Hotel room master key ‘created out of thin air’

Hotels with electronic lock systems are at risk after it emerged that a master key can be created ‘out of thin air’.

Researchers from F-Secure have uncovered design flaws in lock system software that is used to secure millions of hotel rooms worldwide.

Using information on an ordinary electronic key, the team created a master key with privileges to open any room in the building.

Attacks can be performed without being noticed and it doesn’t matter if the key has expired, been discarded or used to access spaces such as a garage or closet.

Assa Abloy - the world’s largest lock manufacturer - has since issued software updates with security fixes to fix the issue.

A spokesperson for F-Secure Cyber Security Services doesn’t believe anyone has exploited the flaw in the wild but commented: “You can imagine what a malicious person could do with the power to enter any hotel room, with a master key created basically out of thin air.”

The company went on to stress the difficulty in building a secure access control system.

“Only after we thoroughly understood how [access systems were] designed were we able to identify seemingly innocuous shortcomings. We creatively combined these shortcomings to come up with a method for creating master keys,” the spokesperson added.