Does your favorite hotel load your room key onto your smartphone? If so beware – researchers presenting at last week’s Black Hat USA 2019 conference said they easily hacked the room key system at an unnamed European hotel.
The German researchers said at the conference a hacker must be local to the hotel because the room key system uses Bluetooth to communicate between lock and phone. Still, they were able to use tools to log and monitor the Bluetooth lock credentialing process to find an easily hackable vulnerability.
The researchers said they notified the hotel’s lock vendor in April and that the vendor acknowledged the vulnerability. They said the vendor discussed update plans in June, but as of last week the system hadn’t been patched to fix the vulnerability.
This doesn’t involve the hotel’s WiFi system as other Internet of Things devices do. But it’s still a classic example of companies seeking to make a customer’s experience as seamless as possible while introducing the risk of being hacked, burglarized – or worse.