42
votes
Hackers found a way to open any of three million hotel keycard locks in seconds
Link information
This data is scraped automatically and may be incorrect.
- Authors
- Andy Greenberg, Andrew Couts, Steven Levy, Amit Katwala, Nena Farrell, Dhruv Mehrotra, Reece Rogers, Eric Geller, Aarian Marshall
- Published
- Mar 21 2024
- Word count
- 638 words
Kudos to the researchers for working with the manufacturer to ensure a fix could be developed and deployed to many locations before publishing.
This is generally expected in the industry, especially if you’re the kind of person going to black hat. The goal is to find vulnerabilities so they can be fixed, not cause mass chaos.
If the maker of the device refuses to respond you still go public in stages. Basically “hey we have this compromise and they don’t care. We will be releasing it in one year so you have time to fix this. “ sort of thing.
I understand, I was in software development for 15 years. I'm sure the disclosure timelines were agreed upon before they were invited to hack on the gear. My original point stands, however; kudos for going white hat versus doing this the less-than-legal way.
Mirror, for those hit by the paywall:
https://archive.is/PypxP
At the 2019 Defcon, I heard so many people who were saying at Linq complaining that their rooms had been broken into. I think this got lost in the shuffle because of the room searches Caesar's had been been doing.