Well That's Comforting: Hackers Make $300 Tool That Can Open Almost Any Hotel Electronic Lock

April 25, 2018


In security news, apparently almost all electronic hotel door locks are easily hackable. See? I told you honey -- so THAT'S how all those $10.99 adult pay-per-views got charged to the room. "Mhmm." Didn't you say you were going to go do some shopping?

The Vingcard Vision locks are RFID-based hotel locks; at this week's Infiltrate conference in Miami, Tomi Tuominen and Timo Hirvonen from F-Secure will present a method for combining a $300 Proxmark RFID tool with any discarded key from a given hotel to derive the master keys that allow them to unlock every room in the hotel, a process that takes less than 60 seconds.

The researchers are exploiting longstanding defects in the Vingcard cryptographic implementations, defects that are even present on the magstripe-based Vingcard keys that predate the RFID keys (Vingcard has a new version that fixes the crypto, but there is a large base of legacy keycards in hotels all over the world).

It's estimated the tool could be used to open any of the electronic lock systems used in some 160,000 hotels in 160 countries. That...sounds like a serious security risk. Maybe not as serious as a security risk as me in a ninja suit with a pocketful of throwing stars, but *throwing smoke bomb* I'm one with the wind. "I can see you behind the room service cart." In all black? This isn't me.

Keep going for a video.

Thanks to Greencycle, who agrees the real issue is why hotel room outlets never have enough juice to charge my phone. I'm mad about it!

  • GeneralDisorder

    I always assumed that RFID was hackable. Encryption may be hard to break but as computers get better breaking encryption gets faster.

  • Fartbutt

    What a creep. Although, handy if you ever wanted to plan a romantic rooftop dinner with your bros

  • Nicholas Conrad

    Can I just buy one to use on my own rooms? Those dumb cards don't work half the time anyway.

  • GeneralDisorder

    If it works on any lock it'll work on your own.

  • FearlessFarris

    This is why I always put a bear trap behind my hotel door. And use the security chain latch.

  • Jenness

    You and me both

  • Big Dog on Krampus

    finally, now we can get a better shot of Erin Andrews

  • qcp

    I'd be more worried about maids stealing stuff at a hotel than random 'hackers.'

blog comments powered by Disqus
Previous Post
Next Post