Security company F-Secure has found a way to open Hotel locks from VingCard Vision. The researchers worked for years on the exploit. They do not disclose details to prevent burglaries.
Parent company Assa Abloy has released a patch for VingCard Vision that the hotel must implement to protect itself against the attack, says F-Secure . Hotels with the newer Visionline system are not vulnerable, reports Wired . It is unknown how many hotels are now vulnerable. It would be a minimum of 500,000 hotels, but the number can also run into the millions. The key system is in use worldwide.
The attack works with a Proxmark and software made by F-Secure. With reverse engineering, the researchers have found a method to limit the number of possible masterkeys when they have access to a pass that has ever been used at a hotel. The Proxmark can then attempt to try the master key at a door with lock in the hotel. That often works within twenty attempts.
In addition, it turned out to be possible with a bug in the software for Vision locks to read the database with current guests. It also turned out to be possible to add guests, edit data and delete data.
F-Secure has been busy locating the exploit since 2003, after a laptop of an employee mysteriously disappeared from a hotel room. The security company told Assa Abloy about the leak a year ago.
This post first appeared on Need Help Ask Us Now Most Important Technology New, please read the originial post: here