Security

Hackers Can Now Break Into Your Hotel Room

There’s a new scary threat that hackers have developed which allows them to can break into your hotel room. Cybercriminals engineered a ‘Master Key’ that exploits a vulnerability in hotel keys with an RFID or magstripe. The vulnerability can gather the digital information of a key and this discovery has hotel chains understandably worried.

There are only a few reports of hotels receiving complaints about a small subset of criminals entering rooms and taking personal items through this technology, but the vulnerabilities in keycard technology suggest it’s only a matter of time before these crimes go mainstream.

How the Master Key Works and is Built
To get a master key to access a room, hackers book a hotel room and copy the data on an electronic keycard, which then gives them access to any room. In some cases, they don’t even need a keycard because the process can be done remotely by standing close to a hotel guest or a hotel employee. The ‘Master Key’ can be unlocked through a design flaw that’s common in most electronic lock systems.

Hackers then buy a portable programmer for a few hundred dollars to overwrite the key and create a master key within minutes. Once this is accomplished, the cybercriminals generally target travelers who store their laptops, passports, and cash in hotel rooms.

How the Key Opens Doors
This device, which is an RFID reader and writer, is simply held close to a door lock. The Master Key will run different key combinations within a hotel’s electronic database in less than a minute, cracking the master key combination to a particular room and unlocking the door. This can be done with a custom-tailored device or by writing the master key back to a hacker’s keycard.

A Temporary Fix
Being alerted to this flaw, Assa Abloy, the company who manufactures the portable programmer issued a software fix to keep hotel guests and their personal items safe. The company recommends that hotels worldwide update their keycard software to ensure these cyber attacks don’t occur in their facilities since new vulnerabilities can show up over time.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.