Security firm F-Secure has found design flaws that allow attackers to open hotel room doors without being noticed.
Global hotel chains and hotels worldwide are using an electronic lock system that could be exploited by an attacker to gain access to any room in the facility.
The researchers simulated an attack to an electronic lock system used by global hotel chains and hotels worldwide, using an ordinary electronic key to the target facility. Using information on the key, they were able to create a master key that can open any door using the same lock system in the facility. The key doesn't even have to be a working key - even one that's long expired, discarded, or used to access spaces such as a garage or closet could be used. The attack can be performed without being noticed.
The design flaws discovered in the smart lock system's software, which is known as Vision by VingCard and used to secure millions of hotel rooms worldwide, have prompted the world's largest lock manufacturer, Assa Abloy, to issue software updates with security fixes to mitigate the issue.
F-Secure says that they have no reports of any incidents currently that involves hacking of Assa Abloy Vingcard locks and do not know of any particular cases where these same flaws have been exploited in the wild.