Open Sesame: Hotel Rooms at Risk of Serious Room Key Hack

By on

No one is a big fan of intruders, let alone being disturbed while you’re on vacation. This is a potential reality for some travelers, as it was just discovered this week that hotel guests could possibly have unwanted visitors to their room. This is all due to a design flaw in the software of electronic keys produced by Assa Abloy, formerly VingCard, that has left millions of hotel rooms worldwide vulnerable to hackers. The vulnerability could allow criminals to create master keys and open any door in the affected hotels.

First discovered by security researchers, this “master key” hack only needs a single hotel room key in order to exploit the flaw. After obtaining a key, hackers can use an RFID reader to try several key combinations to decode the card. A handful of combinations later (around 20 or so), crooks can determine the code and create a master key for the hotel. From there, the hacker can access any room his or her heart so desires. Specifically, they could potentially access hotel rooms in 166 countries and 40,000 locations.

As of now, it is unknown if anyone has actually exploited the threat. But researchers are in collaborating with Assa Abloy to address the problem. So what can you do to help ensure you’re protected from these faulty electronic locks? Start by following these tips:

  • Be selective about where you stay. Until this fix is implemented, it’s important globe-trotters get selective with their lodging. That starts by doing some basic research online – read up on what hotels use Assa Abloy and if you can’t find the information, feel free to call the hotel and ask about their digital lock security.
  • Lock away valuables, especially your devices. Unfortunately, hotel room break-ins are nothing new, they’ve just only become digitized recently. Fortunately, many hotels provide safes for that very reason. So make use of them, and store away your valuables (especially any computers or mobile phones) in order to keep them out of the wrong hands.
  • Use comprehensive security. No matter the type of hack, it’s always important to safeguard the keys (both physical and digital) to your life. One key you can always carry: comprehensive digital security. From mobile phones to laptop computers – lock down all your devices with McAfee Total Protection.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

Categories: Consumer Threat Notices
Tags: ,

Leave a Comment

Similar articles

While you might have been preoccupied with ghosts and goblins on Halloween night, a different kind of spook began haunting Google Chrome browsers. On October 31st, Google Chrome engineers issued an urgent announcement for the browser across platforms due to two zero-day security vulnerabilities, one of which is being actively exploited in the wild (CVE-2019-13720). ...
Read Blog
Cybercriminals seem to get more and more sophisticated with their attacks, and phishing scams are no different. The McAfee Labs team has observed a new phishing campaign using a fake voicemail message to trick victims into giving up their Office 365 email credentials. During the investigation, the team has found three different phishing kits being ...
Read Blog