Finnish security researchers Tomi Tuominen and Timo Hirvonen can clone many master hotel keys very quickly using their clever cryptography, an expired keycard from the hotel trash, and a $300 Proxmark RFID card reading and writing device. It takes them about one minute to create a master hotel key. Video demo below. From Wired:
The two researchers say that their attack works only on Vingcard's previous-generation Vision locks, not the company's newer Visionline product. But they estimate that it nonetheless affects 140,000 hotels in more than 160 countries around the world; the researchers say that Vingcard's Swedish parent company, Assa Abloy, admitted to them that the problem affects millions of locks in total. When WIRED reached out to Assa Abloy, however, the company put the total number of vulnerable locks somewhat lower, between 500,000 and a million. They note, though, that the total number is tough to measure, since they can't closely track how many of the older locks have been replaced. Tuominen and Hirvonen say that they've collected more than a thousand hotel keycards from their friends over the last 10 years, and found that roughly 30 percent were Vingcard Vision locks that would have been vulnerable to their attack.
Tuominen and Hirvonen quietly alerted Assa Abloy to their findings a year ago, and the company responded in February with a software security update that has since been available on its website. But since Vingcard's locks don't have internet connections, that software has to be installed manually by a technician, lock by lock. "There's a good chance that not all the hotels have fixed this," Tuominen says.