Tech Talk

Recent posts

Think about the moment when you first enter your hotel room. Look around: Does the room tell you anything unique about the hotel where you are staying? Or is it all beige walls and double beds with white covers, and you have to walk back outside and look at the sign on the hotel’s facade to even remember where you are?

Hotel guests commonly bring multiple devices with them during their stay. However, many hotel environments don’t provide easy access to charging outlets. This situation can lead to a guest feeling more than inconvenienced. A recent survey found almost 90 percent of people "felt panic" when their phone battery dropped to 20 percent or below.

Spam is one of the major problems that most hotel website owners face on regular basis. It is a bad practice used by spammers to persuade the page rank of a site.

GBTA recently partnered with AccorHotels to conduct a study investigating the role of loyalty in managed travel programs in Europe with the goal of understanding how loyalty programs currently fit within company travel policy and what opportunities may exist in the future.

People today expect to be connected always and everywhere; sometimes it’s hard to believe that there was a world before smartphones and Wi-Fi. In the time since Wi-Fi became ubiquitous in hotels, apartments, and public spaces, it has fueled the evolution of connectivity in a lot of ways. Just like Maslow’s hierarchy of needs, the most basic needs start at the bottom, and you can’t get to the next level without a strong foundation. 



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.

x
 

New POS Threat - Onsite Assessment vs. Check the Box

08/09/2016

Last week a new hacking device that threatens many POS and door lock systems circulated like wildfire. We have been fielding a large number of calls from clients and prospects asking questions about the story and the risks to their properties.

The reality is if this tool becomes generally available the threat landscape will expand significantly for hoteliers. The tone of our calls was somber since this is yet another risk our clients have to face. It also shines on the painfully slow rollout of EMV across all of the name brands (mag stripe vs. chip and pin).

The bright spot that came from our calls was a general agreement that having a data security firm perform an on-site assessment that includes interviewing, training and raising the overall awareness of the staff makes the property a little more secure. Certainly much more secure than a property that simply performs a “check-the-box” exercise. It also put a spotlight on the PCI controls that are often missed by hotels. Logging firewall activities, logging of OS and applications, file integrity monitoring, pentesting, vulnerability management and more.

If this hacking tool makes its way into the wild it will be difficult to prevent an attack.  But assessment, awareness and management of cardholder systems could help mitigate the risks.  At the end of the day an onsite assessment trumps “check the box.”      

Data theft is a constant concern for hotels, but a new tool developed by a security researcher may raise the alarm on physical security in hospitality. Weston Hecker, a security researcher with Internet security company Rapid7, modified existing technology to create a device capable of reading and duplicating hotel keycards, and is even capable of guessing every room’s key across a property.  The device was designed by altering the MagSpoof tool developed last year by hacker Samy Kamkar. At the time of its development, MagSpoof was able to wirelessly read magstripes off of cards used for door entry or payment transactions by producing a magnetic field similar to a mag stripe when swiped, storing card data for later use.

Hacker’s modification only adds $6 worth of hardware to the MagSpoof, and allows a hacker to take the information from any key, which includes encoded information regarding guestroom numbers and checkout dates, and then guesses the correct information to create a copy. The device can then run through every possible combination of these details before letting the user into a room.  While hotel door locks continue their shift to radio frequency identification and Bluetooth technology and away from magstripes, it remains to be seen how this device would be used to access rooms under these circumstances. However, not all hotels have fully upgraded past magstripes, making them more vulnerable than ever to entry. At the same time, while credit card companies are shifting to chipped cards and card readers, magstripes still remain a popular option for travelers meaning point-of-sale systems could become a larger target. Hacker’s tool can inject keystrokes into a PoS system with a magstripe reader simply by being placed near it, forcing the reader to accept data as long as it remains within a few inches.

About The Author
David Durko
CEO
Security Validation, LLC


David Durko is the CEO and chief compliance officer for Security Validation’ Data Security Advisory Practice. Security Validation provides PCI and GDPR Assessment Services along with Virtual Data Privacy Officer services from its offices in the U.S. and U.K.

 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code