back to article Hotel, motel, Holiday Inn? Doesn't matter – they may need to update their room key software

Infosec outfit F-Secure has uncovered security vulnerabilities in hotel keycard systems that can be exploited by miscreants to break into rooms across the globe. Exploitable flaws were discovered in lock system software Vision by VingCard, which F-Secure said is used to secure millions of hotel rooms worldwide. Their findings …

  1. mark l 2 Silver badge

    Much prefer the original track that Pitbull sampled. MK's dub of Nightcrawlers - Push the feeling on.

  2. Cubical Drone

    That line goes back further

    Hotel, motel, Holiday Inn goes back to Rapper's Delight by the Sugarhill Gang which was released in 1980

    1. Excellentsword (Written by Reg staff)

      Re: That line goes back further

      OK. I'm sorry. I was born 1987 and though in the depths of my soul I knew it was a ripoff (what isn't in the charts?), it didn't click with me after 30 mins of trying to come up with a fancy headline. It was closest reference point I recognised :(

  3. erikborgo

    Let's face it, all locks are cr*p

    Any electronic lock is as pickable as any computer is hackable. Mechanical locks: Check out the hugely depressing lockpicking lawyer on youtube - locks defeated within a couple of minutes.

    1. Korev Silver badge

      Re: Let's face it, all locks are cr*p

      A bit of superglue will make that lock much more secure

    2. Jan 0 Silver badge

      Re: Let's face it, all locks are cr*p

      Hmm. I notice that the lockpicking lawyer has no video of an Abloy mechanical lock being picked. (Destroyed, yes, but that's not "picking".)

      1. 89724905708169238590784I93056703497430967093434677347864785234986359235564854495684561564545876

        Re: Let's face it, all locks are cr*p

        Abloy and Kaba are the same thing. The Lockpicking Lawyer has picked a lot of Kabas.

  4. TeaLeaf
    Thumb Up

    I like the attitude of Christophe Sut, seeing this as an opportunity to make their product better rather than grumbling about bloody hackers.

  5. Anonymous Coward
    Anonymous Coward

    Stayed at an overpriced Hotel recently and had a WTF moment:

    Got back to find the door lock on the room had completely failed. You could just open it as if there was no lock there. Reason: low batteries...

    1. Michael Wojcik Silver badge

      Re: Stayed at an overpriced Hotel recently and had a WTF moment:

      Got back to find the door lock on the room had completely failed. You could just open it as if there was no lock there. Reason: low batteries...

      There are two possible failure modes for this case, and neither is ideal.

      The lock can fail to an unlocked state, which defeats it as a security measure. Or it can fail to a locked state, which could prevent an emergency responder from gaining access, or a parent from returning to a room with children in it, and so on.

      You can debate the relative merits, but it's not clear that one is necessarily the better choice.

  6. Anonymous Coward
    Anonymous Coward

    The researchers' interest in hacking hotel locks was sparked a decade ago when a colleague's laptop was stolen from a hotel room during a security conference......When the theft was reported, hotel staff dismissed their complaint given that there was not a single sign of forced entry, and no evidence of unauthorized access in the room entry logs.....They then decided to investigate the issue further, and chose to target a brand of lock known for quality and security. Their probing of the technology took several thousand hours on an on-and-off basis, and involved considerable trial and error.

    Yes, but after all this, did the hotel admit it was possible someone else could have taken it?

    1. Anonymous Coward Silver badge

      I thought that was why they all seem to have CCTV covering the corridors anyway.

    2. teknopaul

      All this and "no evidence of the hack being used in the wild." Has that term got some specific legal meaning nowadays?

  7. Nate Amsden

    perhaps no fix coming

    If the vendor no longer develops the software, seems likely the fix would be to upgrade the system, I find it unlikely most hotels would be willing to spend the $$ to upgrade so many systems for such a vulnerability, unless it starting being widely exploited.

    The article is not clear but I think the good news may be that the vulnerability only affects systems that use NFC-like technology to authenticate the lock and not systems that use mag stripes(which I've read have their own issues).

    In my hotel traveling experience in recent years maybe I can count on one hand the number of hotels I've stayed at that wireless key cards, one hotel in particular I stay at regularly upgraded to wireless key cards, their previous key card system looked as if it was at least 15-20 years old(had never seen a lock design like it at any other hotel I stayed at anyway).

  8. Anonymous Coward

    Fundamental problem

    Electronic security doors would need to be connected to the system and log all openings, then the software would be in/on a central server and be upgradeable. You would have to log in at the desk whenever you came in or went out, even to use the pool, bar or restaurant.

    It would be very expensive to have to replace door locks every 6 months, when someone electronically hacks them and if the lock prevented staff access and from making up your guests rooms while they were out you might consider a different system.

    What do you want from a lock, peace of mind, impregnability ? Door keys were not that secure either.

  9. Anonymous Coward
    Anonymous Coward

    Well, seeing as every maid, butler and hotel supervisor has a key that will unlock any door in the hotel, I'm not surprised, any 2 year old could have done the same thing.

    1. James Henstridge

      It's not about cloning an existing skeleton key though: it's about converting a regular room key into a skeleton key.

      If the locks use some form of public key cryptography where the key card stores the access granted along with a digital signature covering that access made with a private key. It isn't immediately obvious how you'd change the access permissions on a card without knowing the private key.

      So you're probably looking at a non trivial vulnerability. Maybe they discovered a way to get the lock to accept an unsigned access grant. Maybe they discovered a way to produce hash collisions to reuse the signature from the normal key. Maybe they discovered a buffer overflow vulnerability in the lock's software that turns bad signatures into good ones.

  10. Anonymous Coward
  11. DrM

    Good luck

    Hotels are expected to run around and reprogram each and every door lock by late never-ever.

  12. StuntMisanthrope

    Oceans Deuce Ex Machina.

    Custom hardware, custom code and 12 months. It'll take less time to reprogram all the locks. #perimeter #canibuyanheadvert #nineminutesincludingcassette

  13. StuntMisanthrope

    Go on then, since we're on a downhill roll...

    In certain northern cities, guests steal the mattresses, let alone bolted down TV's. "No, I was on duty and alert all night and didn't see a thing." 7ft" painting straight out of the front door. I could go on ad infinitum. #crimenumbersilvousplait

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like