F-Secure, a cyber-security company, announced this week that it had found how electronic hotel-room locks from the world's biggest supplier can be hacked. The research came after the company lost a laptop to a hotel thief who entered a room that way.
The locks are made by Assa Abloy, the world's largest lock manufacturer, and are used by chains such as Sheraton, Radisson and Hyatt. The research began a few years ago after F-Secure staffers had equipment stolen during, of all things, a security conference. There was no sign of a break-in, or of unauthorized access.
F-Secure’s researchers Tomi Tuominen and Timo Hirvonen set out to “find out if it’s possible to bypass the electronic lock without leaving a trace." They eventually were able to identify weaknesses that would allow a skilled hacker to read information from any key card and use it to write a new master key for all the hotel's rooms.
F-Secure stressed that the exact details of the hack will not be disclosed, and that they have informed Assa Abloy and are helping them develop software fixes. A patch is available, but it is not known how many hotels have applied it. Assa Abloy says the problem is only with older locks, but it is not known how many are still in use.
Comments (0)