Skip to main content

Ransomware Didn't Lock People In Their Hotel Rooms

It sounds like an episode of a TV show: Hackers take over a luxury hotel's systems to lock its guests in their rooms. (Presumably one of the guests had something of value and, luckily, the show's charming protagonist just happened to be on vacation at the same hotel.) But that scenario is likely to remain fictional--at least for now--as reports that ransomware left patrons of the Romantik Seehotel Jägerwirt in Austria stuck in their rooms were false.

The truth wasn't nearly as exciting. Romantik Seehotel Jägerwirt did indeed fall victim to ransomware that affected its electronic key system--by preventing the hotel from generating new key cards. That was a problem, sure, but not anything television-worthy. Yet it wouldn't have been hard to imagine the more titillating scenario, largely because it's getting harder and harder to figure out what hackers might actually be capable of doing.

Today's news articles read more like sci-fi than real life. People took over a vehicle while it raced down the highway. Cameras were used to prevent access to one of the world's most popular communications platforms. Headphones can be turned into microphones, text messages can make a phone crash, and malicious websites impersonating a streaming video service could give someone access to your bank account. Modern life is pretty weird.

We've also reached the point where seemingly everything is connected to the internet. You couldn't throw a stone at CES 2017 without it hitting something--a fridge, a speaker, a hair brush--built as part of the Internet of Things (IoT) revolution. Many of these devices are insecure; that's why cameras were able to bring down Spotify, Twitter, and other services in October 2016, and why companies like Google are trying to fix IoT security.

So could you blame someone for believing ransomware held a bunch of luxury hotel guests hostage? Hackers are like modern bogeymen. So few people understand their capabilities that basically any malevolent act can be attributed to these hoodie-wearing digital criminals. (We're approaching this as a TV show, after all, and that means every hacker is a white teen with an extra large hoodie and a Y chromosome.) Nobody would even bat an eye.

We've seen this gullibility before. People thought someone could hack a plane right out of the sky via the flight's entertainment systems, or that the presidential election could have been rigged by someone tampering with voting machines. Neither is plausible--a flight's controls are kept separate from other systems, and so many voting machines aren't connected to the internet that hacking the election in that way would've been a Herculean feat.

Ransomware is a real problem. So is the rush to connect everything to the internet without bothering to secure it first. But when sensational stories like the one involving Romantik Seehotel Jägerwirt gain traction, it becomes easier for people to think there's nothing they can do to defend against hackers, and enough people forgo basic safety measures as it is. Perhaps it's unwise to make it easier for hackers by mythologizing them any more than they already have been.

  • CKKwan
    It is almost impossible for ransomware to lock you inside the room. Because if one is inside the room, he can always open the door without the key.

    But it is possible for the ransomware to lock you outside your room, if the hotel failed to generate a new key for you, and opening the door with a master key (card) is not counted.
    Reply
  • spiketheaardvark
    No one would build an electronic hotel lock system that could lock you it is a fire hazard.

    And clearly this hotel needs to train it staff not to use hotel computers for personal use.
    Reply