An electronic lock system used for the past 20 years to secure
hotel rooms is susceptible to hacking.
Researchers from Finnish security firm F-Secure learned they could
create a master key to open any lock that uses the VingCard Vision lock
software from Assa Abloy. F-Secure says the key could open the locks without
leaving an activity log.
Assa Abloy provides security products for millions of guest
rooms worldwide. The company’s clients include properties from chains such as Fairmont,
Waldorf Astoria, Hyatt, Radisson and Sheraton, although it’s not clear which
hotels were using the flawed software.
But in a statement, Assa Abloy says “only a small portion of our clients run Vision on their locks" - about 3 to 6% of all hotel rooms - and it provided a patch to those clients in February that eliminates the
vulnerability.
Subscribe to our newsletter below
Visionline, Assa Abloy’s newer platform, is not affected by the
vulnerability.
F-Secure says it began exploring the security of hotel lock
software a decade ago after a colleague’s laptop was stolen from a hotel room,
but the thieves did not leave any sign of forced entry or unauthorized access. F-Secure
says it chose to investigate Assa Abloy’s product because it's a brand “known
for quality and security.”
“We
wanted to find out if it’s possible to bypass the electronic lock without
leaving a trace,” says Timo Hirvonen, senior
security consultant at F-Secure.
“Building
a secure access control system is very difficult because there are so many
things you need to get right. Only after we thoroughly understood how it was
designed were we able to identify seemingly innocuous shortcomings. We
creatively combined these shortcomings to come up with a method for creating
master keys.”
F-Secure’s
researchers spent “several thousand hours” to identify “small flaws that, when
combined, produced the attack.” They were able to create a master key using
data read from any VingCard, including ones that were expired,
discarded or only intended to access spaces such as a garage or closet.