[GavinB]

I'm sure the work that F-Secure did was very technically impressive, but I don't think this demonstrates that "these electronic locks may not be very secure" as the article states.

I'd imagine that there are very few commercial technologies that couldn't be hacked if you can get research on a working copy and throw "several thousand total man hours" of highly qualified researchers at it, including building a custom device. And the hack has already been patched!

And then the end payout is that you can get into hotel rooms, which are regularly accessed by low-paid hotel employees and generally considered not a secure place to leave valuables—there's a reason for the safes in the closet of every hotel room.

[maxerickson]

The top level sketch is bad. They are able to go from a low privilege card to a master key. Preventing that is a pretty obvious design criteria for any multikey lock system.

[mschuster91]

> there's a reason for the safes.

... which all have backdoors by neccessity.

[GavinB]

Yep! My only point was that it apparently took a ton of work to find a way to hack into a place which is already considered fairly insecure. Basically I don't think there's any reason to panic or be surprised by this story, or for Assa Abloy to be terribly embarrassed.

With the equivalent of a budget of several hundred thousand dollars and custom hardware, any commercially available equipment can probably be hacked.