WHEN a hacker gets hacked, hackers hack back. That is exactly what an attendee at a hacking conference in Berlin in 2003 did when the keycard-operated lock of his hotel room got hacked. On returning to his hotel room, he found that his laptop had been stolen, but there was no evidence of forced entry. So how did the thief get into the room? Two of his colleagues spent more than a decade trying to answer that question. Now they have succeeded—and in the process they have exposed a security vulnerability that leaves millions of hotel rooms susceptible to theft.
Tomi Tuominen and Timo Hirvonen of F-Secure, a cyber-security firm, devised a hack that they say allows them to create a master key that mimics the guest keycards produced by VingSecure, a manufacturer of hotel locks. According to F-Secure, the affected software is used in more than 40,000 hotel…Continue reading