keys for nefarious types to copy and return with later, but check out this quote from a Forbes article by Andy Greenberg and see if you still feel the same way:

    A trio of hackers have built a tool that appears to be an innocent dry erase marker, but when inserted into the port on the bottom of a common form of hotel room keycard lock triggers the lock’s open mechanism in a fraction of a second.

    “I guess we wanted to show that this sort of attack can happen with a very small, concealable device,” says Matthew Jakubowski, one of the three hotel lock hackers and a security researcher with the consultancy Trustwave. “Someone using this could be searched and even then it wouldn’t be obvious that this isn’t just a pen.”

    The device is literally encased inside the shell of an Expo dry erase marker, the same type found in just about any conference room, and its only tell is that instead of the standard tip under the cap, there is a metal connector.

    Obviously, this has serious financial implications for the hotel industry, which is looking at having to replace or upgrade millions of locks. It also raises major reputation concerns. A break-in with this device would look no different than if a maid or other employee had simply entered the room and taken someone’s belongings, and even if it is caught by cameras, affected customers will blame the hotel as much or more than they do the thief for not keeping their establishment safe and secure.

    E-vulnerabilities are a fact of business today, and often the fixes are going to cost. Our advice is to bite the bullet and pay to keep your business and your stakeholders protected, the up-front cost will not even scratch the surface of the expenses should you be found at fault in neglecting proper crisis management.

    For more resources, see the Free Management Library topic: Crisis Management

    [Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is Social Media Manager for the firm, and also editor of its newsletter, Crisis Manager]