UPDATED 22:25 EDT / APRIL 25 2018

INFRA

Hotel electronic locks vulnerable to simple security token manipulation hack

Hackers could create a master key that can be used to access electronic locks used by tens of thousands of hotels, putting the security of hotel rooms at risk.

Detailed today by Tomi Tuominen and Timo Hirvonen, both researchers at the cybersecurity firm F-Secure, the hack is described as taking just one minute. It involves the creation of a master key that can access swipe card readers manufactured by Swedish lock manufacturer Assa Abloy called Vision by VingCar.

Neither the manufacturer nor the product has much public name recognition outside the hotel industry, but the chances are that if you’ve ever visited a hotel, you would have used the product, since it’s used in 166 different countries across 40,000 hotels and millions of doors.

The story behind the hack is nearly as interesting as the hack itself. Tuominen explained that while attending a hacking conference in Berlin in 2003, “we came back to our room and found that our friend’s laptop had been stolen. But the locks didn’t show any signs of being broken into. The hotel didn’t take us seriously because, I think, they thought we were hippies in black t-shirts.”

That mystery started a 15-year quest by Tuominen and Hirvonen to discover how the break-in occurred, resulting in a breakthrough last year.

Using any key from a given hotel, even an expired key, the researchers could extract identification data from the key. Then they could then manipulate it to produce an access token with the highest possible level of privileges, allowing them to create a master key that can access every room in a hotel.

“You can imagine what a malicious person could do with the power to enter any hotel room, with a master key created basically out of thin air,” Tuominen said. “We don’t know of anyone else performing this particular attack in the wild right now.”

Although the researchers both informed and worked with Assa Abloy since last year to implement a patch prior to disclosing the hack, the good news ends there: The patch can’t be installed centrally and has to be installed on every single affected lock.

Not surprisingly, hotel owners are urged to patch their locks if they have not already done so.

Photo: Wolfgangus Mozart/Wikimedia Commons

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.