When you stay at a hotel, chances are good you’ll get a keycard to access your room or other guest-only areas. You might not think about that card too much, but it’s programmed with information necessary to grant you access to those rooms, while restricting access to, for example, your neighbor’s room. All of that access is built based on software and encrypted keys, but what happens if someone finds a way around that encryption? A pair of security researchers found inspiration in a personal experience to try and discover whether or not they could access a hotel’s electronic locks in a way that could not be traced. What they found was that they could easily create a master key for an entire hotel.
Before we get too much farther, while the potential risk was huge, with thousands of hotels potentially at risk, the researchers have already provided the information regarding their hack to the lock manufacturer, and worked together with the company’s R&D teams to implement a fix which has been patched into the hotel systems. The idea for this hack came about quite a few years ago:
Years ago, two of our ethical hackers attended an infosec conference in Berlin. The laptop of a fellow researcher was stolen from a locked hotel room while they were out. Intriguingly, there were no signs of forced entry. They reported the theft to hotel staff. But without a single indication of unauthorized room access (nothing physical and nothing in the software logs), the staff dismissed the complaint.
Our researchers’ curiosity was piqued. They decided to investigate whether it’s possible to enter a locked hotel room without the key…and completely without a trace. Finally, after more than a decade and thousands of hours of on-and-off research as a side project, they’ve figured out how to do exactly that.
The researchers only needed access to a key from the hotel. No matter what kind of key, just as long as it was a key from the hotel. A room key, a fitness center key, it could even be a key from a room rented years ago and since disabled, it just needs to be a key from the target hotel. Using a relatively inexpensive piece of equipment (and custom code written by the researchers, which will not be released) the key would be scanned and copied, and within a matter of minutes it could create a master key for the entire property.
The good news, as mentioned previously, the researchers have found no evidence of this exploit being used in the wild, and they will not be releasing their code or making the full attack details or any of their hacking tools available. For once at least, this is a great instance of good hackers finding an issue and working with the company to fix the problem before it can be used for nefarious means.
What do you think about this master key? Are you surprised that something like this hasn’t been found before now? Tell us what you think in the comment section below, or on Google+, Twitter, or Facebook.Source: F-Secure