General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsHackers built a 'master key' for millions of hotel rooms
Security researchers have built a master key that exploits a design flaw in a popular and widely used hotel electronic lock system, allowing unfettered access to every room in the building.
The electronic lock system, known as Vision by VingCard and built by Swedish lock manufacturer Assa Abloy, is used in more than 42,000 properties in 166 countries, amounting to millions of hotel rooms -- as well as garages and storage units.
These electronic lock systems are commonplace in hotels, used by staff to provide granular controls over where a person can go in a hotel -- such as their room -- and even restricting the floor that the elevator stops at. And these keys can be wiped and reused when guests check-out.
It turns out these key cards aren't as secure as first thought.
F-Secure's Tomi Tuominen and Timo Hirvonen, who carried out the work, said they could create a master key "basically out of thin air."
Any key card will do. Even old and expired, or discarded keys retain enough residual data to be used in the attack. Using a handheld device running custom software, the researchers can steal data off of a key card -- either using wireless radio-frequency identification (RFID) or the magnetic stripe. That device then manipulates the stolen key data, which identifies the hotel, to produce an access token with the highest level of privileges, effectively serving as a master key to every room in the building.
This wasn't an overnight effort. It took the researchers over a decade of work to get here.
https://www.msn.com/en-us/travel/news/hackers-built-a-master-key-for-millions-of-hotel-rooms/ar-AAwklKd?li=BBnb7Kz
dalton99a
(81,590 posts)At each lock.
FakeNoose
(32,767 posts)It's expensive, but it's a cost of doing business. I'd say at least once per year or maybe 2x.
They could easily reprogram each lock while inserting new batteries, and it probably wouldn't take more than a minute.
Just sayin'
Hekate
(90,824 posts)hunter
(38,328 posts)It would be a handy tool for secret police everywhere.
And not paranoid at all.
S.E. TN Liberal
(508 posts)Sherman A1
(38,958 posts)This is disturbing.
raven mad
(4,940 posts)I don't have a lot of occasion to stay at a hotel/motel. However, I'm still the one wedging a chair under the doorknob....
HipChick
(25,485 posts)as a single female...I ain't taking any chances..
raven mad
(4,940 posts)I have a well-travelled length of broomstick. My daughter swears it was made from my last witch-broom-tree encounter!