The Finnish data security research firm, F-Secure, recently did some experimenting with old and new hotel room keys. By the end of their research, they were able to get into any locked hotel room that was secured by the world’s largest lock manufacturer, Assa Abloy. This means about 140,000 hotels in more than 160 countries. These locks can be found at the most popular hotel chains like Hyatt, Radisson and Sheraton.
The research all started when someone at F-Secure got their laptop stolen from a hotel room without any signs of unauthorized access. There wasn’t a single sign of forced entry and nothing outlandish on the door’s electronic log. The F-Secure team spent the next decade and a half trying to get down to the bottom of this.
“The challenge of the security business is that it is a moving target. What is secure at a point of time, is not 20 years later,” Christophe Sut
Here’s the scary thing. The team was able to use any old key card. Expired, new or even a card found in the trash can. They were also able to get access to cards without physically having them in their hands, for example passing by someone with a key card in their pocket. With all of this information, the researchers were able to create a master key which could access rooms throughout an entire building. The master key also allowed for an elevator to go up to a VIP floor even if it’s protected by the same system. In the blink of an eye (one minute to be exact), your hotel room key can be hacked.
F-Secure has assured us that they will not be publishing the software tools they used to figure this all out. And Assa Abloy has responded to this story with a huge software update.
But let’s take a breath. The company has assured us that this type of attack has not actually happened yet.
“I think there is no immediate threat, since being able to develop this attack is going to take some time.” Timo Hirvonen
So what can we do knowing this information? Don’t leave valuables in your room, use the door chain when in your room, use a VPN when on the hotel WiFi and use a credit card instead of debit card for hotel payments. Digital security will always be a challenge, so we need to think smart.
The 6th edition of our Transformational CISO Assembly is open for application. Join industry leaders in Miami to discuss the latest cyber security strategies.
In a new digital world, driven by data, businesses of all sizes are working tirelessly to secure their networks, devices, and of course, their data. Fortune 500 organizations are especially vulnerable as they have big data pools and
thousands of people who need access. CISOs need to plan for worst-case scenarios, stay ahead of latest IT Security transformation technology, and maintain their company’s information assets, all without losing sight of the corporate culture.
This is not just another “IT Security” event. Spaces are reserved for the best in the business. Contact us today to reserve your seat >>