A 'master key' that can access millions of hotel rooms
Researchers have figured out a way to gain access to millions of hotel rooms; by building a master key that exploits a flaw in a widely used electronic lock system that gives its user access to every room in the building.
Cybersecurity firm, F-secure, discovered the flaw with key cards used by some of the world’s biggest hotel chains, including Intercontinental, Radisson and Sheraton Hotels and Resorts.
After a colleague’s laptop was stolen from their hotel room, researchers Timo Hirvonen and Tomi Tuominen were inspired to take a closer look at the digital lock systems used by hotels.
They discovered flaws in key cards made by the world’s largest lock manufacturer, Assa Abloy, which could be exploited and allow them to create a master key using any key card from a hotel, even if it had expired.
Using a special hand-held device and some custom software, a hacker can scan a key card to retrieve information. This device can then be used to get into any room on the property without any limitation. Alternatively, the data retrieved from the card can be copied onto a blank key card. According to F-Secure, this attack works on both magstripe and the more sophisticated RFID hotel keycards.
F-Secure will not release any code or the full details of the vulnerability, but have informed Assa Abloy of the issue and are working with them to resolve it.
By Daniëlle Kruger
Follow IT News Africa on Twitter
Clik here to view.
Image may be NSFW.Clik here to view.
Image may be NSFW.Clik here to view.
Image may be NSFW.Clik here to view.
Image may be NSFW.Clik here to view.
Clik here to view.
