If you think your personal property is safe when you lock your hotel room, you need to continue reading this. Hackers have devised Master Keys that enable them to gain entry into any room in a hotel within seconds. Two researchers from a company called F-Secure made this shocking discovery and proved that even the biggest of hotels like Radisson, Intercontinental, and Sheraton are susceptible to attacks from hackers.
The researchers – Timo Hirvonen and Tomi Tuominen – started research on hacker attacks after a laptop from a close friend went missing while staying in a top hotel. They discovered flaws in the key cards developed by the world’s largest lock manufacturer – Assa Abloy. They were able to create a master key with key cards that had long expired.
The Hacking process is pretty simple:
Get access to any key card – even those that have expired.
Find the master key code and then copy the code target key card.
From there you can gain access to any room in the hotel.
They developed custom software for this – so it's not available to the public. Using this technique though, someone can gain entry to any room within sixty seconds.
The researchers shared their final results as well as the solution with Assa Abloy. However, it will take some time for the findings to be implemented in all hotels that have the smart locks. Assa Abloy locks are deployed in over 42,000 facilities in 166 countries, and this translates to millions of doors that would require updates.
The master key that the pair created is so good that it does not leave a trace. This means authorities would have no way to track the perpetrators. Some ways in which you can get RFID or magstripe to acquire the data remotely when a guest is accessing their door or book a room in the hotel and then use the card issued as a source. Portable programmers are also available online for a few dollars which makes it very easy for anyone across the globe to create a master key.
The two researchers have been working closely with Assa Abloy in an effort to finding lasting solutions to the key flaws. While there is no concrete information that hackers are already using the systems, have increased greatly.
Hacking of hotel doors can be devastating. Business travelers lock most of their personal belongings in hotels. Cyber-attacks have been on the rise with hackers devising new ways to crack security systems. An Austrian hotel was attacked last year by hackers who forced the hotel to pay a ransom before they would allow their guests back in their rooms. Assa Abloy has a herculean task ahead of them to restore confidence from the hotel industry. Software updates will need to be put in place to override the existing locks. There is also a need for collaboration between the company and the researchers to develop a framework to seal the flaws. Cybersecurity in all industries should be an ongoing process with constant software updates.
Need help implementing these strategies?Our cybersecurity experts can assess your environment and build a tailored plan.
CEO, Founder & AI Architect, Petronella Technology Group
Craig Petronella founded Petronella Technology Group in 2002 and has spent 20+ years professionally at the intersection of cybersecurity, AI, compliance, and digital forensics. He holds the CMMC Registered Practitioner credential issued by the Cyber AB and leads Petronella as a CMMC-AB Registered Provider Organization (RPO #1449). Craig is an NC Licensed Digital Forensics Examiner (License #604180-DFE) and completed MIT Professional Education programs in AI, Blockchain, and Cybersecurity. He also holds CompTIA Security+, CCNA, and Hyperledger certifications.
He is an Amazon #1 Best-Selling Author of 15+ books on cybersecurity and compliance, host of the Encrypted Ambition podcast (95+ episodes on Apple Podcasts, Spotify, and Amazon), and a cybersecurity keynote speaker with 200+ engagements at conferences, law firms, and corporate boardrooms. Craig serves as Contributing Editor for Cybersecurity at NC Triangle Attorney at Law Magazine and is a guest lecturer at NCCU School of Law. He has served as a digital forensics expert witness in federal and state court cases involving cybercrime, cryptocurrency fraud, SIM-swap attacks, and data breaches.
Under his leadership, Petronella Technology Group has served hundreds of regulated SMB clients across NC and the southeast since 2002, earned a BBB A+ rating every year since 2003, and been featured as a cybersecurity authority on CBS, ABC, NBC, FOX, and WRAL. The company leverages SOC 2 Type II certified platforms and specializes in AI implementation, managed cybersecurity, CMMC/HIPAA/SOC 2 compliance, and digital forensics for businesses across the United States.
