Millions of hotel door locks around the world could be at risk after a vulnerability was found with electronic entry key cards.
Finnish security researchers, F-Secure, found a flaw in digital lock systems made by the world’s largest lock manufacturer, Assa Abloy. The vuln essentially allows someone to gain access to any locked room in a hotel using a homemade master key card. And each entrance would be untraceable.
The Master Key
But how easy is it to make a master key? Well, fairly difficult actually, unless you know what you’re doing.
A hacker would need to get hold of an electronic key and buy a portable programmer to overwrite it and create a master key (with some fancy code work). F-Secure started their research after a colleague’s laptop was stolen from a hotel room without the thief leaving behind any sign of unauthorised access.
The locks in question are used by some of the world’s biggest hotel chains such as Intercontinental, Radisson, and Sheraton.
Fix in progress
A fix has apparently been found and updates are being rolled out. The Vision software that is used with the digital lock system is around 20 years old anyway, so (unsurprisingly) needs an update.
Well, the good news is that locks in many hotels are being rapidly replaced with new technology. Whilst a lot of people don’t feel fully comfortable with biometric locks that scan fingerprints or faces, many Hilton and Marriott hotels now use an app as their door entry system.
Nothing like feeling safe in your hotel bed at night, eh.