Hotel key cards are presumably safe as it is supposed to be inaccessible for other people who don’t have the card. However, recent research has revealed that it isn’t as safe as we think anymore!
According to The Star, Finnish security researchers revealed that a hacker could create a master key that will unlock any room in a hotel without leaving a trace. One key to rule ’em all!
The study that was published on 25 April 2018 is a revelation to a problem that has gone undetected for years. Tomi Tuominen, 45, and Timo Hirvonen, 32, said that they had discovered the problem last year (2017) and reported it to Assa Abloy, the world’s largest lock manufacturer.
Source: The Star
“We found out that by using any key card to a hotel… you can create a master key that can enter any room in the hotel. It doesn’t even have to be a valid card, it can be an expired one,” said Hirvonen.
After the alarming discovery, the researchers helped Assa fix the software to make it safer. The update of the software was made available to all hotel chains in February (2018).
Assa explained that some hotels have updated the software but it would take a few more weeks for the issue to be fully resolved.
“I highly encourage the hotels to install those software fixes.”
“But I think there is no immediate threat, since being able to develop this attack is going to take some time,” shared Hirvonen.
Source: The Star
Although the Vision by Vingcard has been replaced in most hotels, Assa Abloy, the current owner, estimated that several hundred thousand hotels still use the old system. Yikes, that’s not good news!
On the other hand, Tuominen said that the life-saving breakthrough was initially to find out the weakness in how the locks are used and installed together with a “minor technical design flaw”.
Thus, to prove their point, the researchers devised a master key from the information of any card in the Vingcard system. They decided to do this because of a case in 2003, where a thief left no trace after a seemingly smooth heist at a high-class hotel in Berlin.
Source: The Star
So, what began as a hobby, turned out to a real mission when they started working diligently on it; they were curious as they asked themselves, “Could one hack the locking system without leaving a trace?”
“These issues alone are not a problem, but once you combine those two things, it becomes exploitable.”
“I wouldn’t be surprised if other electronic lock systems have similar vulnerabilities. You cannot really know how secure the system is unless someone has really tried to break it,” said Hirvonen.
However, the researchers claim that they have no guarantee if the flaws they have found with the system is known to the criminals.
We’re still safe!
Meanwhile, Assa Abby assures that the newer update is based on different technologies, which includes a system that allows customers to use their smartphones to open hotel door locks. Fancy!
Source: CR80 News
“The challenge of the security business is that it is a moving target. What is secure at a point of time, is not 20 years later,” said Christophe Sut, an executive at Assa Abloy Hospitality.
After completing the research, Tuominen and Hirvonen didn’t demand money from Assa for their discovery because they said that they were driven by the challenge.
“Some people play football, some people go sailing, some do photography. This is our hobby,” said Tuominen.
All in all, it’s great that Tuominen and Hirvonen were able to make the breakthrough or else we wouldn’t know that hotel key cards – including expired ones – aren’t safe! Let this be a reminder that we should always be vigilant of our surroundings because sometimes, even technologies that are meant to protect us can still fail us.
Also read: Thieves Are Now Using This New Method to Steal Cars in Malaysia
