It’s no secret that the security of your hotel room isn’t great, and gaining access to a room is nearly child’s play for criminals. It is also estimated that around 60-70% of hotel thefts are from hotel employees. There are numerous entry tools available to the public that can quickly bypass the physical security controls, some of which are specifically made for breaking into hotel rooms (detailed below). Even the in-room safes that are provided by hotels are not secure. From physical control bypasses due to design flaws, master PIN codes that are never changed (and available online), master keys, master key cards, and social engineering, gaining access to them is also quite simple.
In this post, you’ll learn some common and basic techniques that criminals (including staff) are using to gain access into your room and/or room safe, as well as quick and easy options to help better secure yourself and your belongings while you’re in or out of the room.
For starters, let’s quickly cover the three (3) basic “security latches” that are most common in hotel rooms, all of which are easily bypassed:
|A piece of tape and a rubber band can bypass these, or a little bit of brute force can bust through it. Security chains are almost a thing of the past, and are being replaced with a hotel security latch, a.k.a. “square bar” locks.|
“U” Bar Lock
|Bypassed with a plastic shim, or more conveniently, a “Do not disturb” sign. There is even a video of someone bypassing it with a paper menu.|
Hotel Security Latch:
|The “Square Bar Lock”, or “Hotel Security Latch” was designed to prevent guests from propping their doors open like you can with the “‘U’ Bar Lock”. Although they are good at preventing doors from being propped open, they can be bypassed with something as simple as headphone wire.|
Security Latch Bypass Tools
The “Security Latch Opener” is also a cheap tool that quickly unlocks these swing arm security latches from the outside.
Securing the front door
The three most common “security latch” options for additional door security shown above are not very secure.
Luckily, there are a few ways to help greatly decrease the likelihood of an unauthorized person entering your hotel room. The only downside to utilizing most of these tools and techniques is is that it requires you to be inside to enable them.
Addalock Portable Door Lock
The cheaper alternative to the “Traveler’s Security Lock” is the “Addalock“. I use this lock on a regular basis. The only drawback is that it’s configured for locks with a single latch bolt strike plate. It still keeps the door closed and works very well even though your door will not latch properly if it’s not a single latch.
This lock is also easy to set and remove quickly, not requiring you to tighten or loosen screws.
Many hotels use lever handles on room doors, so a tool such as the “under-the-door tool” is highly successful. Here is a video of Tim opening his own hotel room with one of the tools:
Hand Towel in the Lever Handle
For a super-quick fix, roll up a hand towel and stuff it behind the lever handle. This will temporarily block attacks from the “under-the-door” tool as it closes the physical gap behind the lever handle, preventing the tool from getting behind the handle. It also works whether you’re in the room or not. Make sure that when you do this that the towel is very snug between the tip of the lever handle and the door. Here is a picture from my room during DEF CON 26 where I’m using a hand towel.
This is one of those areas where you can be creative. In this video I show that even though you have something in the gap between the handle and the door, it must be secure. I removed the foam liner from inside a cheaper laptop bag, which rolls up nicely and is easy to secure onto the handle. At first, it moves easy. However, once I position it more evenly, it will not slide over or fall off.
There is also the option of taping something that is big enough to block the gap onto the the door as well. I recommend using gaffer’s tape to secure it as it’s not messy, and it’s strong stuff.
If you can secure the thumb turner on a deadbolt in such a way that it will not turn, it helps to keep your door from being unlocked. I do want to mention that there are many different lock configurations out there that will automatically unlock the dead bolt for you when you engage the door handle to exit your room. This means that if someone utilized the Under-the-Door tool against your hotel room, even with the dead bolt engaged, it will still unlock it. So, it’s helpful to secure the thumb turner on a dead bolt to increase the security of it as well.
I have found a great, low-cost option that you can quickly set up while inside of your room.
This tool prevents the thumb turn from rotating, preventing the deadbolt from being unlocked. It’s extremely small and light, so traveling with it is no issue. This is something I use on every trip. And, the installation and removal is also quick and easy. Another positive is that it can be installed without opening the door, which you are required to do with the portable door lock mentioned earlier.
In this following video, you can see that I’m pushing with much more force with my hand than what is able to be applied using an Under-the-Door tool, and the product continues to function as expected.
Electronic Locks and Room Keys
Most hotels are shifting towards the use of electronic access key cards. Unfortunately, there are electronic bypass attacks as detailed in this article where researchers were able to create a digital “master key”, along with other types of attacks.
There are also the standard access card-cloning attacks as well, which is not as easy with NFC-based access cards, but it’s still possible. This article explains more.
Here are a few helpful tips:
- Purchase a trusted RFID-blocking wallet or purse, and keep your card in that. This isn’t a perfect solution as there are some card-cloning devices out there that are strong enough to read through most RFID-blocking products. However, it does make it more difficult, reducing the likelihood of a successful read by a badge cloner.
- It’s best practice to keep your room key out of site at all times. This means keeping it in a front pocket, and not leaving it lying around somewhere.
- Using something such as a traveler’s wallet makes it easier to keep these items in your front pocket, which also reduces the risk of being the target of a pick-pocket.
Sliding Glass Patio Doors
Fresh air can be amazing, especially when you are staying at a nice hotel overlooking the beach somewhere. It is wonderful to walk into a room with a balcony and a sliding glass door. Unfortunately, people often leave these doors open or forget to lock them back before leaving.
Just because you may be several floors up doesn’t deter a very determined criminal, especially if they are your neighbor. You don’t always have to be a parkour genius to climb outside from one room to the next.
After presenting at a private event, a former detective pointed out that he’s worked on numerous sexual assault cases where intruders made their way into a hotel room by forcing open sliding glass patio doors. He recommended having something such as a stick to block the door from being forced open, even if the latch bolt has been bypassed. Since a dowel rod or something similar isn’t always available, I’ve searched for a few more reliable, travel-sized options to follow his advice.
SABRE HS-DSB Door Security Bar
The only downside to this is the size of the tool. If you plan on traveling with this, you’ll have to keep it in your checked luggage. However, you’ll have the ability to secure another potential entry point in your room. Call the hotel before traveling and find out if your room will have a sliding exterior door.
Some rooms have a set of doors that allow you to open up your room to an adjacent room if you happen to be next door to friends or family. This is a useful feature, however, it’s another potential ingress point. A quick fix for this is to install the travel lock as previously mentioned. These doors often only have a deadbolt, so the deadbolt strap wouldn’t be effective as there’s no handle to install it properly.
It’s also a good idea to put a towel on the ground to cover up the gap.
This helps to reduce the likelihood of your neighbor attempting to peep in on you with a camera through the physical gap under the door.
Using a mechanical key isn’t as popular anymore, but you will still find them in use in older hotels, lodges, and especially in foreign countries. Because of master keys and lock picking, unwanted visitors can make their way in.
Blocking the Key way
One option that you have is to physically block the key way while you’re away. This is easily done by using the “Motel Keys” set by Sparrows.
Here is the description from their website:
These are based off a trick that was used by Traveling salesmen to prevent any access to their Motel rooms.
Often traveling with a mix of product and cash traveling salesman would become easy targets for theft.
Criminals would often have duplicate keys or simply pick the Motel lock while the salesman was out working.
Motel keys was the solution to making the lock inoperable and the room safer ….. note we said safer.
Motel keys come with two parts the first is a barb that can be placed into the lock making it inoperable.
The second is a slide that can ramp up the pins letting you remove the barb making the lock work again.
Simple and effective
The motel set consists of keys for
Standard Schlage, Weiser, Kwickset, and Yale
Although it’s not a perfect solution, it is a deterrent, and can potentially slow down an unskilled, motivated attacker.
Sometimes, a motivated attacker doesn’t even need tools if they are a skilled social engineer. Most hotels require you to show identification prior to generating a new proximity key for you. However, a good social engineer can successfully obtain your room key even if they do not have proper identification present.
Replacement Room Keys
Many times, Tim has observed people casually walk up to the front desk and ask for a replacement room key. Depending on how you deliver this request will probably land you a room key without having to say anything but the room number. Just last week, I watched a kid, no older than 10, walk up to the receptionist and say, “Um…excuse me, I need a new key for 305” and that was it. He was given a key and he took off running up the stairs. So, if a child can do it (granted being a kid or using a kid has advantages for thieves), a professional criminal can too.
But hotels ask for an ID, right? No. Not all of them. In fact, most of the time the only “two-factor” authentication that is required is the last name and the room number. Some hotels will ask for your ID, but if you are sharing a room with friends or family, everyone may not be listed on the hotel room registration.
Consider this: You walk up to the desk in a swim suit, water dripping off of you and onto the floor, “Sorry to bother you, but I locked myself out. Can I get a new key for room 123?” This is what a premeditated attack could look like. This also gives an attacker the ability to push for urgency, add some distraction and avoid having to present an ID.
But what if they don’t know the room number? It doesn’t matter. Saying something along the lines of, “Sorry to bother you, I am with the XYZ Corporate event, I got in late last night and forgot my wallet. It has my room key in it. To top it off, I can’t recall my room number.” With this approach all the attacker needs is a last name, which could be easily gleaned off of a corporate event, overheard in the bar area or while checking in. I know this works, because I’ve successfully performed this attack.
Room Charges for Days
Snack shops, bars, restaurants; they all have the ability to charge to a room. What do you need to charge a meal, beer or pack of M&Ms to a room? You need a room number and possibly a last name. For the snack bar, people just throw out a room number as they are walking away, and that is it. For a bar or restaurant, you often are required to fill in the room number, the name, and a signature. Sometimes you’ll see this be nothing more than scribbles and the waiter or bar tender still accepts it.
As mentioned in the replacement keys section, this is another method to exploit the lax efforts of hotel staff to validate identity before doing anything with the room. Always check your room charges. There are a lot of dishonest folks out there and free food and drinks are often a good motivator to let that dishonesty out.
What can you do?
Ask if they check for IDs
Always ask the receptionist if they check for IDs when providing replacement keys. Perhaps this is an odd question, but they need to be held accountable, especially when you’re able to fall back on their answer if something were to happen. You may also want to inform them that you are the only guest in the room during your stay, or let them know who else is staying in the room with you.
Add a password to your account when checking in.
Tell the employee that the password MUST be verified before a new key is issued, the room number is given out, items are charged to the room, etc. Most places will do this, and fingers crossed that they follow through with your request.
Have a fake guest name on file in place of your real name.
This helps to hide your identity against someone who’s attempting to get your room number, and will be met with a “I’m sorry. There’s no one staying here by that name.” Some hotels will reference your credit card on file instead of your name if you ask them to.
Keep Your Room Number to Yourself.
Be mindful of your conversations, and don’t give out your room number to someone you don’t know.
If you have to announce your room number for a room-related charge or service, do so in a way that the entire lobby or bar isn’t hearing it. You never know who’s listening and what their intent is.
Do you really need your room cleaned?
If not, consider placing the “Do Not Disturb” sign on your door as soon as you get there. This could also be a deterrent for a would-be criminal, to consider that you may be inside taking a nap. For extra precaution you may also consider leaving the radio or the television on to give the appearance that you are still in your room.
Always check your room charges!
Always check your room charges. Do not be afraid to dispute a charge, especially when you can point to the cameras overlooking the desk and ask them to check for themselves.
What can hotels do?
- Staff must be made aware of security threats and learn that politeness doesn’t mean not validating identification. This not only includes guest and room security, but also looking for suspicious activities.
- Ensure that you have cameras overlooking the service desk and hallways. This will not only help in investigations of theft or a break-in, but also assists in keeping employees and unwelcome guests in check as a potential deterrent.
- As mentioned above, exploitation of lever handles holds a big risk with hotels, especially those that do not have cameras in the hallways. Invest beyond cheap lever handles and/or a bigger threshold and better door fitment to remove the gap at the bottom of the guest room doors. If your hotel has to slide the bill beneath the door, consider some compensating controls (like camera coverage and handle replacements).
- Request a valid ID and validate that against the guest’s reservation before issuing a new room key, divulging information, room charges, etc.
Complementary safes that are provided in most hotel rooms are extremely weak, and riddled with vulnerabilities that are simple to exploit. On some models, if the safe is physically exposed, you can hit the top of it to cause the locking pin to shift, opening the safe. During season 1 of Mr. Robot on the USA Network, you can see the character Darlene use this method on an office safe. You can also access certain safes with simple tools, like wafer picks. Other methods of bypassing a safe may also include resetting the electronic lock via the “reset” hole in the back with something like a wire coat hanger, if accessible.
Hotels often don’t spend a pretty penny on guest room safes, so they can be easily accessed if you have the rights tools. With all the methods available to break into cheaper safes, be careful with what you put into a hotel safe.
This video shows the simplicity of having a safe opened for you by hotel staff, as well as how many still have the default master code in use.
By doing a Google search for “Open hotel safes”, you’ll find several videos detailing bypass techniques and flaws in popular hotel safes.
So, what do you do? There are a few options here.
Hotel Safe Lock
Lock the hotel in-room safe with your own lock. Even if the master code is entered, the safe’s door cannot be opened until you unlock and remove the added safe lock. There aren’t many options with products like this, so if you’re aware of a better, more secure product than the Milockie Hotel Safe Lock pictured below, please send me the info.
There are a couple of things that you’ll want to modify to this product before use though.
1 – Replace the TSA-approved padlock that comes with the product with a good pad lock. I recommend looking into brands such as ABUS or Medeco.
2 – Replace the nylon strap, as it can be cut. This link shows how.
Travel Banker’s Bag
There are quite a few options for these traveling banker’s bags, such as the Pacsafe Travelsafe GII. The interesting thing about this option is that you can secure it to things such as pipes, or furniture that is not easily movable. It’s also small enough to conceal enough to keep it out of site. Just make sure that you’re using a strong lock, which means anything that’s not “TSA Approved”, combination lock, or a MasterLock padlock. With padlocks, you get what you pay for. I recommend looking into brands such as ABUS or Medeco.
Hide Your Stuff
There are some creative products that will help you hide valuable items such as passports (if you can’t keep it on you throughout the day), cash, etc. One that I like is the “Hangar Diversion Safe” by “Stash-it” which keeps items hidden under the clothes that you have hanging up in the closet. You attach it to the clothes hanger. It’s quick and easy.
Here are a few places that are NOT good hiding places, as they are too obvious:
- Inside drawers under your clothes
- Under the mattress
- Under the couch cushions
- Under the furniture
- The in-room refrigerator
- In the in-room safes (please don’t use the in-room safes)
Here are a few more creative ideas that are not so obvious that would be better options:
- Inside the landline housing. Unscrew the cable or phone panel from the wall and put your stuff inside the small plastic casing. Screw it back on.
- Inside the hem of the curtains.
- Unzip the couch cushions and hide documents inside there.
- Tape the item underneath and to the back of the bottom drawer.
- Waterproof the item and put it inside the tank of the toilet.
- If you’re somewhere with an older CRT TV, you can sometimes unscrew the back panel of it and there’s room to hide items. This isn’t as effective with modern flat screen TVs.
Last, if you don’t REALLY need it, then don’t travel with it. Leave the really valuable stuff at home if you can. It’s not ideal, but it keeps it out of your hotel room.
Covert surveillance gear is so cheap now that anyone can purchase gear for a few bucks. So, it’s not much of a stretch to wonder if you’re being watched from a “nanny cam” hidden inside of a toy bear, house decoration, cell phone charging block, ink pen, corrective lenses, or even a cigarette lighter (all available items with hidden cameras). As the famous saying goes, “…better safe than sorry.”
I understand that surveillance detection equipment and techniques is its own topic, and in no way am I suggesting that you can find all “spy” devices with the following tool, but it’s certainly a good start on a budget.
Affordable Bug Detection
Although a simple bluetooth scan may tell you if a bluetooth enabled bug is near, it isn’t really effective. I own this device and it performs well considering the price. Note: There’s a learning curve, and a basic understanding of wireless signals needed. It’s not a “catch all”, but once you learn what you’re doing and you’re able to weed through some of the false-positives, it’s a useful tool. There are more accurate tools out there, but you’re looking at a HUGE price gap.
The following article outlines some other good options, as well as tips for quickly checking your room for suspicious items.
We will continue to add to and update this article as we find new tools and techniques for both entry and protection. Please share your ideas and thoughts as well. 🙂