Researchers at a leading cybersecurity company have revealed that millions of hotel rooms around the world have been vulnerable to a hack, after discovering a way of creating a master key that can open doors.
Cybersecurity company F-Secure this week announced that hotel rooms fitted with electronic locks made by Assa Abloy, the world’s largest lock manufacturer, could have been exploited by attackers to access any room.
Hotels with an Assa Abloy locking system include major chains such as Sheraton, Radisson and Hyatt.
How the hack was discovered?
The research began over a decade ago when a member of staff at F-Secure discovered their laptop had been stolen from a hotel room during a security conference. Hotel staff found no sign of forced entry and there was no evidence of unauthorized access to the room through their logs.
So F-Secure’s researchers Tomi Tuominen and Timo Hirvonen decided to investigate themselves.
“We wanted to find out if it’s possible to bypass the electronic lock without leaving a trace,” Timo Hirvonen, Senior Security Consultant at F-Secure, said in a public statement. “Building a secure access control system is very difficult because there are so many things you need to get right.
“Only after we thoroughly understood how it was designed were we able to identify seemingly innocuous shortcomings,” he added. “We creatively combined these shortcomings to come up with a method for creating master keys.”
F-Secure revealed that the hack involves the following steps: find a key card, use a cheap piece of hardware combined with custom-built software to read the card and search for the master key code, and then copy this master key information onto a new or existing card. Within sixty seconds, Tuomin and Hirvonen are able to gain access to a room using this method.
Hotel Security of new generation
We at BIODIT believe that providing comfort and security to all guests during their stay must be the main service provided by each hotel. For this reason, we have created the world’s first wireless biometric access control system, designed specifically for the hospitality industry. Using our solution, guests should not carry cards or keys that can be easily compromised, forgotten or lost.
You can learn more about our hotel solution here: https://biodit.com/hospitality/