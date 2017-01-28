reply
Oops.
Our emergency exits were old-fashioned analog doors and still worked, at least.
While this may be fine for high-security bank vaults, it is completely unacceptable for hotel room doors to operate in a fail-secure mode without a backup non-electrical unlocking mechanism as is the case here.
(This will not just mean a network to VPN into, but physically separate, with no device-intermingling.)
I don't think it's about "best practices" or any sort of dogma, but more of a common-sense evaluation: do you really need your lock systems accessible from anywhere on the planet, which connecting to the Internet enables?
Building on TCP/IP is just fine (in-fact recommended) -- just keep that network physically isolated to the location it's implemented at.
> The manager said it was cheaper and faster for the hotel to just pay the Bitcoin.
Especially with the standard policy of "we do not negotiate". That policy is really hard to justify when the amount is so small compared to the damage of delaying payment.
Any good parasite knows not to disturb the host system too much.
> Yet according to the hotel, the hackers left a back door open in the system, and tried to attack the systems again.
I think that answers probably why the ransom was only a 1K EUR or so. It was turning to be into some kind of a rent or protection scheme.
Build your cities on
the slopes of Vesuvius.
Hopefully the local fire chief has shut the hotel down.
Anyway, at least in some countries, this is pretty common. Not that's it good. But, common? Yes.
