Email
Password
Remember meForgot password?
    Log in with Twitter

article imageGlobal hotel room doors were vulnerable to hacking

By Tim Sandle     Apr 26, 2018 in Travel
The majority of electronic hotel door locks worldwide were vulnerable to hacking, according to a new assessment. This raised several security concerns. The vulnerability now appears to have been resolved.
Investigators, as Hotel Management highlights, have reported on flaws discovered in the software used to control many types of hotel room doors. This means it is possible for would-be hackers to could create "master keys" that can open hotel rooms without leaving an activity log. The results come from the F-Secure team. The company works with a range of businesses on creating security solutions.
According to Tomi Tuominen, Practice Leader at F-Secure Cyber Security Services: "You can imagine what a malicious person could do with the power to enter any hotel room, with a master key created basically out of thin air." The total number of vulnerable locks worldwide was estimated to fall somewhere between 500,000 and 1 million.
The F-Secure group outline the way a room can be hacked:
First an attacker will need access to an electronic key. Here any key will do. The does not need not be currently active.
Second, the attacker will read the key and deploy a small hardware device to derive more keys to the facility. A derived keys can be tested against any lock in the hotel.
Flowing this, the device can be used to generate a master key to the facility.
The device can be used by the hacker to to bypass any lock in the hotel or to overwrite an existing key.
The hardware required was found to be available online fat a cost of just a few hundred dollars. The general process is outlined in the following video:
Following the the research the F-Secure team have told the BBC they have worked with the manufacturer of hotel room locks over the past year and that a fix has now been created. As an example, the major hotel lock maker Assa Abloy has issued a software update and made this available to all affected hotels, which may have included Intercontinental, Hyatt, Radisson and Sheraton (these are Assa Abloy clients).
More about Hotel, Hacking, Hackers, Doors
 
Latest News
Top News