One of the upsides to hotels using key cards is that they are programmable. This means that in the event a guest loses a key card or if the card is damaged, it is easily replaceable. They are also interchangeable which means that any card can be programmed for any room. The downside? They are hackable.
This is what hackers have recently demonstrated where according to F-Secure’s Tomi Tuominen and Timo Hirvonen, they have discovered a critical flaw in the software of electronic keys produced by VingCard, who is a major provider of hotel locking systems. With this flaw, it allows hackers to create a master key for the entire building within minutes, and all they need is a regular hotel key card which can even be expired.
Speaking to Gizmodo, Tuominen said, “It can be your own room key, a cleaning staff key, even to the garage or workout facility. We can even do it in an elevator if you have your key in your front pocket; we can just clone it from there.” By F-Secure’s estimates of how widely used VingCard’s systems are, it could affect millions of doors as they are available in 166 countries and in over 40,000 buildings.
The good news is that F-Secure has opted to keep their findings a secret so that malicious hackers won’t be able to exploit it. They have also gotten in touch with the company and demonstrated the hack and are working with them to develop a solution that will patch the flaw.