»Do not trust safes in hotel rooms - Niebezpiecznik.pl -
Yesterday the Security PWNing conference ended, where I had a lecture on the most popular scams in Poland, which make Poles lose money on the Internet. Some of the scams I discussed must have been so terrible that one of the three projectors died (of fear) during the presentation;) But that was not the end of the attractions when it comes to my stay at the Warsaw Plaza hotel, where the conference was taking place. Before going to the afterparty, I decided to leave my laptop in the room safe ...
Interesting reaction from the hotel safe
As a naturally distrustful person, before putting my laptop in the hotel safe, I wanted to dry-check that the safe was working well, i.e. it actually closes and opens without any problems. I didn't want to risk not taking my laptop out of it without visiting a "service technician". Once upon a time, I found a safe that did not work properly (jammed) and the help of an external company employee was needed, which took me a long time. And this time, I could not afford delays in accessing the laptop, because the next day I had an important lecture to give at a business meeting of a company that invited its clients to it. Without a laptop, I might not go as well as it did;)
Well, as part of this dry check, I punched in a sample 4-digit PIN that was supposed to have blocked the safe. The same safe combination opened correctly. So everything works. Calmly, I put my laptop in the safe and secured it with the only correct PIN 1337. But before I left the room, out of habit, I decided to check if the wrong PIN would not open the safe by accident. This professional distrust ...
Does this code open all hotel safes?
And then something interesting happened. As an example of a wrong PIN, I chose four zeros (honorable mention, I do not know where this combination came from, maybe I have been dealing with bluetooth dongles for ODB2 too much lately). And, to my surprise, after punching 0000, the safe showed neither an error nor opened. As if he was waiting for something else. So what else could I add to these 4 zeros if not ... And see the rest for yourself:
A short trip to Google for the Hartmann Tresore safes manual and the puzzle solved. Although I could not find a manual for this model that I had in my hotel room, other manuals show that safes from many manufacturers can operate in the so-called "hotel" mode, ie one that allows you to open the safe with two codes. Those defined by the guest (here: "1337") and the so-called "Masterkey" as defined by the hotel. This is a feature, not a bug! Thanks to this "master code", the hotel service can help a guest who has forgotten his combination.
Guess what was the default value of the master key in my safe? Exactly. 000000.Only after a while I remembered that we had already written about it on Danger in the context of another safe. We also wrote about other safe-related matters. So if you are interested in opening safes (not necessarily hotel safes), then look at how the safe works "from the inside" and see the default codes for opening electronic locks.
I use hotel safes - what to do, how to live?
Leaving things in the hotel safe gives us the impression that they are safer than left on display. That the maid wouldn't see our papers and carry out the Evil Maid attack. It turns out, however, that this may be an illusory sense of security ...
Therefore, before leaving valuables in the safe in the hotel room, it is worth checking if the hotel staff changed the default masterkey to a more complicated one. Besides the zeros, you should try 1s, 9s and 123456. Different manufacturers have different initial values for masterkey, so it's best to just google the model manual that is hidden in your hotel room closet. By the way, you can read from them what other "hidden" functions it has. One of them is, for example, information on how to change the masterkey (or add a hidden user of the safe, i.e. another masterkey).It would be disastrous for the hotel if one of the hotel guests had determined the masterkey and changed it to another and did not inform the hotel about it. This code cannot be reset without physical interference with most safes (and therefore visits by a service technician and costs).
I wouldn't be myself if I hadn't added some advice to paranoid travelers at the end. If you have to leave the equipment unattended, e.g. in a hotel safe, then:
The above advice is taken from our travel guide for travelers. It's worth reading it in its entirety, because there are a dozen other tips there, sorted according to the degree of paranoia, so normal people will find a lot of useful information in it :)
PS. If you read it in a hotel, check what it is like with your safe. Apparently, this model can also be hit at the top and it will open by itself ... But I did not check it. However, the above story was already "shared" yesterday on my LinkedIn, Twitter and Facebook. As you can see from the comments, most travelers were unaware of this "hidden" function of the hotel safe. And what's worse, a few "followers" informed me yesterday that in their hotels masterkey for the safe is 6 zeros ... Let me know, how are you?