Almost everyone is familiar with the key cards that most of the hotels provide these days to their guests for unlocking the doors of the rooms. One of the benefits of using a key card is that it is programmable. It means that if any guest loses his/her key card or damages it; it can be replaced easily. These rectangular plastic cards are also interchangeable. However, like all good things this technology, too, has a downside to it.
Cybercriminals can hack it and that’s exactly what some hackers have just demonstrated. According to Timo Hirvonen and Tomi Tuominen of F-Secure, the organization has recently found out that VingCard’s software of the electronic keys has a major error. VingCard is one of the largest providers of the hotels’ key cards and its locking systems. The said flaw in the firm’s software essentially allows the cybercriminals to develop a master key, which is capable of unlocking all the doors of the whole building in just about minutes. All the hackers would need for that is a regular key card of the hotel. It can even be expired and the job will be done.
“It can be your own room key, a cleaning staff key, even to the garage or workout facility. We can even do it in an elevator if you have your key in your front pocket; we can just clone it from there,” Tuominen told Gizmodo.
According to the Finnish cybersecurity and privacy company F-Secure, this flaw is capable of affecting millions of hotel doors, as VingCard’s technology is available across 166 nations in the world and in more than 40,000 buildings.
However, there is a good news though. F-Secure has decided that they will keep their findings and reports a secret, so that; harmful hackers don’t get to exploit them. They have also started interacting with VingCard and showed them how the breach is happening using one single key card. Both the organizations are now working on the development of a solution that will be able to successfully fix the error.