Sign up for our daily briefing

Make your busy days simpler with the Axios AM and PM newsletters. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on the day's biggest business stories

Subscribe to the Axios Closer newsletter for insights into the day’s business news and trends and why they matter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sign up for Axios Pro Rata

Dive into the world of dealmakers across VC, PE and M&A with Axios Pro Rata. Delivered daily to your inbox by Dan Primack and Kia Kokalitcheva.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sports news worthy of your time

Binge on the stats and stories that drive the sports world with the Axios Sports newsletter. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tech news worthy of your time

Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Get the inside stories

Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Denver news?

Get a daily digest of the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Des Moines news?

Get a daily digest of the most important stories affecting your hometown with the Axios Des Moines newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Twin Cities news?

Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Tampa Bay news?

Get a daily digest of the most important stories affecting your hometown with the Axios Tampa Bay newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Charlotte news?

Get a daily digest of the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Nashville news?

Get a daily digest of the most important stories affecting your hometown with the Axios Nashville newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Columbus news?

Get a daily digest of the most important stories affecting your hometown with the Axios Columbus newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Dallas news?

Get a daily digest of the most important stories affecting your hometown with the Axios Dallas newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Austin news?

Get a daily digest of the most important stories affecting your hometown with the Axios Austin newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Atlanta news?

Get a daily digest of the most important stories affecting your hometown with the Axios Atlanta newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Philadelphia news?

Get a daily digest of the most important stories affecting your hometown with the Axios Philadelphia newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Chicago news?

Get a daily digest of the most important stories affecting your hometown with the Axios Chicago newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sign up for Axios NW Arkansas

Stay up-to-date on the most important and interesting stories affecting NW Arkansas, authored by local reporters

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top DC news?

Get a daily digest of the most important stories affecting your hometown with the Axios DC newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

F-Secure researchers unlock a hotel door using their device in a YouTube video. Screengrab: YouTube

Tomi Tuominen and Timo Hirvonen, both researchers at cybersecurity firm F-Secure, have discovered a security flaw in the most popular manufacturer line of digital hotel locks.

Why it matters: Though they've worked with the manufacturers on a patch that has already been released, it is likely that not all the doors have been patched yet as 40 thousand hotels use the locks. The duo noted to Axios that manufacturer Assa Abloy's locks were very secure and the company was attentive to the problem. This is a prime example of a company doing everything right and still having vulnerabilities because no product is 100% secure.

F-secure researchers demonstrate their hotel door hacking device.

The details: "It started at a hacker conference in Berlin in 2003," said Tuominen. "We came back to our room and found that our friends laptop had been stolen. But the locks didn't show any signs of being broken into. The hotel didn't take us seriously because, I think, they thought we were hippies in black t-shirts."

  • Thus started a near 15-year side project where the duo researched how they could hack the locks. It took until last year to have a major breakthrough to digitally break the locks, during which time they learned "it's actually much easier to break the lock with a wire hanger."

How it works: They began by taking any key from a target hotel, even an expired one. That key gives them location specific information to be used in the attack.

  • The keys cards are embedded with one of an innumerable amount of potential passwords — too many to fire off possible passwords at a door until it opens. But Tuominen and Hirvonen figured out how to reduce the possible set of passwords for the master key to a set small enough for a device try all of them in just a few minutes.
  • Once the device discovers the master key, it works on any door.

The remediation: Assa Abloy worked with the researchers to release a patch for the doors earlier this year. They also discovered and helped patch a glitch that gave them access to the key database with access to certain business systems on a hotel network.

  • The patch requires each door to be updated individually, which could have slowed the patching process at some hotels. Tuominen and Hirvonen created an Android app that will test keys to see if doors have been patched.
  • They will present their project at the Infiltrate conference this week, but are leaving out key details to ensure that attackers don't victimize hotels that haven't fixed the issue yet.

Go deeper

Updated 1 hour ago - Politics & Policy

Political consultants pocket taxpayer cash

Illustration: Shoshana Gordon/Axios

Members of Congress are turning to the same political consultants who got them elected to blast out taxpayer-funded communications from their government offices, records show.

Why it matters: While those members are barred from politicking with official funds, the firms have expertise in boosting elected officials' images for political gain and are in high demand for both campaign and government work.

Updated 2 hours ago - Politics & Policy

Omicron dashboard

Illustration: Brendan Lynch/Axios

  1. Health: Transplants rebound from COVID lull
  2. Vaccines: WHO: No evidence that healthy children, teens need boosters — Kids' COVID vaccination rates are particularly low in rural America
  3. Politics: Government website for free COVID tests launches early
  4. World: Greece imposes vaccine mandate for people 60 and older
  5. Variant tracker
2 hours ago - Politics & Policy

Schumer pushes for doomed filibuster changes

Senate Majority Leader Chuck Schumer addresses reporters Tuesday. Photo: Bill Clark/CQ-Roll Call via Getty Images

Senate Majority Leader Chuck Schumer told the Democratic caucus Tuesday night he plans to propose instituting a one-time "talking" filibuster requirement, and bypassing the 60-vote threshold for major legislation, to pass the party's election reforms package via simple majority.

Why it matters: While Schumer acknowledged both votes are expected to fail — and some vulnerable Democrats up for re-election feel it will put them in a tough spot — he argued it's worth putting members on the record for historic legislation.