Well That's Comforting: Hackers Make $300 Tool That Can Open Almost Any Hotel Electronic Lock

April 25, 2018


In security news, apparently almost all electronic hotel door locks are easily hackable. See? I told you honey -- so THAT'S how all those $10.99 adult pay-per-views got charged to the room. "Mhmm." Didn't you say you were going to go do some shopping?

The Vingcard Vision locks are RFID-based hotel locks; at this week's Infiltrate conference in Miami, Tomi Tuominen and Timo Hirvonen from F-Secure will present a method for combining a $300 Proxmark RFID tool with any discarded key from a given hotel to derive the master keys that allow them to unlock every room in the hotel, a process that takes less than 60 seconds.

The researchers are exploiting longstanding defects in the Vingcard cryptographic implementations, defects that are even present on the magstripe-based Vingcard keys that predate the RFID keys (Vingcard has a new version that fixes the crypto, but there is a large base of legacy keycards in hotels all over the world).

It's estimated the tool could be used to open any of the electronic lock systems used in some 160,000 hotels in 160 countries. That...sounds like a serious security risk. Maybe not as serious as a security risk as me in a ninja suit with a pocketful of throwing stars, but *throwing smoke bomb* I'm one with the wind. "I can see you behind the room service cart." In all black? This isn't me.

Keep going for a video.

Thanks to Greencycle, who agrees the real issue is why hotel room outlets never have enough juice to charge my phone. I'm mad about it!

Previous Post
Next Post