Hotel door locks worldwide were vulnerable to hack
Millions of electronic door locks fitted to hotel rooms worldwide have been found to be vulnerable to a hack. Researchers say flaws they found in the equipment's software meant they could create "master keys" that opened the rooms without leaving an activity log.
The F-Secure team said it had worked with the locks' maker over the past year to create a fix. But the Swedish manufacturer is playing down the risk to those hotels that have yet to install an update. "Vision Software is a 20-year-old product, which has been compromised after 12 years and thousands of hours of intensive work by two employees at F-Secure," said a spokeswoman for the company, Assa Abloy.
Also at F-Secure.
This discussion has been archived.
No new comments can be posted.
F-Secure Finds Vulnerabilities in Electronic Door Locks
|
Log In/Create an Account
| Top
| 9 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
(1)
(Score: -1, Troll) by Anonymous Coward on Saturday April 28 2018, @08:17AM (1 child)
Fingers. Snapped. Toes. Fractured. Arms. Broken. Legs. Destroyed. Face. Brutalized. Woman. Broken. Man. Satisfied.
(Score: 1) by Ethanol-fueled on Saturday April 28 2018, @08:27AM
Ah, I see that you too are privy to what Hillary's Hit Squad did to Vince Foster. You must tell them!
(Score: 2) by FatPhil on Saturday April 28 2018, @11:17AM (1 child)
Anyone who thinks there's security behind a door that you don't own is living in cloud cuckoo land.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 4, Informative) by pTamok on Saturday April 28 2018, @01:28PM
Most doors and locks are there to keep honest people honest. Very few locks and doors will keep a determined intruder out.
What is at issue here is that it appears access could be gained without leaving any evidence of access. A broken window or a forced door give you a reason to involve the police and/or insurance, but when there is no evidence of intrusion, you have a hard time convincing others that (for example) a theft took place.
(Score: 1, Insightful) by Anonymous Coward on Saturday April 28 2018, @12:43PM (3 children)
The purpose of a lock is security. Twenty years passed, during which the manufacturer didn't identify this vulnerability. I assume that the source code for the software wasn't available to F-Secure. It was available to the manufacturer, who would therefore be able to audit it more easily. If, as stated, two people at F-Secure were able to compromise the locks, two people elsewhere can do so. Crime syndicates and governments can also hire skilled people.
(Score: 5, Interesting) by takyon on Saturday April 28 2018, @01:35PM (2 children)
F-Secure says they started looking into this after someone got their stuff stolen without it being reflected in the system's logs... a decade ago:
So did an ordinary criminal figure out how to unlock $some_brand years ago, or did a government jack a security researcher's laptop so that they could add to their pile of zero-days?
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 1, Informative) by Anonymous Coward on Saturday April 28 2018, @09:53PM (1 child)
The real answer is that someone paid off the maid or came back to grab the "forgotten" laptop while she was cleaning the room.
(Score: 2) by takyon on Saturday April 28 2018, @10:05PM
I must have been stricken with ______ not to think of that.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Saturday April 28 2018, @02:46PM
So the barber with hair “samples” has his hacker friend show him how to unlock doors.
Next up: Barber calls anonymous tip line.