Researchers say flaws they found in the equipment’s software meant they could create “master keys” that opened the rooms without leaving an activity log.
The F-Secure team said it had worked with the locks’ maker over the past year to create a fix.
The researchers’ attack involves using any ordinary electronic key to the target facility – even one that’s long expired, discarded, or used to access spaces such as a garage or closet. Using information on the key, the researchers are able to create a master key with privileges to open any room in the building. The attack can be performed without being noticed.
https://press.f-secure.com/2018/04/25/f-secure-researchers-master-keys-to-hotels-can-be-created-out-of-thin-air/
