Tomi Tuominen and Timo Hirvonen, who work for international cybersecurity firm F-Secure, have uncovered a flaw in electronic hotel doors that leave them open to hackers. To resolve the issue, the duo are now going door-to-door to hotels across the world, according to Gizmodo.
A design flaw in the software of electronic keys produced by VingCard has been detected in as many as 166 countries at over 40,000 buildings. Hijacking and cloning hotel room keys is nothing new. The latest vulnerability allows hackers to create a Master Key in mere minutes that can access all the rooms in a building by using a hotel room key—even one that has expired.
Tuominen tells Gizmodo that hackers can use any key: your room key, a cleaning staff key, even to the garage or workout facility key—even a key you are carrying in a pocket on an elevator ride.
Cracking hotel room keys began in 2003 after a hacker conference in which a conference goer’s laptop was stolen from their hotel room—but with no signs of forced entry. Since then, it has become relatively simple for hackers to clone hotel staff keys that are equipped with RFID, or electromagnetic fields by walking by with an RFID reader. A clone card can then later be recreated.
The problem with the latest hack is that a clone card can be created with any card that uses VingCard’s Vision software, which is the software used by millions of hotel rooms around the world.
Hotels are currently working on resolving the issue, so the exact details of how a card is cloned are not readily available. The hospitality industry tends to be a popular target for hackers and the latest hack also makes customer information and data exploitable.
The firm is currently urging all hotels that use Vision to reach out and patch up their system to help protect guests identity and information.