Hotel door locks worldwide were vulnerable to hack
Millions of electronic door locks fitted to hotel rooms worldwide have been found to be vulnerable to a hack. Researchers say flaws they found in the equipment's software meant they could create "master keys" that opened the rooms without leaving an activity log.
The F-Secure team said it had worked with the locks' maker over the past year to create a fix. But the Swedish manufacturer is playing down the risk to those hotels that have yet to install an update. "Vision Software is a 20-year-old product, which has been compromised after 12 years and thousands of hours of intensive work by two employees at F-Secure," said a spokeswoman for the company, Assa Abloy.
Also at F-Secure.
(Score: 1, Insightful) by Anonymous Coward on Saturday April 28 2018, @12:43PM (3 children)
The purpose of a lock is security. Twenty years passed, during which the manufacturer didn't identify this vulnerability. I assume that the source code for the software wasn't available to F-Secure. It was available to the manufacturer, who would therefore be able to audit it more easily. If, as stated, two people at F-Secure were able to compromise the locks, two people elsewhere can do so. Crime syndicates and governments can also hire skilled people.
(Score: 5, Interesting) by takyon on Saturday April 28 2018, @01:35PM (2 children)
F-Secure says they started looking into this after someone got their stuff stolen without it being reflected in the system's logs... a decade ago:
So did an ordinary criminal figure out how to unlock $some_brand years ago, or did a government jack a security researcher's laptop so that they could add to their pile of zero-days?
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 1, Informative) by Anonymous Coward on Saturday April 28 2018, @09:53PM (1 child)
The real answer is that someone paid off the maid or came back to grab the "forgotten" laptop while she was cleaning the room.
(Score: 2) by takyon on Saturday April 28 2018, @10:05PM
I must have been stricken with ______ not to think of that.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]