Cyber security firm F-Secure has found that global hotel chains are using an electronic lock system that could be exploited to gain access to any room in the property.\r\n\r\nResearchers simulated an \u2018attack\u2019 with an ordinary electronic key. Using information on the key, they were able to create a master version that was able to open any door using the same lock system in the facility. The key does not have to work: even one which has expired, been discarded or used to access spaces such as a garage or closets could be utilised.\r\n\r\nThe design flaws discovered in the smart lock system's software, which is known as Vision by VingCard, have prompted the world's largest lock manufacturer, Assa Abloy, to issue software updates with security fixes to mitigate the issue.\r\n\r\nTomi Tuominen, practice leader at F-Secure Cyber Security Services, said: \u201cWe wanted to find out if it\u2019s possible to bypass the electronic lock without leaving a trace. Building a secure access control system is very difficult because there are so many things you need to get right.\r\n\r\n\u201cOnly after we thoroughly understood how it was designed were we able to identify seemingly innocuous shortcomings. We creatively combined these shortcomings to come up with a method for creating master keys.\u201d\r\n\r\nHe added: "You can imagine what a malicious person could do with the power to enter any hotel room, with a master key created basically out of thin air."