Tag Archives: Hotel Security

by | December 14, 2012 · 7:05 am

Hospitality Industry Security Risks: Hotel Electronic Door Locks In "Various Stages Of Being Repaired"; "Mechanical Caps And Security Screws" Provided To Block Hackers

In October, hotel insurance-related company Petra Risk Solutions issued its hotel clients an alert headlined, “Crime Alert – Onity Guestroom Door hackers are for real.”

Onity Electronic LockIn Florida, Petra loss prevention expert Todd Seiders said he received reports that a hacker had been seen carrying a laptop and using a key card – possibly connected to the laptop – to open locked guestroom doors.

The locks on more than 1 million guestroom doors are in various stages of being repaired, following the revelation this summer that they may be vulnerable to hackers.

The New York Marriott Marquis, the biggest hotel in Manhattan, for instance, just completed updating all of its nearly 2,000 door locks. The hotel is one of thousands of properties with guestroom locks manufactured by Onity, a division of United Technologies. An Onity website also shows Sheraton, Hyatt, Holiday Inn, Fairmont, Radisson and other well-known hotels from Paris to Perth as also having its locks updated.

The hacking tool, according to Petra’s alert, could be made for about $50 in easy-to-acquire electronic parts.

“Please train and notify your hotel staff that these burglaries are spreading across the country,” Petra’s alert cautioned hoteliers. “Hotel staff should be vigilant while they are on the guest floors and paying attention to guests walking through hallways…Take time to watch guests walking through your hallways to ensure they are going to a room and entering it. Be very suspicious of someone carrying a laptop or small bag wandering the hallways. Greet guests and ask them if they need assistance.”

Onity did not immediately return an e-mail seeking comment about the issue. But in a statement updated for December on its website, Onity says that as of Nov. 30, it has shipped hardware to fix 1.4 million hotel door locks. The hardware includes mechanical caps and security screws that “block physical access to the lock ports that hackers use to illegally break into hotel rooms.”

For more:  http://www.usatoday.com/story/hotelcheckin/2012/12/14/hotels-fixing-flaw-that-made-room-locks-vulnerable-to-hackers/1769081/

Comments Off on Hospitality Industry Security Risks: Hotel Electronic Door Locks In "Various Stages Of Being Repaired"; "Mechanical Caps And Security Screws" Provided To Block Hackers

Filed under Crime, Guest Issues, Liability, Maintenance, Management And Ownership, Risk Management, Technology, Theft

Tagged as , , , , , , , , ,

by | November 9, 2012 · 6:49 am

Hospitality Industry Crime Risks: Tennessee Hotel Rooms Broken Into By "Convicted Burglar" Using "Chiseled Tip Knife" And Keycards Stolen From Cleaning Carts

“…Police said Brown was carrying seven keycards from several hotels as well as knife with a chiseled tip that could be used to defeat locking mechanisms…He told police he had taken the keys from a cleaning cart…”

Police are investigating whether a man who allegedly broke into a hotel room in downtown Nashville had any involvement in ten other similar hotel burglary since January.

Police said the victims were inside their hotel room on the 13th floor of the Renaissance Hotel when 35-year-old Antoun Brown came in and asked where the ice machine was, and then made his way into the bathroom before leaving.

The victims told police they heard someone messing with their door lock before he came inside.

Hotel security apprehended him on the 4th floor and held him until police arrived to take him into custody.

Brown, who is a convicted burglar, was charged with aggravated burglary and possession of a burglary tool.  His bond was set at $13,000.

For more:  http://www.newschannel5.com/story/20040554/man-allegedly-broke-into-downtown-hotel-room

Comments Off on Hospitality Industry Crime Risks: Tennessee Hotel Rooms Broken Into By "Convicted Burglar" Using "Chiseled Tip Knife" And Keycards Stolen From Cleaning Carts

Filed under Crime, Guest Issues, Liability, Maintenance, Risk Management, Theft

Tagged as , , , , ,

by | November 7, 2012 · 7:48 am

Hospitality Industry Security Risks: Florida Hotel And Management Company Ordered To Pay $1.7 Million To Victim Of "Car Jacking" In Parking Lot; "Inadequate Hotel Security And Burned Out Lights In Parking Area"

“…evidence showed “security was present, but spent more time delivering bed items, towels, and bell carts to guests rather than patrolling the exterior of the hotel and serving as a deterrent to crime. The hotel provided a ‘uniformed housekeeper,’ not security…”

In addition, lights that would have illuminated the area where the crime occurred were burned out and hadn’t been replaced for months.

An Orange County jury Friday ordered Hilton Embassy Suites, Interstate Management Company, and SecurAmerica to pay a combined $1.7 million dollars in restitution to Troy Anderson, who was shot in 2008 while parking his car at the Hilton Embassy Suites on Jamaican Court, near International Drive.

Anderson filed a lawsuit in 2009 for the shooting that occurred on the premises of the Hilton Embassy Suites on September 26, 2008, when he was shot multiple times during a car jacking. He sustained serious and life-threatening injuries as a result. (Troy Anderson v. Hilton Hotels, et al., Case No. 2009-CA-040473-O, Fla. 9th Judicial Cir.).

A former Regional Manager, Chuck Klawitter, testified the hotel would “wait until enough lights were burned out to justify getting a ‘hi-light’ to replace the burned out lights.” Klawitter and two other former SecurAmerica employees, Emmanuel Denau, a former Quality Assurance Supervisor, and Rob Wombolt, a former Operations Manager, testified they brought their security concerns to the attention of the hotel and the security company.

Witnesses testified that the area where hotel personnel instructed Mr. Anderson to park his vehicle was “very dark,” even though it was only 50 or 60 feet from the hotel entrance. Crime Scene Investigator (CSI), Gerardo Bloise, Orange County Sheriff’s Department (OCSO), photographed and documented the scene and his photographs confirmed that a critical floodlight intended to illuminate the area where Mr. Anderson parked was not working on the night he was shot. CSI Bloise confirmed in his testimony the area was “very dark.”

Assistant Hotel General Manager, Victor Vergara, claimed and testified at trial, contrary to the evidence, that all the lights were working and the parking lot lighting was “perfect.”

Jurors also learned that a similar strong-armed robbery had occurred in the parking lot of the Embassy Suites ten days prior. Deputy Lourdes Clayton of the OCSO appeared on the scene of the armed robbery ten days earlier and was on the Hilton Embassy Suites’ property for approximately an hour. The hotel and security company denied knowing she was on the property though in following protocol she would have arrived with lights and sirens on as the call was a Code 3 emergency. She also completed an “incident report,” which is a public record and which was brought out in her testimony at trial where she verified she was on the property for “approximately an hour.” The victim who was robbed at gunpoint, 72-year-old Roger Kraft from Ohio, stayed an additional two nights at the hotel, yet the hotel and security company argued he did not tell anyone about being robbed despite the fact his wallet, cash, and credit cards were stolen. Allen told the jury the assertion was “ridiculous.” Mr. Kraft unfortunately passed away a year and a half ago.

For more:  http://news.yahoo.com/orlando-hotel-ordered-pay-1-7-million-dollars-082430903.html;_ylt=A2KJjakMeZpQcGcAaXDQtDMD

Comments Off on Hospitality Industry Security Risks: Florida Hotel And Management Company Ordered To Pay $1.7 Million To Victim Of "Car Jacking" In Parking Lot; "Inadequate Hotel Security And Burned Out Lights In Parking Area"

Filed under Crime, Injuries, Insurance, Liability, Maintenance, Management And Ownership, Risk Management

Tagged as , , , , , , ,

by | October 7, 2012 · 1:14 pm

Hospitality Industry Information Security Risks: Hotel's Guest's Credit Cards Are Targets For "Identity Thiefs" From "Mulitple Charges" During Stay

“…hotels have lots of employees — and many of them have access to the credit card and other personal information of guests. No matter how well trained and supervised, more personnel correlates to greater risk. The fact that low-level employees typically have access to key guest information, and that there is, historically, a high turnover in hotel employees, exacerbates the problem…”

Hotels are obvious targets for identity and financial theft for many reasons. Hotels transact business through credit cards, and those credit cards are kept on file and can be accessed multiple times during a guest’s stay. The possibility that a credit card charge will be recorded occurs with each night’s room charge, room service, bar or restaurant bill, spa charge, and so on. Every charge is another opportunity for an identity thief to access the information using sophisticated computer hacks and other malicious software, generally without the hotel’s knowledge.

The need to respond to guest demands is another source of insecurity. The Identity Theft Resource Center noted, “The ability to connect to the Internet is an integral part of many individuals daily life. This has led to the increased demand for public WiFi.” As a result, hotels find themselves compelled to offer wireless internet, and that service is almost always unsecured. But an unsecured wireless network is “just as dangerous as leaving files of your most important personal documents on a street curb for all to see. Hackers can easily get into an unsecured wireless network and get financial information, business records or sensitive e-mails.” (PC World, “Got Wireless Security”, http://www.pcworld.com/article/125040/got_wireless_security.html). At the same time, hotels have little say in the matter. Guests demand wireless internet service.

Some security researchers have described a wave of attacks against the hospitality industry. In 2010, the cybersecurity consultant Trustwave found that in 38% of its investigations, hotels and resorts were the victims of successful cyber intrusions, despite those firms only representing 3% of its customers.  Hotels represent a disproportionate number of security breaches.

For more:  http://hotellaw.jmbm.com/2012/10/liability_for_guest_information_.html

2 Comments

Filed under Crime, Guest Issues, Liability, Management And Ownership, Risk Management, Technology, Theft

Tagged as , , , ,

by | October 4, 2012 · 6:29 am

Hospitality Industry Security Risks: Hotel "Electronic Room Locks" Opened With "Hacking Device" Tool Disguised As "Dry Erase Marker" (Video)

[youtube=http://www.youtube.com/watch?v=QyN-8CeNSZg]

A trio of hackers have built a tool that appears to be an innocent dry erase marker, but when inserted into the port on the bottom of a common form of hotel room keycard lock triggers the lock’s open mechanism in a fraction of a second.

The security researchers who spend their days breaking into clients’ systems to find and fix security vulnerabilities often call themselves “penetration testers,” or “pentesters.” But one group of hotel lock hackers just gave the term “pentest” a very different meaning.

The inconspicuous lock hacking device is an adaption of one demonstrated at the Black Hat security conference in July by Cody Brocious, a hacker and software developer for Mozilla, who discovered and exploited a vulnerability in Onity locks, a cheap and popular hotel room lock that the company says are used on at least four million hotel rooms worldwide. Through the port on the bottom of the lock intended for a device that hotels can use to set master keys, Brocious found he was able to read the lock’s memory, including a decryption key stored on the locks that gave him access to their opening mechanism.

2 Comments

Filed under Crime, Guest Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , , , , ,

by | August 24, 2012 · 6:15 am

Hospitality Industry Property Risks: "Tornado-Damaged" Missouri Hotel Reopens After Spending Millions Of Dollars Repairing Windows And Structure

The tornado caused millions of dollars in damage, but no one was seriously injured…even the landscaping was dug up because of fallen glass.

The Hilton Hotel at Branson Landing will officially reopen September 15, more than six months after it was damaged by the Leap Day tornado. Since the February 29 EF-2 twister, 3,400 energy-efficient replacement windows have been installed at the hotel.

Nearly every piece of furniture and nearly all the carpet in the 12-story hotel will be new. The outside of the hotel will have a new look, too.

The Hiltons of Branson say new thermostats in all the guest rooms have a motion-detector system, allowing the room temperature to return to a pre-set level when the room is not occupied.

The temporary closure cost some team members their jobs. There are plans to rehire staff once the hotel reopens this fall. The Branson Convention Center, which sustained less damage than the adjacent hotel, reopened in the late spring.

For more: http://ozarksfirst.com/fulltext?nxd_id=691972

Comments Off on Hospitality Industry Property Risks: "Tornado-Damaged" Missouri Hotel Reopens After Spending Millions Of Dollars Repairing Windows And Structure

Filed under Claims, Insurance, Maintenance, Management And Ownership

Tagged as , , , , ,

by | August 11, 2012 · 7:24 am

Hospitality Industry Security Risks: Louisiana Hotels' Guest Rooms Burglarized By Thieves Who "Checked For Unlocked Doors"; Suspects Walked Out With Laptops And Electronics

“…(suspects were) walking in the hotel, walking out with the victim’s property…laptops, electronics, iPods, and iPads…cell phones, bags of clothing, jewelry…in some cases thieves got into rooms by checking for unlocked doors…”

After arresting two suspects in a string of downtown hotel burglaries, New Orleans Police confiscated loads of property. Police say rooms at several hotels in the downtown area were burglarized in early July. It was later determined to be the work of the same set of crooks.

“I noticed my door in my room even if I just walk out it doesn’t close,” one hotel guest said. Carroll says an anonymous tip from the public led detectives to arrest this modern day Bonnie and Clyde.

A search warrant executed at her home turned up loads of evidence.

For more:  http://www.abc26.com/news/local/wgno-property-stolen-from-hotels-returned,0,6918670.story

Comments Off on Hospitality Industry Security Risks: Louisiana Hotels' Guest Rooms Burglarized By Thieves Who "Checked For Unlocked Doors"; Suspects Walked Out With Laptops And Electronics

Filed under Crime, Guest Issues, Insurance, Liability, Maintenance, Management And Ownership, Risk Management, Theft

Tagged as , , , , ,

by | July 29, 2012 · 8:01 am

Hospitality Industry Crime Risks: Pennsylvania Hotel Evacuated After "Meth Lab" Chemicals And Materials Discovered In Third-Floor Room

“…Hotels and motels are increasingly used by meth-makers because the chemicals used – which can include lighter fuel, lye, lithium, and acetone, among other dangerous substances – seep into fabrics, furniture, and floors, according the Department of Justice website…” 

“You basically destroy someone’s hotel room, and then you leave.”

At least 300 guests were evacuated from the Hampton Inn at 1301 Race St. about 5:30 a.m. as first Philadelphia firefighters, then the Police Department’s homeland security and terrorism unit arrived to handle the volatile chemicals left behind by a would-be meth-maker.

Investigators discovered in a third-floor room the chemicals and materials used in the “one-pot” or “shake-and-bake” method of producing the dangerous, highly addictive stimulant.

The procedure can result in toxic fumes and explosions, leave behind a dangerous trail of chemicals, and render the room uninhabitable.

For more:  http://www.philly.com/philly/news/pennsylvania/20120729_Makeshift_meth_lab_forces_evacuation_of_Center_City_hotel.html

Comments Off on Hospitality Industry Crime Risks: Pennsylvania Hotel Evacuated After "Meth Lab" Chemicals And Materials Discovered In Third-Floor Room

Filed under Crime, Guest Issues, Health, Liability, Management And Ownership, Risk Management

Tagged as , , , , ,

by | July 27, 2012 · 6:08 am

Hospitality Industry Security Risks: Florida Hotel Security Cameras Capture Armed Robbery Suspects In Action (Video)

[youtube=http://www.youtube.com/watch?v=2CG6CTYoDKU]

Two armed men are on the run after police say they pulled of a hotel heist.

Security cameras captured every moment of the robbery at the Howard Johnson hotel on 50th Street in Tampa.

The footage shows the men make their way from the back of the hotel to the front office, where they force the clerk to empty the cash register at gunpoint. The suspects even take the handsets off the phones to keep the clerk from calling for help.

“These individuals are armed and they’re very determined and were very aggressive,” said Tampa police spokesperson Laura McElroy.

Both men were smart enough to cover their faces while they pulled off the crime, but one of them waited to mask up until after he scoped out the hotel lobby. That footage is giving police at least one clear shot of one of the men.
Read more: http://www.abcactionnews.com/dpp/news/region_tampa/security-footage-shows-armed-robbery-of-tampa-howard-johnsons-hojo#ixzz21pbvMAwY

2 Comments

Filed under Crime, Labor Issues, Liability, Management And Ownership, Theft

Tagged as , , , , ,

by | July 24, 2012 · 6:10 am

Hospitality Industry Security Risks: Electronic Hotel Room Locks Shown To Be Vulnerable To "Hardware Gadgets"

The system’s vulnerability arises, Brocious says, from the fact that every lock’s memory is entirely exposed to whatever device attempts to read it through that port. Though each lock has a cryptographic key that’s required to trigger its “open” mechanism, that string of data is also stored in the lock’s memory, like a spare key hidden under the welcome mat.

At the Black Hat security conference Tuesday evening, a Mozilla software developer and 24-year old security researcher named Cody Brocious plans to present a pair of vulnerabilities he’s discovered in hotel room locks from the manufacturer Onity, whose devices are installed on the doors of between four and five million hotel rooms around the world according to the company’s figures. Using an open-source hardware gadget Brocious built for less than $50, he can insert a plug into that DC port and sometimes, albeit unreliably, open the lock in a matter of seconds. “I plug it in, power it up, and the lock opens,” he says simply.

The ability to access the devices’ memory is just one of the two vulnerabilities Brocious says he found in Onity’s locks. He says the company also uses a weak encryption scheme that allows him to derive the “site code”–a unique numerical key for every facility–from two cards encoded one after another for the same room. By reading the encrypted data off of two cards and testing thousands of potential site codes against both cards until the decoded data displays a predictable interval between the two, he can find the site code and use it to create more card keys with a magnetizing device. But given that he can only create more cards for the same room as the two keys he’s been issued, that security flaw represents a fairly low risk compared with the ability to open any door arbitrarily.

For more:  http://www.forbes.com/sites/andygreenberg/2012/07/23/hacker-will-expose-potential-security-flaw-in-more-than-four-million-hotel-room-keycard-locks/

6 Comments

Filed under Crime, Guest Issues, Liability, Maintenance, Management And Ownership, Technology

Tagged as , , , , , ,