If you thought hotels were one of the more secure places to spend the night on the road, cybersecurity firm F-Secure's latest findings might change your mind.
As reported by ZDNet, researchers working at the firm have built a "master key" that can unlock virtually any electronic lock in a hotel.
They've accomplished this feat by exploiting a flaw in one of the most popular electronic lock systems out there, "Vision." Built by Swedish company Assa Abloy, Vision locks are reportedly used in over 42,000 properties across 166 countries.
While these electronic locks are likely good enough for keeping the average would-be intruder at bay, F-Secure's researchers have found a way to swipe data from functional or expired hotel cards to bypass Vision locks entirely.
"It can be your own room key, a cleaning staff key, even to the garage or workout facility," F-Secure Practice Leader Tomi Tuominen said in a statement to Gizmodo. "We can even do it in an elevator if you have your key in your front pocket; we can just clone it from there."
They clone these key cards by using a "handheld device running custom software." The device can send out wireless RFID signals to acquire and transform the key's data. For example, a hacker using a similar device to the one F-Secure's researches developed could theoretically use your hotel key card's data to create a master key to every electronic lock in the building.
If that sounds like a terrifying prospect to you, F-Secure feels there's no real cause for worry at the moment. "Developing [the] attack took a considerable amount of time and effort," F-Secure said in an email. Furthermore, the firm claims they aren't aware of any other instances of this method being used throughout the world.
https://www.techspot.com/news/74323-cybersecurity-researchers-discover-way-use-old-key-cards.html
