Hackers built a ‘master key’ for millions of hotel rooms

Security researchers have built a master key that exploits a design flaw in a popular and widely used hotel electronic lock system, allowing unfettered access to every room in the building. The electronic lock system, known as Vision by VingCard and built by Swedish lock manufacturer Assa Abloy, is used in more than 42,000 properties in 166 countries, amounting to millions of hotel rooms — as well as garages and storage units.

These electronic lock systems are commonplace in hotels, used by staff to provide granular controls over where a person can go in a hotel — such as their room — and even restricting the floor that the elevator stops at. And these keys can be wiped and reused when guests check-out. It turns out these key cards aren’t as secure as first thought. F-Secure’s Tomi Tuominen and Timo Hirvonen, who carried out the work, said they could create a master key “basically out of thin air.”

Read more about the new research that shows how hackers can manipulate hotel room key cards to gain access to an entire building on ZDNet.





Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief