A pair of researchers at F-Secure, Timo Hirvonen and Tomi Tuominen, has reported to the press that they have found a way to hack some older RFID-based hotel room key locks. They are also planning to give a presentation outlining their findings at this year's Infiltrate conference.
The locks are those made by a company called VingCard. The researchers told the press that they began searching for a way to hack the locks when a friend's laptop was stolen from a hotel room by a thief that left behind no evidence of entry. The technique the two developed has taken over a decade to develop, they note. The result is a hardware/software system that is able to clone a master key using a discarded room key, even if it has been disabled. The system consists of a Proxmark RFID card reader/writer and software the pair created themselves. It works only with locks programmed using Vision Software, which was written by engineers at VingCard.
Hirvonen and Tuominen acknowledge that their hack is a bit dated—the software for the locks was written over 20 years ago. Most hotels have moved on to newer technology, they note, but there are still some hotels using the older lock system. They report that they advised Assa Abloy, the company that bought out VingCard, of their findings. Assa Abloy reacted by developing a way to prevent the hack and sent it to all relevant clients. They also published a press release of their own suggesting that the hack devised by F-Secure was not much of a threat because they system was so old. Also, F-Secure has promised to keep important details of the hack to themselves.
Hirvonen and Tuominen noted that in addition to gaining master key privileges, their hacking system allowed them to unlock other parts of a hotel security system, as well, such as a garage, or a VIP elevator. They did not offer any information, however, regarding whether their findings might be pertinent to other types of RFID-based systems.