Much prefer the original track that Pitbull sampled. MK's dub of Nightcrawlers - Push the feeling on.
Hotel, motel, Holiday Inn? Doesn't matter – they may need to update their room key software
Infosec outfit F-Secure has uncovered security vulnerabilities in hotel keycard systems that can be exploited by miscreants to break into rooms across the globe. Exploitable flaws were discovered in lock system software Vision by VingCard, which F-Secure said is used to secure millions of hotel rooms worldwide. Their findings …
COMMENTS
-
-
Friday 27th April 2018 20:53 GMT Michael Wojcik
Re: Stayed at an overpriced Hotel recently and had a WTF moment:
Got back to find the door lock on the room had completely failed. You could just open it as if there was no lock there. Reason: low batteries...
There are two possible failure modes for this case, and neither is ideal.
The lock can fail to an unlocked state, which defeats it as a security measure. Or it can fail to a locked state, which could prevent an emergency responder from gaining access, or a parent from returning to a room with children in it, and so on.
You can debate the relative merits, but it's not clear that one is necessarily the better choice.
-
-
Wednesday 25th April 2018 20:50 GMT Anonymous Coward
The researchers' interest in hacking hotel locks was sparked a decade ago when a colleague's laptop was stolen from a hotel room during a security conference......When the theft was reported, hotel staff dismissed their complaint given that there was not a single sign of forced entry, and no evidence of unauthorized access in the room entry logs.....They then decided to investigate the issue further, and chose to target a brand of lock known for quality and security. Their probing of the technology took several thousand hours on an on-and-off basis, and involved considerable trial and error.
Yes, but after all this, did the hotel admit it was possible someone else could have taken it?
-
Wednesday 25th April 2018 21:07 GMT Nate Amsden
perhaps no fix coming
If the vendor no longer develops the software, seems likely the fix would be to upgrade the system, I find it unlikely most hotels would be willing to spend the $$ to upgrade so many systems for such a vulnerability, unless it starting being widely exploited.
The article is not clear but I think the good news may be that the vulnerability only affects systems that use NFC-like technology to authenticate the lock and not systems that use mag stripes(which I've read have their own issues).
In my hotel traveling experience in recent years maybe I can count on one hand the number of hotels I've stayed at that wireless key cards, one hotel in particular I stay at regularly upgraded to wireless key cards, their previous key card system looked as if it was at least 15-20 years old(had never seen a lock design like it at any other hotel I stayed at anyway).
-
Wednesday 25th April 2018 22:15 GMT Anonymous Coward
Fundamental problem
Electronic security doors would need to be connected to the system and log all openings, then the software would be in/on a central server and be upgradeable. You would have to log in at the desk whenever you came in or went out, even to use the pool, bar or restaurant.
It would be very expensive to have to replace door locks every 6 months, when someone electronically hacks them and if the lock prevented staff access and from making up your guests rooms while they were out you might consider a different system.
What do you want from a lock, peace of mind, impregnability ? Door keys were not that secure either.
-
-
Thursday 26th April 2018 04:37 GMT James Henstridge
It's not about cloning an existing skeleton key though: it's about converting a regular room key into a skeleton key.
If the locks use some form of public key cryptography where the key card stores the access granted along with a digital signature covering that access made with a private key. It isn't immediately obvious how you'd change the access permissions on a card without knowing the private key.
So you're probably looking at a non trivial vulnerability. Maybe they discovered a way to get the lock to accept an unsigned access grant. Maybe they discovered a way to produce hash collisions to reuse the signature from the normal key. Maybe they discovered a buffer overflow vulnerability in the lock's software that turns bad signatures into good ones.
-
-
-
Thursday 26th April 2018 12:58 GMT StuntMisanthrope
Go on then, since we're on a downhill roll...
In certain northern cities, guests steal the mattresses, let alone bolted down TV's. "No, I was on duty and alert all night and didn't see a thing." 7ft" painting straight out of the front door. I could go on ad infinitum. #crimenumbersilvousplait