Skip to main content

Electronic locks in over 40,000 hotels worldwide compromised, says security firm

Security research firm F-Secure has discovered a critical vulnerability in electronic locks made by the world’s largest lock manufacturer, Assa Abloy. The vulnerability allowed F-Secure researchers to gain access to any locked room in hotels secured by one of Assa Abloy’s electronic lock systems — leaving roughly 40 thousand major hotels around the world potentially exposed.

“The researchers’ attack involves using any ordinary electronic key to the target facility – even one that’s long expired, discarded, or used to access spaces such as a garage or closet. Using information on the key, the researchers are able to create a master key with privileges to open any room in the building. The attack can be performed without being noticed,” F-Secure’s announcement reads.

Recommended Videos

With this exploit, F-Secure researchers were able to gain “master key” access to any hotel facility using Assa Abloy’s VingCard system — all they needed was a guest’s key card. Using off-the-shelf hardware, F-Secure’s researchers were able to read these key cards remotely — say, through your pocket — and using the same device, effectively circumvent the electronic key card system’s protections in just a matter of minutes, creating their own master keys out of thin air. To be clear though, this system is primarily used in the hospitality industry, and consumer Assa Abloy products are unaffected.

Image used with permission by copyright holder

“You can imagine what a malicious person could do with the power to enter any hotel room, with a master key created basically out of thin air,” said Tomi Tuominen, practice leader at F-Secure.

Tomi said F-Secure doesn’t believe anyone is currently using this exact exploit in the wild, which should help all you frequent travelers breathe a sigh of relief. Still, that doesn’t mean there aren’t similar vulnerabilities in electronic key card systems. After all, F-Secure’s odyssey to discover this vulnerability was kicked off after one of its researchers experienced a similar exploit firsthand.

“The researchers’ interest in hacking hotel locks was sparked a decade ago when a colleague’s laptop was stolen from a hotel room during a security conference. When the researchers reported the theft, hotel staff dismissed their complaint, given that there was not a single sign of forced entry, and no evidence of unauthorized access in the room entry logs,” the announcement continues.

F-Secure has been working hand in hand with Assa Abloy to mitigate this particular vulnerability and develop software patches for all affected hotel properties.

“I would like to personally thank the Assa Abloy R&D team for their excellent cooperation in rectifying these issues,” said Tuominen. “Because of their diligence and willingness to address the problems identified by our research, the hospitality world is now a safer place. We urge any establishment using this software to apply the update as soon as possible.”

Jayce Wagner
Former Digital Trends Contributor
A staff writer for the Computing section, Jayce covers a little bit of everything -- hardware, gaming, and occasionally VR.
How to allocate more RAM to Minecraft
The cover art for Minecraft.

While there are plenty of tips and tricks for what to do within Minecraft, not many people talk about how to boost performance. Classic Minecraft Java Edition can get bogged down by shaders and modpacks that expand and update the game beyond its original scope. Fortunately, you can always just allocate more RAM to it so that performance doesn't suffer too much -- as long as you have enough RAM, that is.

Here's how to allocate more RAM to Minecraft, regardless of how much you have in your system.

Read more
Save $250 on Apple’s MacBook air and say bye to your old craptop for good
The screen of the MacBook Air M2.

It's easy to fall into the trap of using the same laptop for years. Sure, it might be a little slow, the apps don't work quite the way you want, and it sometimes crashes and eats up what you're working on, but there's nothing really wrong with it…right? Dump all that invisible stress that your old craptop causes for you day after day by taking advantage of this post-Prime Big Deal Days deal on an for 25% off.

One Of The Best Apple Laptops
You probably don't need me to sell you on the benefits of a MacBook, but as a long-time tech writer with years of experience writing about Apple products, I'll do it anyway. This MacBook Air's 13.6-inch display is the perfect size for daily use, as it's compact enough to easily fit in a low-profile bag. Its 8GB of RAM is quick enough to run all the programs you need for your daily life, and its 256 GB solid-state drive is blazing fast compared to a traditional hard drive. 18 hours of battery life is certainly nothing to scoff at, and the HD Retina display shows you everything in crisp, beautiful colors.

Read more
Mac sales are nosediving
Apple MacBook Pro 16 downward view showing keyboard and speaker.

It's no secret that M4 Macs are coming soon. But does the upcoming launch explain the significant nosedive in Mac sales in the past quarter? Let's hope so, as a new report by Canalys indicates that Macs have experienced a worrying 17.5% drop in worldwide annual growth in the past quarter.

The drop in Mac sales is an anomaly in the larger analysis of PC sales as a whole, which has enjoyed a 1.3% annual growth over last year, which is expected to increase going into the holiday season.

Read more