“Security researchers have built a master key that exploits a design flaw in a popular and widely used hotel electronic lock system, allowing unfettered access to every room in the building,” Zack Whittaker reports for ZDNet. “The electronic lock system, known as Vision by VingCard and built by Swedish lock manufacturer Assa Abloy, is used in more than 42,000 properties in 166 countries, amounting to millions of hotel rooms — as well as garages and storage units.”
“These electronic lock systems are commonplace in hotels, used by staff to provide granular controls over where a person can go in a hotel — such as their room — and even restricting the floor that the elevator stops at. And these keys can be wiped and reused when guests check-out,” Whittaker reports. “It turns out these key cards aren’t as secure as first thought.”
“Any key card will do. Even old and expired, or discarded keys retain enough residual data to be used in the attack. Using a handheld device running custom software, the researchers can steal data off of a key card — either using wireless radio-frequency identification (RFID) or the magnetic stripe,” Whittaker reports. “That device then manipulates the stolen key data, which identifies the hotel, to produce an access token with the highest level of privileges, effectively serving as a master key to every room in the building.”
Read more in the full article here.
MacDailyNews Take: Makes us appreciate SPG app for Apple Watch and SPG Keyless even more!
SEE ALSO:
Apple Watch can now unlock hotel room doors at over 100 Starwood Hotels – April 24, 2015
All they need is a card key to unlock any lock…
SPG locks also work with card keys, no?
Somebody can do that, yet MDN canno’ even stop goog ads from covering content. Sheesh…
Amazing that merchants and hotels still using swipe systems. Lazy ass $hitheads.
Snide comment. If every hotel implemeted the latest new exciting security tech that salesmen try to pitch them, your visits would cost significantly more. Just about every IOT electronic gadgetry has been hacked. Don’t pretend making it wireless or slapping an Apple sticker on it makes you more secure.
Yes, just see the “Skeleton Key hack” story in the MDN feed a few lines up from this one.
I’m not so worried about that as having credit card companies still not used chip and PIN in the US. That is where fraud is rife and the costs are put back on the vendors and ultimately the clients.
Drives me nuts! Why the hell are we still using signatures? Nobody bothers with an intelligible electronic signature anyhow, and even if you *try*, it still looks like 3rd-grade-you trying to imitate a “grownup signature”. Given that there’s no human verification going on, PIN codes are far more secure!
This is exactly why none of this Tech is of any value nor ever will it ever be of value
The digital age will come to an end with the lack of security… we see every store, every government every email system being compromised… people will give up on using online serves that ask for more than a basic login… the age of using users as data is over.. these services will die as they will have to charge people to use their data.. and people will not pay for crap like FB.. or any of the other services that use your data as a marketing tool.. we will have to re-imagine the internet.. people will no longer be revenue.. Charging people will require some security of the data… for providing the data and the legal ramifications of using that data will be clear..
Have to disagree with you that the internet as we know it is dead. Maybe certain things will have to be rethought but they will be and the ads will keep coming and the harvesting of data will continue… why? because people like free stuff, whether its facebook or news or videos of people on the internet. noone is going to pay to read the 1500th article this week about who trump screwed 10 years ago…. If these companies main streams of revenue (ads and targeted marketing based on subsets of data) they would indeed fold and close. When you think about that on the scale in which this currently happens the global economy would collapse. Cnn, fox news, msnbc, the hill, oann, facebook, google, whats app, shazam, spotify, etc etc would all fold in short order… so i think we can agree thats not happening, Unless you think android is going to cease existence because google ads folds and the company goes under. The good news is hate them or love them apple is the only company focused on security as a pillar of their platform and not selling their customers as the product.
Thanks for the detailed information. It has long been clear that information technologies conquer people, but with regards to such things as personal space – this is incredibly important. That’s why I’m schooled and make a choice aside. All people are looking for a hotel in order to have their own space and feel safe and not be the center of marketing fraud. Be careful
Thanks for the detailed information. It has long been clear that information technologies conquer people, but with regards to such things as personal space – this is incredibly important. That’s why I’m schooled and make a choice aside for https://planetofhotels.com/en/. All people are looking for a hotel in order to have their own space and feel safe and not be the center of marketing fraud. Be careful