Security flaw could allow hackers to create hotel master keys

Hotel lock

Most hotel chains these days rely on some sort of electronic key card mechanism rather than more traditional locks.

Researchers at F-Secure have found that hotels worldwide are using an electronic lock system with a flaw that could be exploited by an attacker to gain access to any room in the building.

The attack involves using any ordinary electronic key to the target facility -- even one that's long expired, discarded, or used to access spaces such as a garage or closet. Using information on the key, the researchers are able to create a master key with privileges to open any room in the building. What's more the attack can be performed without being noticed, leaving no sign of entry.

"You can imagine what a malicious person could do with the power to enter any hotel room, with a master key created basically out of thin air," says Tomi Tuominen, practice leader at F-Secure Cyber Security Services. "We don't know of anyone else performing this particular attack in the wild right now."

F-Secure notified Assa Abloy -- the lock manufacturer -- of the findings and has collaborated with the firm over the past year to implement software fixes. Updates have been made available to affected properties.

"I would like to personally thank the Assa Abloy R&D team for their excellent cooperation in rectifying these issues," says Tuominen. "Because of their diligence and willingness to address the problems identified by our research, the hospitality world is now a safer place. We urge any establishment using this software to apply the update as soon as possible."

There's a video of the hack in action below.

Image credit: F-Secure

One Response to Security flaw could allow hackers to create hotel master keys

Why Trust Us



At BetaNews.com, we don't just report the news: We live it. Our team of tech-savvy writers is dedicated to bringing you breaking news, in-depth analysis, and trustworthy reviews across the digital landscape.

BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.

Regional iGaming Content

© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.