A resort hotel in Austria has been the target of a series of hacks, including one that crippled the electronic “smart locks” on guest rooms. The attack prevented guests from accessing their rooms and prevented the issuance of new key cards, highlighting the potential fragility of systems in the so-called “internet of things.” Lacking other options, the four-star Seehotel Jägerwirt paid the hackers a modest ransom in Bitcoin to reactivate their systems.
In a followup statement to Bleeping Computer, the hotel’s Managing Director Christoph Brandstätter emphasized that no guests were locked into their rooms, because international fire codes mandate that electronic hotel locks must open from the inside even in the event of system failure.
Get Data Sheet, Coins2Day ’s technology newsletter.
According to the Austrian Broadcasting Corporation (ORF), the key system compromise occurred at the beginning of the current ski season, while the hotel was fully booked. A smaller attack, the fourth that has hit the hotel, occurred earlier this month.
During the larger attack, which also compromised the hotel’s reservation systems, the hijackers demanded a ransom of 1,500 Euros in Bitcoin before re-activating the compromised systems. Another prior attack, over the summer, was also resolved with the payment of a ransom of “several thousand Euros.”
Police were not able to uncover clues as to the culprits in the hacks.
Brandstätter told ORF that he was aware of other hotels being the target of similar attacks. Add electronic locks, then, to a target-rich environment that includes the poorly secured webcams and DVRs that powered widespread denial of service attacks in October, and, at least in theory, hackable connected cars.
The lakeside hotel has already spent a reported 10,000 Euros on digital security to try and stop hackers. But it also plans to take an unconventional step back in time. According to Brandstätter, the hotel’s next remodeling will include a return to room locks with standard mechanical keys.