Wednesday, 25 April 2018

Millions of electronic door locks fitted to hotel rooms worldwide were vulnerable to hack



Millions of electronic door locks fitted to hotel rooms worldwide have been found to be vulnerable to a hack.

 
Researchers say flaws they found in the equipment's software meant they could create "master keys" that opened the rooms without leaving an activity log.


The F-Secure team said it had worked with the locks' maker over the past year to create a fix.


But the Swedish manufacturer is playing down the risk to those hotels that have yet to install an update.


"Vision Software is a 20-year-old product, which has been compromised after 12 years and thousands of hours of intensive work by two employees at F-Secure," said a spokeswoman for the company, Assa Abloy.
"These old locks represent only a small fraction [of the those in use] and are being rapidly replaced with new technology."


She added that hotels had begun deploying the fix two months ago.


"Digital devices and software of all kinds, are vulnerable to hacking. However, it would take a big team of skilled specialists years to try to repeat this."


Assa Abloy's locks are used by some of the world's biggest hotel chains - including Intercontinental, Hyatt, Radisson and Sheraton - although it has not disclosed which properties still use a compromised version of the Vision by VingCard system.


The F-Secure researchers said they began their inquiry after a colleague's laptop was stolen from a hotel room without the thief leaving behind any sign of unauthorised access.


F-Secure VingCard hack





BBC        News.