Skip to main content

Electronic locks in over 40,000 hotels worldwide compromised, says security firm

Security research firm F-Secure has discovered a critical vulnerability in electronic locks made by the world’s largest lock manufacturer, Assa Abloy. The vulnerability allowed F-Secure researchers to gain access to any locked room in hotels secured by one of Assa Abloy’s electronic lock systems — leaving roughly 40 thousand major hotels around the world potentially exposed.

“The researchers’ attack involves using any ordinary electronic key to the target facility – even one that’s long expired, discarded, or used to access spaces such as a garage or closet. Using information on the key, the researchers are able to create a master key with privileges to open any room in the building. The attack can be performed without being noticed,” F-Secure’s announcement reads.

With this exploit, F-Secure researchers were able to gain “master key” access to any hotel facility using Assa Abloy’s VingCard system — all they needed was a guest’s key card. Using off-the-shelf hardware, F-Secure’s researchers were able to read these key cards remotely — say, through your pocket — and using the same device, effectively circumvent the electronic key card system’s protections in just a matter of minutes, creating their own master keys out of thin air. To be clear though, this system is primarily used in the hospitality industry, and consumer Assa Abloy products are unaffected.

Image used with permission by copyright holder

“You can imagine what a malicious person could do with the power to enter any hotel room, with a master key created basically out of thin air,” said Tomi Tuominen, practice leader at F-Secure.

Tomi said F-Secure doesn’t believe anyone is currently using this exact exploit in the wild, which should help all you frequent travelers breathe a sigh of relief. Still, that doesn’t mean there aren’t similar vulnerabilities in electronic key card systems. After all, F-Secure’s odyssey to discover this vulnerability was kicked off after one of its researchers experienced a similar exploit firsthand.

“The researchers’ interest in hacking hotel locks was sparked a decade ago when a colleague’s laptop was stolen from a hotel room during a security conference. When the researchers reported the theft, hotel staff dismissed their complaint, given that there was not a single sign of forced entry, and no evidence of unauthorized access in the room entry logs,” the announcement continues.

F-Secure has been working hand in hand with Assa Abloy to mitigate this particular vulnerability and develop software patches for all affected hotel properties.

“I would like to personally thank the Assa Abloy R&D team for their excellent cooperation in rectifying these issues,” said Tuominen. “Because of their diligence and willingness to address the problems identified by our research, the hospitality world is now a safer place. We urge any establishment using this software to apply the update as soon as possible.”

Jayce Wagner
Former Digital Trends Contributor
A staff writer for the Computing section, Jayce covers a little bit of everything -- hardware, gaming, and occasionally VR.
AMD’s next-gen CPUs are much closer than we thought
AMD Ryzen 7 7800X3D held between fingertips.

We already knew that AMD would launch its Zen 5 CPUs this year, but recent motherboard updates hint that a release is imminent. Both MSI and Asus have released updates for their 600-series motherboards that explicitly add support for "next-generation AMD Ryzen processors," setting the stage for AMD's next-gen CPUs.

This saga started a few days ago when hardware leaker 9550pro spotted an MSI BIOS update, which they shared on X (formerly Twitter). Since then, Asus has followed suit with BIOS updates of its own featuring a new AMD Generic Encapsulated Software Architecture (AGESA) -- the firmware responsible for starting the CPU -- that brings support for next-gen CPUs (spotted by VideoCardz).

Read more
AMD Zen 5: Everything we know about AMD’s next-gen CPUs
The AMD Ryzen 5 8600G APU installed in a motherboard.

AMD Zen 5 is the next-generation Ryzen CPU architecture for Team Red and is slated for a launch sometime in 2024. We've been hearing tantalizing rumors for a while now and promises of big leaps in performance. In short, Zen 5 could be very exciting indeed.

We don't have all the details, but what we're hearing is very promising. Here's what we know about Zen 5 so far.
Zen 5 release date and availability
AMD confirmed in January 2024 that it was on track to launch Zen 5 sometime in the "second half of the year." Considering the launch of Zen 4 was in September 2022, we would expect to see Zen 5 desktop processors debut around the same timeframe, possibly with an announcement in the summer at Computex.

Read more
Is this Razer’s Steam Deck killer?
The Razer Kishi Ultra sitting on a table.

Razer has been oddly quiet in the burgeoning world of handheld gaming PCs. When I met up with the company at the Game Developers Conference (GDC) to learn about its new products, I was happy to hear it had an answer to the success of the Steam Deck.

But it was not the type of answer I was expecting.

Read more