This section describes how to view and manage licenses on a Master Key and lists the Master Key Details. >update licenses already deployed in the field >write specific data to the memory of a Sentinel protection key > create licenses and lock them to the Sentinel protection keys that you send to your end users "Most probably Mossad has a capability to do something like this," Tuominen says.Your Sentinel Master key contains the Sentinel LDK license that enables you to: The assassins in that case seemingly used a vulnerability in Vingcard locks to enter their target's room, albeit one that required re-programming the lock. And the F-Secure researchers point to a 2010 assassination of a Palestinian Hamas official in a Dubai hotel, widely believed to have been carried out by the Israeli intelligence agency Mossad. But the American firm LSI, which trains law enforcement agencies in bypassing locks, advertises Vingcard's products among those it promises to teach students to unlock. The F-Secure researchers admit they don't know if their Vinguard attack has occurred in the real world. The system means that beyond creating a master key to open any door in a hotel, they could also spoof specific "floor" and "section" keys that open only a subset of doors in a building-all the better to impersonate the sort of less-powerful keys that hotel housekeeping staff hold, for instance. Though they won't elaborate further, the researchers note that the trick somehow involves a correlation between the location of a door in a hotel and its RFID enciphered code. But he and Tuominen continued to puzzle over the system on-and-off for years, even after Vingcard switched its Vision locks to RFID, analyzing keycards they collected and reverse-engineering a copy of the Vingcard front-desk software they'd obtained.īeyond creating a master key to open any door in a hotel, they could also spoof specific 'floor' and 'section' keys.įinally, they say, they were tipped off to one final method of narrowing down the possible master key codes in Vingcard Vision locks by a clue on the company's Assa Abloy University website for training hotel staff. But by reading the magnetically encoded key values of keycards that had been used in the system and looking for patterns in those numbers, they began to narrow down the possible "key space" of possible codes.Įven so, the number of possible master key codes remained far too large to enable a practical break-in, requiring thousands upon thousands of tries."Even with those implementation mistakes, it looked like the key space would be too big," says Hirvonen. Vingcard's system encodes a unique cryptographic key into each keycard-and another into every hotel's master keys-that are all designed to be unguessable. That revelation led to a cross-country burglary spree that hit as many as a hundred hotel rooms.īut the two Finns say they spotted what they believed might be weaknesses in Vingcard's code system as soon as they examined it in 2003, at a time when the system used mag-stripe technology rather than touch-less radio frequency or RFID. Six years ago, by contrast, a security researcher published the code necessary to exploit a glaring vulnerability in widely used Onity keycard locks on the web. Tuominen and Hirvonen say they're not releasing all the details of the vulnerabilities in Vingcard's locks for fear of helping burglars or spies break into rooms. Tuominen and Hirvonen say that they've collected more than a thousand hotel keycards from their friends over the last 10 years, and found that roughly 30 percent were Vingcard Vision locks that would have been vulnerable to their attack. They note, though, that the total number is tough to measure, since they can't closely track how many of the older locks have been replaced. When WIRED reached out to Assa Abloy, however, the company put the total number of vulnerable locks somewhat lower, between 500,000 and a million. But they estimate that it nonetheless affects 140,000 hotels in more than 160 countries around the world the researchers say that Vingcard's Swedish parent company, Assa Abloy, admitted to them that the problem affects millions of locks in total. The two researchers say that their attack works only on Vingcard's previous-generation Vision locks, not the company's newer Visionline product. 'There's a good chance that not all the hotels have fixed this.'
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |