Black Hat Q&A: Hacking a European Hotel Suite's Mobile Key Security

Ahead of their Black Hat USA Briefing on Thursday, two German hackers share their story of successfully hacking the mobile phone security keys in a European hotel suite.

Some hotels have started offering guests the option of using their phone as their hotel key, affording them the convenience and security of using an app instead of a keycard.

But at Black Hat USA this week there's a very intriguing Briefing happening on Thursday that promises to reveal how two canny hackers circumvented the mobile key system of a European hotel suite.

It's called Moving from Hacking IoT Gadgets to Breaking into One of Europe's Highest Hotel Suites, and if you're at Black Hat right now there's still time to get over and see it Thursday at 5 PM. Here, speakers Ray and Michael offer a bit of insight on what they'll be talking about, and why it's so important.


Alex: Can you tell us a bit about who you are, and your recent work?

Ray and Michael: We are Ray and Michael, two German hackers associated with the Chaos Computer Club, the largest european hacker group, and the SSD (German: Sportsfreunde der Sperrtechnik), the first group that established lockpicking as a sport in the '90s.

Combining these two fields we have been analyzing and breaking electronic (and other) locks for many years. Two years ago we managed to break one of the (back then) few electronic padlocks that actually use AES encryption on the wireless level and now we moved our research to hotel locks.

Alex: What are you speaking about at Black Hat on Thursday, and why now?

Ray and Michael: We are speaking about vulnerabilities in Bluetooth Low Energy (BTLE) based locking systems, especially a mobile phone hotel key system we encountered in an upper class hotel in Germany.

We found it to be vulnerable to a key stealing attack by wireless sniffing of a legitimate use and developed an exploit, circumventing the vendors replay protection, to demonstrate this in a real-life scenario. We present this now, as this is current research on a new emerging technology, and hope to help such vulnerabilities can be fixed before a wider deployment.

Alex: Why do you feel this is important, and what are you hoping Black Hat attendees will learn from your presentation?

Ray and Michael: Attendees will learn how to analyze such systems, what kinds of vulnerabilities exist and that it's not just cheap toys but also real life applications like hotel room locking systems where such vulnerabilities can be found.

Alex: What's been the most interesting aspect of figuring out how to attack mobile hotel keys, those special apps guests can use to open their rooms from their phone?

Ray and Michael: Interesting to us was the fact that we obviously were the first to discover such a vulnerability and that the system we found it in was not a cheap motel but an upper-class house.

Also, it was interesting to see what it takes to get such an exploit from a theoretical proof-of-concept to something that could be used in real life to steal a key and enter a room (which of course we only did with rooms of cooperating guests).


Black Hat USA is happening this week (Auguest 3-8) at the Mandalay Bay in Las Vegas! For more information on what's happening at the event, check out the Black Hat website.

Sustaining Partners