The safe model investigated by the G DATA security experts could be opened using various methods. The safe can easily be opened using the master code provided by the manufacturer, which is only supposed to be used to open it in emergencies. Many hotel owners, however, do not bother to change the default code – making life easy for thieves. "We urgently advise hotel owners to change the master code in safes and to regularly check room safes for modifications," recommends Ralf Benzmüller, head of G DATA SecurityLabs.
What is skimming?
Skimming is illegally spying on data on credit or debit cards. This is done by modifying cashpoints, for example, so the contents of the card's magnetic strip can be read. In 2012 the Federal Criminal Police Office recorded 856 cases of skimming in Germany. Thieves can use this method to access credit card information and misuse it for criminal purposes. "Travellers should never use their credit card to lock a room safe, so that no personal information can be read from the card," reports Benzmüller.
Numerous ways to hack a safe
Another option for opening a safe is to hack the emergency lock. The hotel manager usually has an emergency key. However, after unscrewing a plate on the front of the safe, the lock underneath can also be opened using a false key. Alternatively, the code can be reset via a short circuit and a new one entered, which can then be used to open the safe. “A safe is not the worst place to store valuables. Their security, however, should not overestimated”, summarizes Ralf Benzmüller.
More at the G DATA Security Blog: https://blog.gdatasoftware.com/blog/article/hotel-safes-are-they-really-safe.html
Tips from the G DATA security experts on using hotel safes:
- Do not use credit cards: Hotel guests should never use their credit card when using a safe. If a safe is equipped with a magnetic card reader, the device may be able to read personal data.
- Do not take valuables: Before going away you should consider which valuables you will actually need on holiday. Expensive jewellery should preferably be left at home if possible.
- Activate anti-theft protection: Users should take precautions in case their mobile device is lost. Install security software on their mobile devices, including anti-theft protection. This enables the device to be located and locked remotely and all data stored on it to be deleted. With notebooks, the hard disk should be encrypted, leaving no opportunity for thieves to read the stolen data.
- Back up data: Before going away, create a backup copy of all data stored on an external storage medium.
- Note blocking numbers: Holidaymakers should note down the service numbers for their mobile phone operator and credit and debit card providers. The card, surf stick or mobile device concerned can be blocked immediately in the event of loss.
- Scan ID documents: Important documents such as identification papers, flight tickets, travel tickets and data on travel insurance should be copied before going away and kept separate from the originals during the trip. A digital scan of the documents can also be kept on a smartphone, laptop or USB stick. In the event of loss they will help when reporting an incident and replacing the documents.
- Note down the address of the embassy: When travelling abroad, travellers should note down the address and telephone number of the embassy or the nearest consulate. If your passport is stolen, the embassy can issue a replacement passport.
- Document losses: If the hotel safe is broken into, the traveller must notify the local police and document the losses. This might help the lost property to be reimbursed under the insurance in your own country.