“These electronic lock systems are commonplace in hotels, used by staff to provide granular controls over where a person can go in a hotel — such as their room — and even restricting the floor that the elevator stops at. And these keys can be wiped and reused when guests check-out,” Whittaker reports. “It turns out these key cards aren’t as secure as first thought.”
“Any key card will do. Even old and expired, or discarded keys retain enough residual data to be used in the attack. Using a handheld device running custom software, the researchers can steal data off of a key card — either using wireless radio-frequency identification (RFID) or the magnetic stripe,” Whittaker reports. “That device then manipulates the stolen key data, which identifies the hotel, to produce an access token with the highest level of privileges, effectively serving as a master key to every room in the building.”
Read more in the full article here.
MacDailyNews Take: Makes us appreciate SPG app for Apple Watch and SPG Keyless even more!
Apple Watch can now unlock hotel room doors at over 100 Starwood Hotels – April 24, 2015