Security Flaw in 4+ Million Hotel Keycard Locks

Hotel keycards – convenient, if the stripe doesn’t get demagnetized. But secure? Possibly not.

Remember the good old days when a hotel would give you an actual key to your hotel room door?

Actually, I prefer the keycards – they are easier to keep in a wallet, and they can be a fun thing to collect as souvenirs of hotels stayed at, as well.  Now if only hotels would pay a bit more for the keycards and their associated reader/writer devices that store their magnetic details more ‘strongly’ on their stripes…..

There are good reasons for hotels to use the electronic lock systems.  The system keeps a record of every time and card used to access every lock, and if a ‘master keycard’ is lost or stolen, the system can electronically void the master keycard.  Back when hotels had regular keys, the loss of a masterkey would (at least in theory) require all the hotel’s locks to be re-cut, a huge cost.

Plus, each different guest gets their own unique keycard to their room’s door – there’s never a concern about a previous guest using their old keycard to access the room, whereas physical keys were always at risk of being duplicated or simply kept and misused in the future.

So, in lots of ways, the upfront greater cost of an electronic key system is generally quickly repaid in the form of better operational and security benefits, and our occasional hassle of demagnetized keycards has been accepted by all as a small price to pay.

But – oooops.  This article points out how a hacker has exposed a vulnerability affecting one of the major brands of keycard door locks, making it possible for a hacker with only a very small investment in electronic components to open locks belonging to that manufacturer.  Indeed, the hacker has sold his discovery to a locksmithing school, where, for all he knows (and for all he cares) the school is now teaching its students not only how to use regular lock picks to open regular locked doors, but how to use this new vulnerability to open electronic door locks too.

What to Do About Your Insecure Hotel Room Door

What should you do?  Two things, maybe even three.

First, check to see if the door on your hotel rooms uses this type of electronic lock or not (feel for the power port on its underside).  If it does, complain to the hotel management.

Second, be sure to always use the chain on your door while you are in your room.  Even a safety chain is little deterrence to a skilled burglar, but it might slow him down or cause him to move to an easier target room.

Third, you might want to consider some sort of door alarm.  I particularly like this type of device, which is inexpensive and easy to use.  It doesn’t work all the time (depends if there is an electrical connection between the outer and inner door handles) but you can test it yourself of course to see if it works at each hotel, and if it does, be sure to use it.  Other types of alarms rely on vibrations or on pins slipping out as the door opens, and are also reasonably functional and inexpensive.

Of course, these precautions only apply to when you’re in the room – they don’t help while you’re out of the room, which is why you should complain to the hotel management as well.

2 thoughts on “Security Flaw in 4+ Million Hotel Keycard Locks”

  1. Pingback: Chai Digest September 15-30: Tibet is shuttered and the UK welcomes the rich with slightly less crappy airport experience - Rapid Travel Chai

  2. the electronic keycards allow dynamic updating of algorithms so it is almost next to impossible to be able to pick a lock and duplicate it for the future.
    Yes for magnetic stripe keycards to clone a current key is very easy but mind you the moment this guest checks out the key will no longer work. A new key is generated each time a new guest checks in and hence the possibility of a security breach is minimised.
    Yes the house keeping staff uses master keys and these allow universal access. So if one could clone that key then certainly you would have unlimited access to all rooms.

Leave a Reply

Scroll to Top
Scroll to Top

Free Weekly Emailed Newsletter

Usually weekly, since 2001, we publish a roundup of travel and travel related technology developments, and often a feature article too.

You’ll stay up to date with the latest and greatest (and cautioned about the worst) developments.  You’ll get information to help you choose and become a better informed traveler and consumer, how to best use new technologies, and at times, will learn of things that might entertain, amuse, annoy or even outrage you.

We’re very politically incorrect and love to point out the unrebutted hypocrisies and unfairnesses out there.

This is all entirely free (but you’re welcome to voluntarily contribute!), and should you wish to, easy to cancel.

We’re not about to spam you any which way and as you can see, we don’t ask for any information except your email address and how often you want to receive our newsletters.

Newsletter Signup - Welcome!

Thanks for choosing to receive our newsletters.  We hope you’ll enjoy them and become a long-term reader, and maybe on occasion, add comments and thoughts of your own to the newsletters and articles we publish.

We’ll send you a confirmation email some time in the next few days to confirm your email address, and when you reply to that, you’ll then be on the list.

All the very best for now, and welcome to the growing “Travel Insider family”.