Register to get 3 free articles
Register to unlock the article and receive our free newsletter. Join 26,000 other hotel leaders and stay in the know.
Want unlimited access? View Plans
Already have an account? Sign in
Cyber security firm F-Secure has found that global hotel chains are using an electronic lock system that could be exploited to gain access to any room in the property.
Researchers simulated an ‘attack’ with an ordinary electronic key. Using information on the key, they were able to create a master version that was able to open any door using the same lock system in the facility. The key does not have to work: even one which has expired, been discarded or used to access spaces such as a garage or closets could be utilised.
The design flaws discovered in the smart lock system’s software, which is known as Vision by VingCard, have prompted the world’s largest lock manufacturer, Assa Abloy, to issue software updates with security fixes to mitigate the issue.
Tomi Tuominen, practice leader at F-Secure Cyber Security Services, said: “We wanted to find out if it’s possible to bypass the electronic lock without leaving a trace. Building a secure access control system is very difficult because there are so many things you need to get right.
“Only after we thoroughly understood how it was designed were we able to identify seemingly innocuous shortcomings. We creatively combined these shortcomings to come up with a method for creating master keys.”
He added: “You can imagine what a malicious person could do with the power to enter any hotel room, with a master key created basically out of thin air.”
