A red team has created a master key to hack into millions of hotel rooms
If you see the VingCard logo on your room key, that's the system in question.
Two Finnish security researchers from IT firm F-Secure, challenged by a 2003 incident where a colleague’s laptop was stolen and the hotel claimed no responsibility, have created a master key that will work for any room in millions of hotels around the world. They’ve been working on it on-and-off for over 10 years, and now it's been successfully tested.
They can create a master key “basically out of thin air,” said Tomi Tuominen and Timo Hirvonen, the security researchers from F-Secure.
Image from F-Secure.
Using expired key cards, even old ones lying around, they can create a master key that will get into every room in the hotel.
They stress that it’s not happening in the wild—at least, not yet.
"Developing [the] attack took considerable amount of time and effort," said Tuominen and Hirvonen, in an email to ZDNet. The attack is named, eerily enough, 'Ghost in the Locks', and works primarily on VingCard locks.
"We built [an] RFID demo environment in 2015 and were able to create our first master key for a real hotel in March 2017. If somebody was to do this full time, it would probably take considerably less time.”
However, they all stated, ”We don't know of anyone else performing this particular attack in the wild right now.”
Their discovery also prompted Swedish lock maker Assa Abloy, which is the maker for the VingCard key systems, to release a security patch to fix the flaws. Some of the hotel chains who have used Abloy’s lock systems over the years are Intercontinental, Hyatt, Radisson, and Sheraton.
The software on some of the locks has been patched—that is, fixed—at the central server, but the firmware on each individual lock needs to be updated as well—something that will take time to deploy, if the companies involved decide to do so.
What can you do?
The researchers made clear that these keys are not available “in the wild” yet, but they’re likely coming. So what are wary travelers to do?
Here’s a solution while you are inside the room to keep your door secure.
There are some others out there, as well—some lower-tech and therefore easier to deploy.
Here's Kathleen Fischer on car hacking:
Swipe right to make the connections that could change your career.
Swipe right. Match. Meet over coffee or set up a call.
No, we aren't talking about Tinder. Introducing Shapr, a free app that helps people with synergistic professional goals and skill sets easily meet and collaborate.
Even some teachers suffer from anxiety about math.
I teach people how to teach math, and I've been working in this field for 30 years. Across those decades, I've met many people who suffer from varying degrees of math trauma – a form of debilitating mental shutdown when it comes to doing mathematics.
She met mere mortals with and without the Vatican's approval.
- For centuries, the Virgin Mary has appeared to the faithful, requesting devotion and promising comfort.
- These maps show the geography of Marian apparitions – the handful approved by the Vatican, and many others.
- Historically, Europe is where most apparitions have been reported, but the U.S. is pretty fertile ground too.
The legacy of Felix Dzerzhinsky, who led Soviet secret police in the "Red Terror," still confounds Russia.
- Felix Dzerzhinsky led the Cheka, Soviet Union's first secret police.
- The Cheka was infamous for executing thousands during the Red Terror of 1918.
- The Cheka later became the KGB, the spy organization where Russia's President Putin served for years.
SMARTER FASTER trademarks owned by The Big Think, Inc. All rights reserved.