Computer security researchers are warning that the electronic locks on millions of hotel rooms around the world are susceptible to hacking. Using a vulnerability in the software, researchers were able to create master keys to fit all the doors of a building.
The Swedish manufacturer Assa Abloy, a specialist in the field of door locks, has since published software updates to solve the weakness identified in its “Vision Software” lock.
However the F-Secure disclosure is not the first of its kind. In 2012 a security gap was discovered in another manufacturer's electronic locks, millions of which had likewise been installed in hotel rooms. The gap was used by at least one thief responsible for several dozen burglaries.
F-Secure researchers said they have been interested in the issue ever since a laptop was stolen from a hotel room during a cyber security conference in Berlin 15 years ago. There were no traces of any forced entry into the room, nor any digital evidence of unauthorized access to the entry protocols.
“We wanted to find out if it's possible to bypass the electronic lock without leaving a trace,” said F-Secure cyber security expert Timo Hirvonen. “Only after we thoroughly understood how it was designed were we able to identify seemingly innocuous shortcomings [and] come up with a method for creating master keys.”
The makers of the locks were quick to play down the risks in connection with the software's weak point.
“Vision Software is a 20-year-old product, which has been compromised after 12 years and thousands of hours of intensive work by two employees at [Finnish IT security company] F-Secure,” a spokeswoman for Assa Abloy told the BBC.
“These old locks represent only a small fraction (of the those in use) and are being rapidly replaced with new technology.” — dpa