07 Jun 2018
If you think your personal property is safe when you lock your hotel room, you need to continue reading this. Hackers have devised Master Keys that enable them to gain entry into any room in a hotel within seconds. Two researchers from a company called F-Secure made this shocking discovery and proved that even the biggest of hotels like Radisson, Intercontinental, and Sheraton are susceptible to attacks from hackers.
The researchers – Timo Hirvonen and Tomi Tuominen – started research on hacker attacks after a laptop from a close friend went missing while staying in a top hotel. They discovered flaws in the key cards developed by the world’s largest lock manufacturer – Assa Abloy. They were able to create a master key with key cards that had long expired.
The Hacking process is pretty simple:
- Get access to any key card – even those that have expired.
- Find the master key code and then copy the code target key card.
- From there you can gain access to any room in the hotel.
They developed custom software for this – so it’s not available to the public. Using this technique though, someone can gain entry to any room within sixty seconds.
The researchers shared their final results as well as the solution with Assa Abloy. However, it will take some time for the findings to be implemented in all hotels that have the smart locks. Assa Abloy locks are deployed in over 42,000 facilities in 166 countries, and this translates to millions of doors that would require updates.
The master key that the pair created is so good that it does not leave a trace. This means authorities would have no way to track the perpetrators. Some ways in which you can get RFID or magstripe to acquire the data remotely when a guest is accessing their door or book a room in the hotel and then use the card issued as a source. Portable programmers are also available online for a few dollars which makes it very easy for anyone across the globe to create a master key.
The two researchers have been working closely with Assa Abloy in an effort to finding lasting solutions to the key flaws. While there is no concrete information that hackers are already using the systems, have increased greatly.
Hacking of hotel doors can be devastating. Business travelers lock most of their personal belongings in hotels. Cyber-attacks have been on the rise with hackers devising new ways to crack security systems. An Austrian hotel was attacked last year by hackers who forced the hotel to pay a ransom before they would allow their guests back in their rooms. Assa Abloy has a herculean task ahead of them to restore confidence from the hotel industry. Software updates will need to be put in place to override the existing locks. There is also a need for collaboration between the company and the researchers to develop a framework to seal the flaws. Cybersecurity in all industries should be an ongoing process with constant software updates.