In response to the news that researchers from F-Secure have discovered a flaw in digital hotel keys which could be used to unlock any door in hotel rooms worldwide, Laurie Mercer, Solutions Engineer at HackerOne commented below.
Laurie Mercer, Solutions Engineer at HackerOne:
“Devices such as electronic locks and RFID readers are driven by software. It is easy to introduce vulnerabilities into software. It is much harder to fix bugs once the devices have been installed.
We should accept that software security bugs are inevitable and ensure that methods to discover, remediate and deploy security patches are well defined and well-rehearsed. Organisations should ask themselves how can we find vulnerabilities quickly and economically? How would we develop, test and deploy security fixes securely to remote devices? How can we rehearse this process to minimise the time window between the discovery and patching of a security vulnerability?
Legend has it that the first ever big bounty program targeted the software that runs the Hubble Space Telescope. Image if a bug were found today.”
