Reply to post:

Hotel, motel, Holiday Inn? Doesn't matter – they may need to update their room key software

James Henstridge

It's not about cloning an existing skeleton key though: it's about converting a regular room key into a skeleton key.

If the locks use some form of public key cryptography where the key card stores the access granted along with a digital signature covering that access made with a private key. It isn't immediately obvious how you'd change the access permissions on a card without knowing the private key.

So you're probably looking at a non trivial vulnerability. Maybe they discovered a way to get the lock to accept an unsigned access grant. Maybe they discovered a way to produce hash collisions to reuse the signature from the normal key. Maybe they discovered a buffer overflow vulnerability in the lock's software that turns bad signatures into good ones.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022