Just How Safe Is Your Hotel Room Lock?

The days of big brass keys to unlock your hotel door are well and truly over, and plastic electronic access cards are the norm. But how safe are these systems from hackers?

A Finnish security firm has found that the doors on major hotel chains can be hacked and the electronic lock system exploited to make a master key to access every door in a hotel. Researchers at F-Secure were able to simulate a hack on the keycard system taking the information from an old discarded key and creating a master version that could open any door.

“You can imagine what a malicious person could do with the power to enter any hotel room, with a master key created basically out of thin air,” Tomi Tuominen, practice leader at F-Secure, said.

The potential security flaw has been outlined on the company’s website, but the research goes back to 2003. Tuominen was attending a conference in Berlin when a friend’s laptop was stolen from his hotel room.

Hotel rooms are usually filled with expensive things to steal

“We wanted to find out if it’s possible to bypass the electronic lock without leaving a trace,” Timo Hirvonen, senior security consultant at F-Secure, said in a statement. “Building a secure access control system is very difficult because there are so many things you need to get right. Only after we thoroughly understood how it was designed were we able to identify seemingly innocuous shortcomings. We creatively combined these shortcomings to come up with a method for creating master keys.”

The design flaws exist in the Vision by VingCard software that is used with the lock system. This software is deployed for millions of hotel rooms worldwide, and the research has led to the world’s largest lock manufacturer, Assa Abloy, to issue software updates to mitigate the issue. Major hotel chains like Sheraton, Radisson, and Hyatt use Assa Abloy locking systems.

It’s a common sight in the movies to see someone hacking into a hotel room door using a clunky piece of hardware and a few red lights gradually turning to green, but the flaw found by F-Secure was potentially much more dangerous. Hackers would be able to use a card that had long expired or been discarded to get the necessary information to program the master key, and using that key would leave absolutely no trace or record behind.

Since you are here, we would like to share our vision for the future of travel - and the direction Culture Trip is moving in.

Culture Trip launched in 2011 with a simple yet passionate mission: to inspire people to go beyond their boundaries and experience what makes a place, its people and its culture special and meaningful — and this is still in our DNA today. We are proud that, for more than a decade, millions like you have trusted our award-winning recommendations by people who deeply understand what makes certain places and communities so special.

Increasingly we believe the world needs more meaningful, real-life connections between curious travellers keen to explore the world in a more responsible way. That is why we have intensively curated a collection of premium small-group trips as an invitation to meet and connect with new, like-minded people for once-in-a-lifetime experiences in three categories: Culture Trips, Rail Trips and Private Trips. Our Trips are suitable for both solo travelers, couples and friends who want to explore the world together.

Culture Trips are deeply immersive 5 to 16 days itineraries, that combine authentic local experiences, exciting activities and 4-5* accommodation to look forward to at the end of each day. Our Rail Trips are our most planet-friendly itineraries that invite you to take the scenic route, relax whilst getting under the skin of a destination. Our Private Trips are fully tailored itineraries, curated by our Travel Experts specifically for you, your friends or your family.

We know that many of you worry about the environmental impact of travel and are looking for ways of expanding horizons in ways that do minimal harm - and may even bring benefits. We are committed to go as far as possible in curating our trips with care for the planet. That is why all of our trips are flightless in destination, fully carbon offset - and we have ambitious plans to be net zero in the very near future.