How Hackers Can Access the Keys to Millions of Hotel Rooms

A hotel room may not be secure just because the door is securely locked. Hackers have mastered a way to open millions of hotel room doors around the world. What's especially troubling is that it only takes one minute for doors to be compromised.

Security researchers unveiled a disturbing technique for unlocking hotel doors at a conference in Miami recently. The process allows hackers to create masters keys that can open any room inside a hotel. It simply requires a Proxmark RFID card-reading tool that costs $300 and an expired key card that has been taken from the trash bin of the hotel being targeted. The Proxmark RFID card reader makes it possible to cycle through all possible codes on a lock. It typically only takes about 20 tries for the correct one to be identified. Hackers can then transfer the master code to a card. This gives hackers the ability to access any room inside a hotel without raising any alarms or breaking down any doors.

The researchers who discovered the vulnerability reported it to lock manufacturer Assa Abloy last year. The company responded by releasing a security update that is available to hotels. However, locks offered by the company are not connected to the Internet. That means that all software upgrades have to be conducted manually by a technician. It is unclear whether all of the hotels affected around the world have actually conducted manual updates on all of their locks. This could leave some guests staying at hotels vulnerable. 4/26/2018