Get the latest market trends in your inbox

Stay on top of the latest market trends and economic insights with the Axios Markets newsletter. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Minneapolis-St. Paul

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa-St. Petersburg news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa-St. Petersburg

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

F-Secure researchers unlock a hotel door using their device in a YouTube video. Screengrab: YouTube

Tomi Tuominen and Timo Hirvonen, both researchers at cybersecurity firm F-Secure, have discovered a security flaw in the most popular manufacturer line of digital hotel locks.

Why it matters: Though they've worked with the manufacturers on a patch that has already been released, it is likely that not all the doors have been patched yet as 40 thousand hotels use the locks. The duo noted to Axios that manufacturer Assa Abloy's locks were very secure and the company was attentive to the problem. This is a prime example of a company doing everything right and still having vulnerabilities because no product is 100% secure.

F-secure researchers demonstrate their hotel door hacking device.

The details: "It started at a hacker conference in Berlin in 2003," said Tuominen. "We came back to our room and found that our friends laptop had been stolen. But the locks didn't show any signs of being broken into. The hotel didn't take us seriously because, I think, they thought we were hippies in black t-shirts."

  • Thus started a near 15-year side project where the duo researched how they could hack the locks. It took until last year to have a major breakthrough to digitally break the locks, during which time they learned "it's actually much easier to break the lock with a wire hanger."

How it works: They began by taking any key from a target hotel, even an expired one. That key gives them location specific information to be used in the attack.

  • The keys cards are embedded with one of an innumerable amount of potential passwords — too many to fire off possible passwords at a door until it opens. But Tuominen and Hirvonen figured out how to reduce the possible set of passwords for the master key to a set small enough for a device try all of them in just a few minutes.
  • Once the device discovers the master key, it works on any door.

The remediation: Assa Abloy worked with the researchers to release a patch for the doors earlier this year. They also discovered and helped patch a glitch that gave them access to the key database with access to certain business systems on a hotel network.

  • The patch requires each door to be updated individually, which could have slowed the patching process at some hotels. Tuominen and Hirvonen created an Android app that will test keys to see if doors have been patched.
  • They will present their project at the Infiltrate conference this week, but are leaving out key details to ensure that attackers don't victimize hotels that haven't fixed the issue yet.

Go deeper

Broncos and 49ers the latest NFL teams impacted by coronavirus crisis

From left, Denver Broncos quarterbacks Drew Lock, Brett Rypien and Jeff Driskel during an August training session at UCHealth Training Center in Englewood, Colorado. Photo: Justin Edmonds/Getty Images

The COVID-19 pandemic has thrown the NFL season into chaos, with the Denver Broncos' quarterbacks sidelined, the San Francisco 49ers left without a home or practice ground and much of the Baltimore Ravens team unavailable, per AP.

Driving the news: The Broncos confirmed in a statement Saturday night that quarterbacks Drew Lock, Brett Rypien and Blake Bortles were identified as "high-risk COVID-19 close contacts" and will follow the NFL's mandatory five-day quarantine, making them ineligible for Sunday's game against New Orleans.

Updated 5 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Health: WHO: AstraZeneca vaccine must be evaluated on "more than a press release."
  2. Politics: McConnell temporarily halts in-person lunches for GOP caucus.
  3. Economy: Safety nets to disappear in DecemberAmazon hires 1,400 workers a day throughout pandemic.
  4. Education: U.S. public school enrollment drops as pandemic persists.
  5. Cities: Surge in cases forces San Francisco to impose curfew — Los Angeles County issues stay-at-home order, limits gatherings.
  6. Sports: NFL bans in-person team activities Monday, Tuesday due to COVID-19 surge — NBA announces new coronavirus protocols.
  7. World: London police arrest more than 150 during anti-lockdown protests — Thailand, Philippines sign deal with AstraZeneca for vaccine.

Tony Hsieh, longtime Zappos CEO, dies at 46

Tony Hsieh. Photo: FilmMagic/FilmMagic

Tony Hsieh, the longtime ex-chief executive of Zappos, died on Friday after being injured in a house fire, his lawyer told the Las Vegas Review-Journal. He was 46.

The big picture: Hsieh was known for his unique approach to management, and following the 2008 recession his ongoing investment and efforts to revitalize the downtown Las Vegas area.