Thank you for your interest. We'll be in touch soon.
F-Secure researchers have found that global hotel chains and hotels worldwide are using an electronic lock system that could be exploited by an attacker to gain access to any room in the facility.
The researchers simulated the attack with an ordinary electronic key to the target facility. Using information on the key, they were able to create a master key that can open any door using the same lock system in the facility. The key doesn't even have to be a working key – even one that's long expired, discarded, or used to access spaces such as a garage or closet could be used. The attack can be performed without being noticed.
The design flaws discovered in the smart lock system's software, which is known as Vision by VingCard and used to secure millions of hotel rooms worldwide, have prompted the world's largest lock manufacturer, Assa Abloy, to issue software updates with security fixes to mitigate the issue.
F-Secure researchers Tomi Tuominen and Timo Hirvonen explain the hotel room lock hacking experiment at INFILTRATE 2018 Security Conference.
Andrea Barisani
Head of Hardware Security at F-Secure
Get in touch with one of our hardware security experts to discuss your product security.
"Researchers say flaws they found in the equipment's software meant they could create "master keys" that opened the rooms without leaving an activity log."