Stories
Slash Boxes
Comments

SoylentNews is people

F-Secure Finds Vulnerabilities in Electronic Door Locks

posted by chromas on Saturday April 28 2018, @06:13AM   Printer-friendly
from the F'd-security dept.

takyon writes:

Hotel door locks worldwide were vulnerable to hack

Millions of electronic door locks fitted to hotel rooms worldwide have been found to be vulnerable to a hack. Researchers say flaws they found in the equipment's software meant they could create "master keys" that opened the rooms without leaving an activity log.

The F-Secure team said it had worked with the locks' maker over the past year to create a fix. But the Swedish manufacturer is playing down the risk to those hotels that have yet to install an update. "Vision Software is a 20-year-old product, which has been compromised after 12 years and thousands of hours of intensive work by two employees at F-Secure," said a spokeswoman for the company, Assa Abloy.

Also at F-Secure.

Original Submission

 
This discussion has been archived. No new comments can be posted.
F-Secure Finds Vulnerabilities in Electronic Door Locks | Log In/Create an Account | Top | 9 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Insightful) by Anonymous Coward on Saturday April 28 2018, @12:43PM (3 children)

    by Anonymous Coward on Saturday April 28 2018, @12:43PM (#672989)

    The purpose of a lock is security. Twenty years passed, during which the manufacturer didn't identify this vulnerability. I assume that the source code for the software wasn't available to F-Secure. It was available to the manufacturer, who would therefore be able to audit it more easily. If, as stated, two people at F-Secure were able to compromise the locks, two people elsewhere can do so. Crime syndicates and governments can also hire skilled people.

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Total Score:   1  

  • (Score: 5, Interesting) by takyon on Saturday April 28 2018, @01:35PM (2 children)

    by takyon (881) <takyonNO@SPAMsoylentnews.org> on Saturday April 28 2018, @01:35PM (#673007) Journal

    F-Secure says they started looking into this after someone got their stuff stolen without it being reflected in the system's logs... a decade ago:

    The researchers’ interest in hacking hotel locks was sparked a decade ago when a colleague’s laptop was stolen from a hotel room during a security conference. When the researchers reported the theft, hotel staff dismissed their complaint given that there was not a single sign of forced entry, and no evidence of unauthorized access in the room entry logs. The researchers decided to investigate the issue further, and chose to target a brand of lock known for quality and security. These security oversights were not obvious holes. It took a thorough understanding of the whole system’s design to identify small flaws that, when combined, produced the attack. The research took several thousand hours and was done on an on-and-off basis, and involved considerable amounts of trial and error.

    So did an ordinary criminal figure out how to unlock $some_brand years ago, or did a government jack a security researcher's laptop so that they could add to their pile of zero-days?

    --
    [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]

    • (Score: 1, Informative) by Anonymous Coward on Saturday April 28 2018, @09:53PM (1 child)

      by Anonymous Coward on Saturday April 28 2018, @09:53PM (#673140)

      The real answer is that someone paid off the maid or came back to grab the "forgotten" laptop while she was cleaning the room.