I just had to do it: crack a hotel key system

I have always wondered whats so great about the plastic cards you get when you check in at a hotel. Whats the magic touch? They are cheap and easy to replace when you loose them – which keys are not. So that must be the reason. Cheap price – cost savings. However something in me tells me if they are cheap they cannot be secure? Or can they? So what is on the cards? I just had to know; I took my key and read it into a magnetic stripe reader. The information on the key was:

  • Room number
  • Valid from
  • Valid to

Okey; so the doors must be connected to some computer? No. The room number is set in the door it-self and kept safe there by a EEPROM. So how could this be used? Well I just changed the room number from my own to a collegues – it worked. Like a charm. Thats not good. But I think its to much work to just re-key for every room I wish to enter so I decided to be creative, whats on the housekeeping key? Must be more secure? Right? No. It wasn’t; when I changed the room number value to 0, 9999, or -1 the key worked in both our rooms at the same time – this could be different between many systems but just a 20 minute guessing game and we were in.

I have disclosed this information to the selected hotel and they were a bit concerned, and they are looking into this right now. The equipment used was a magnetic card reader/writer (as found on http://www.hackershomepage.com/section6.htm), but lended from a POS VAR here in Sweden. Should it realy be this easy? Secure or easy? Your choice.

So what am I trying to say? Computer security starts with physical security. Because in the hotel room you leave your computer, with all the passwords to your network. If your lucky you will just get robbed of your money or laptop – but worst case scenario is that you ruin your company – disclosing all sensitive business information.