It has been recently reported that digital hotel door locks can be compromised by simple tweaks to their in-built security software, according to research from a cybersecurity firm. The hardware kit used to clone keys involves scanning the RFID tag or mag stripe included in a card key, which is then copied by a small device which is then able to generate a huge number of extra keys in a matter of minutes. In fact, thousands of hotel rooms around the world can be accessed by bad actors.
Smart hotels use technology to create more convenience for the busy traveler where amenities can be accessed with a click or touch of a screen, but they can also be a hotbed for hackers and scammers. From room keys that use facial recognition, to sensors attuned to guests, to televisions that talk back, touch screen surfaces, smart toilets and temperature controls, these connected devices can have vulnerabilities that can turn a traveler’s dream vacation — or sensitive business trip — into a nightmare.
With smart hotels and connected rooms, the hotel is collecting troves of data and hackers and scammers are standing by looking to cash in on a hotel guest’s personal and financial data. Hotel systems are only as safe as their security measures. Connected devices rely on the Internet to function, which increases their attackable surface.
What should savvy travelers do who want the “smart” hotel experience but don’t want to be a target? Use long and strong passwords that don’t repeat across sites; opt to use a VPN (Virtual Privacy Network) when using hotel Wi-Fi; enable two-factor authentication on all devices; and make sure to never click on strange links that may look like they are coming from the hotel but are actually spoofed, leaving the guest’s device infected with malware.
Adam Levin is founder of CyberScout and author of Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves